?
Solved

DNS Issue

Posted on 2011-02-21
20
Medium Priority
?
1,075 Views
Last Modified: 2012-05-11
Hey all,

 Having an issue with internal DNS at a client site. Well, I suspect it is a DNS issue.

 SBS 2008 Domain

 Attempting to get to a website 'control.symform.com' - I just get a 404 error. From outside of our network, it works fine with no issues. I have run a dcdiag /fix, all tests passed. I cannot seem to find an issue,

 Anyone have any ideas?

Thanks!
0
Comment
Question by:LindsayCole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34943743

Run this and verify the IP Address you get back is correct (and matches the IP you get when used from outside your network):

NsLookup control.symform.com

If that happens to be your AD / SBS domain name then things get tricky.

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34943816
C:\Users\lcole>nslookup control.symform.com
Server:  spartansbs.spartan.local
Address:  192.168.1.2

Non-authoritative answer:
Name:    control-208587495.us-east-1.elb.amazonaws.com
Address:  184.72.95.238
Aliases:  control.symform.com

---------------

I get the same response when I do it from outside the network..
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34943839

Something is going a bit wrong there then. The 404 response has to come from a web server, and unless you use a Proxy server it's come from the web server for that domain.

Do you use a Proxy?

If not, we're a bit stuck, you could attempt to prove the response comes from there with a packet sniffer, but unless you have some degree of administrative control over the site there's little you can do beyond that.

Chris
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 5

Expert Comment

by:zazagor
ID: 34944000
Have you tried to flush DNS cache:
ipconfig /flushdns

//zaZagor
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944297
Okay, so we do not use a proxy (I'm the Network Admin here).

It isn't a 404 we get, my mistake in saying that.

We get; (in firefox)

Problem Loading Page

Connection Timed Out

The server at control.symform.com is taking too long to respond.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 34944348
So what is happening why you try http://184.72.95.238/ ? load? same error?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34944357

Then perhaps try:

telnet control.symform.com 80

If that doesn't connect, and I suspect it won't there's a networking problem somewhere along the path. That may be local to you, or somewhere in between you and them.

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944399
Mojo: Same error.
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944408
C:\Users\lcole>telnet control.symform.com 80
Connecting To control.symform.com...Could not open connection to the host, on port 80: Connect failed
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944414
What is the best way for me to ascertain if the problem is my network or not?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34944430

Watch traffic on the borders of your network and see if the request is allowed out.

If it is, you could always try tracert, relies on ICMP, but it may be allowed, and if it is, it may give an indication of where it's breaking down.

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944456
ICMP is blocked on their server. Cannot ping them from anywheres.

How would you watch the borders?
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944473
C:\Users\lcole>tracert control.symform.com

Tracing route to control-208587495.us-east-1.elb.amazonaws.com [184.72.95.238]
over a maximum of 30 hops:

  1    <1 ms     6 ms     9 ms  192.168.1.1
  2    12 ms    10 ms    11 ms  loop0-wda.83w.ba12.hlfx.ns.aliant.net [142.176.50.78]
  3    11 ms    11 ms    12 ms  te-0-2-2-0-301.cr01.hlfx.ns.aliant.net [142.176.53.163]
  4    17 ms    13 ms    11 ms  xe-2-0-0.cr02.drmo.ns.aliant.net [142.166.181.142]
  5     *        *        *     Request timed out.

My ISP is Aliant. Looks like I cannot get out of the ISP's network.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34944480

Your firewalls / routers, do you have logging capabilities there?

You could watch it on the client, but it won't tell you anything that you don't know (i.e. it doesn't work). And since the routers / firewalls will be the last point you get to handle the traffic it would be nice to ensure all is well there.

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34944512
My edge router is unfortunately only a Cisco/Linksys RV042. Not much in the way of logging.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34945551

Hmm that does make it a bit tricky.

Well I recommend you run the Tracert command from both sites anyway. Even if the final hop doesn't respond to ICMP it should show you much of the path and that may highlight a problem.

The result from NsLookup proves it's not DNS at fault, so it's either your own network, or a network between you and them. It's not entirely common, but it's far from being unheard of, that the problem might be one of the intermediate service providers.

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34946113
Chris, when you say both sites, you mean from the server that control.symform.com sits on?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 34949497

On-site and off-site, sorry.

Do you actually manage the web-service at all? Or is it completely unaffiliated with you?

Chris
0
 
LVL 2

Author Comment

by:LindsayCole
ID: 34952194
Offsite:
C:\Windows\system32>tracert control.symform.com

Tracing route to control-208587495.us-east-1.elb.amazonaws.com [184.72.95.238]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2    49 ms    49 ms    49 ms  142.166.100.89
  3    51 ms    50 ms    91 ms  te-0-4-0-0-200.cr01.stjh.nb.aliant.net [142.166.
211.129]
  4    47 ms    15 ms     7 ms  xe-2-0-0.cr02.stjh.nb.aliant.net [142.166.181.11
0]
  5    51 ms    50 ms    51 ms  te-0-4-1-0.cr01.hlfx.ns.aliant.net [142.166.181.
149]
  6    37 ms    18 ms    51 ms  xe-2-0-0.cr02.drmo.ns.aliant.net [142.166.181.14
2]
  7    71 ms    64 ms    71 ms  xe-2-0-0.bx01.asbn.va.aliant.net [207.231.227.10
]
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed -SNIP-

Onsite:

C:\Users\lcole>tracert control.symform.com

Tracing route to control-208587495.us-east-1.elb.amazonaws.com [184.72.95.238]
over a maximum of 30 hops:

  1     2 ms    <1 ms    <1 ms  192.168.1.1
  2   151 ms    11 ms    11 ms  loop0-wda.83w.ba12.hlfx.ns.aliant.net [142.176.5
0.78]
  3    12 ms    11 ms    11 ms  te-0-2-2-0-301.cr01.hlfx.ns.aliant.net [142.176.
53.163]
  4    15 ms    12 ms    19 ms  xe-2-0-0.cr02.drmo.ns.aliant.net [142.166.181.14
2]
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out. -SNIP-

They are completely unaffiliated with us. A potential offsite backup solution.

I called the ISP today, Bell, and they were completely useless just as I expected them to be. Wouldn't even work with me on this issue.
0
 
LVL 2

Author Closing Comment

by:LindsayCole
ID: 35192281
We never found the solution. However you were very helpful in trying :)
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question