My DNS is failing on one single address, all else works

Normally Firewalls have logs you can look for DNS blockage...

What king of firewall is it... I know Sonicwall have a habit of updating the IPS which can start blocking things unexpectedly.

Also is your pop3 DNS forwarded to a .com DNS like Godaddy or your ISP?

It is rare for someone to house their .com pop3 DNS locally but forward it out.  This would make sense why plugging into the internet directly might fix it as it auto populates with normally a main DNS and a backup DNS.

Check your DNS Forwarders make sure you have updated ISP DNS servers listed

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx

I have concluded that the firewall is not the issue.
If i log on to the firewall  (NETGEAR ProSafe VPN Firewall FVS336GV2) and ping the domain it resolves the address fine, so it has to be my DNS.

I do not use forwarders, I use root hints.

I plugged in straight to the internet box to see if it was on my side or my ISP's side. My ISP can ping it fione, my internet box (all by itself) can ping it fine, my firewall can ping it fine.

I guess I need a way of asking my DNS what it thinks. If i do a nslookup from my DNS it fails to resolve the a URL, but all other URL's resolve fine.

Dariusq: I don't use forwarders, i use root hints

Try DNS Forwarders

Is there no way I can tell the DNS that this IP equals a certain IP address? (I tried creating an 'A-Record', but that did not help.


Why would changing from roothints to forwarder make things better if everything but one single domain works?

It kind of feels like something has gone wrong with this one domain in the DNS, and I should go in and delete it out and tell the DNS to try to 'find it again'

You can go clear the cache in the DNS server.

Just because it is one domain you are having trouble does not mean that is the only domain. Please put DNS Forwarders in and test

Ok, so I did plug in my ISP as a forwader, and that made the problem go away. But I still don;t understand why it stopped in the first place.

It has been the same IP for years, and it has always worked.
What happened that killed it today, and why only this one address?

Again root hints on Windows 2008 servers have not worked. There have been issues with them since day one.

Anyways DNS Forwarders should be used because of performance gains and security gains

http://technet.microsoft.com/en-us/library/cc782142(WS.10).aspx

Without having a specific DNS server designated as a forwarder, all DNS servers can send queries outside of a network using their root hints. As a result, a lot of internal, and possibly critical, DNS information can be exposed on the Internet. In addition to this security and privacy issue, this method of resolution can result in a large volume of external traffic that is costly and inefficient for a network with a slow Internet connection or a company with high Internet service costs.

When you designate a DNS server as a forwarder, you make that forwarder responsible for handling external traffic, thereby limiting DNS server exposure to the Internet. A forwarder will build up a large cache of external DNS information because all of the external DNS queries in the network are resolved through it. In a small amount of time, a forwarder will resolve a good portion of external DNS queries using this cached data and thereby decrease the Internet traffic over the network and the response time for DNS clients.

Dariusq, you have never failed me yet, so I'll leav ethe forwarders on.

But I went to root hints after some issues last year, and then the suggestion was to do the opposite.

I'll dig in to the article you sent and get the low-down, thanks bro.

No problem just let me know if you need anything else