Solved

I can't get out to a specific website

Posted on 2011-02-10
9
387 Views
Last Modified: 2012-05-11
Integrated Active Directory DNS 2003

We have a specific website we can't access from our internal network, but it can be accessed from outside of our network. It's not a web filter issue, it's a dns issue. If I use our internal DNS servers it doesn't work, but if I put in a static DNS like 4.2.2.2, then I can get to the site.

I need some ideas, on how to resolve this DNS issue...
0
Comment
Question by:bernardb
  • 5
  • 3
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34865667
Using Forwarders or Root Hints? Root Hints is the default, but if you're not sure, pop open the Properties for your DNS server then select the Forwarders tab.

Perhaps the most common cause of obscure resolution failure is EDNS (Extended DNS). This happens because some routers / firewalls silently drop UDP packets larger than 512 bytes. EDNS is a change that means the server advertises support for packets over 512 bytes, if the network hardware doesn't support that as well you end up with trouble.

To test if this is the case, run:

dnscmd /config /EnableEDnsProbes 0

This disabled EDNS, once done, flush the cache with:

dnscmd /ClearCache

Then run:

nslookup www.TheSiteThatFailedBefore.com

Chris
0
 

Author Comment

by:bernardb
ID: 34865774
Here's another piece....

I can get to www.blah.org

but not www.blah.org/dev

internally it doesn't work, but externally from outside of our network I can. it's on the same server etc.
0
 

Author Comment

by:bernardb
ID: 34865805
and the error is 'HTTP 404 - File not found
Internet Explorer'
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 34865806

That takes it out of the hands of DNS.

If you couldn't get to www.blah.org, but could to bob.blah.org we could blame DNS. But if it's a sub-directory under a website DNS is done before you get to the /dev bit.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34865832

> and the error is 'HTTP 404 - File not found ...

Even better, the only thing that can return that is the remote web server. Now you ruled out both DNS and the network layer.

Either the web server is wrong, or we swing back and wonder if you're getting the same answer. Fortunately we can check that:

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.

Chris
0
 
LVL 4

Expert Comment

by:evgeny_f31
ID: 34865880
if I put in a static DNS like 4.2.2.2, then I can get to the site
Does it work if you use 4.2.2.2 as dns forwarder address ?
How exactly your network gets the internet - routers, proxy  ?
0
 

Author Comment

by:bernardb
ID: 34866827
Chris-Dent
They return different IP addresses when I tried

nslookup www.blah.org
nslookup www.blah.org 8.8.8.8

The first asks your internal DNS server, the second Google's DNS server. Both should return the same thing in almost all cases.
0
 

Accepted Solution

by:
bernardb earned 0 total points
ID: 34874388
Thanks Everyone.

The issue was we had an A record on our DNS server that pointed to www.blah.org's old internet service provider.

I removed the A record
0
 

Author Closing Comment

by:bernardb
ID: 34904875
Resolved by me, but thanks to all. You Experts are the best.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Split DNS 3 47
Powershell knowledge 2 46
VMware 6.0 3 71
Need Script to resolve IPs to Public DNS Names 5 24
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question