I can't get out to a specific website

Integrated Active Directory DNS 2003

We have a specific website we can't access from our internal network, but it can be accessed from outside of our network. It's not a web filter issue, it's a dns issue. If I use our internal DNS servers it doesn't work, but if I put in a static DNS like 4.2.2.2, then I can get to the site.

I need some ideas, on how to resolve this DNS issue...
bernardbAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
bernardbConnect With a Mentor Author Commented:
Thanks Everyone.

The issue was we had an A record on our DNS server that pointed to www.blah.org's old internet service provider.

I removed the A record
0
 
Chris DentPowerShell DeveloperCommented:
Using Forwarders or Root Hints? Root Hints is the default, but if you're not sure, pop open the Properties for your DNS server then select the Forwarders tab.

Perhaps the most common cause of obscure resolution failure is EDNS (Extended DNS). This happens because some routers / firewalls silently drop UDP packets larger than 512 bytes. EDNS is a change that means the server advertises support for packets over 512 bytes, if the network hardware doesn't support that as well you end up with trouble.

To test if this is the case, run:

dnscmd /config /EnableEDnsProbes 0

This disabled EDNS, once done, flush the cache with:

dnscmd /ClearCache

Then run:

nslookup www.TheSiteThatFailedBefore.com

Chris
0
 
bernardbAuthor Commented:
Here's another piece....

I can get to www.blah.org

but not www.blah.org/dev

internally it doesn't work, but externally from outside of our network I can. it's on the same server etc.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
bernardbAuthor Commented:
and the error is 'HTTP 404 - File not found
Internet Explorer'
0
 
Chris DentPowerShell DeveloperCommented:

That takes it out of the hands of DNS.

If you couldn't get to www.blah.org, but could to bob.blah.org we could blame DNS. But if it's a sub-directory under a website DNS is done before you get to the /dev bit.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

> and the error is 'HTTP 404 - File not found ...

Even better, the only thing that can return that is the remote web server. Now you ruled out both DNS and the network layer.

Either the web server is wrong, or we swing back and wonder if you're getting the same answer. Fortunately we can check that:

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.

Chris
0
 
evgeny_f31Commented:
if I put in a static DNS like 4.2.2.2, then I can get to the site
Does it work if you use 4.2.2.2 as dns forwarder address ?
How exactly your network gets the internet - routers, proxy  ?
0
 
bernardbAuthor Commented:
Chris-Dent
They return different IP addresses when I tried

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.
0
 
bernardbAuthor Commented:
Resolved by me, but thanks to all. You Experts are the best.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.