• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Internal DNS not resolving, points to bogus external ip address

EE,
I've been having this issue with a web app located on a local webapp server.  When the address is used outside my network it resolves perfectly and goes streaight into the website. Yet when tired to access from inside the network it give a website not found.  When I run nslookup internaly for webapp.capsure.com without the dot at the end it gives me my internal address fine. Yet when I nslookup webapp.capsure.com. with the dot it gives me an ip address that does not exist (206.188.192.47).  This issue started to happen all of a sudden without any changes to the servers.  

Internally i can access the site with the ip fine... but my dns seems to not pick up or take effect on any of my client computers. My domain controller is the DNS, AD, and Excahange server and it has not gone down at all and for some reason dns stopped resolving yesterday morning.  

I do not own capsure.com and just have the subdomain with them since its their app we are currently using (when it was working). They host their domains with Network Solutions and according to support they had network solutions update their records which was their first solution to the problem "wait until the updated records poppulate".  Its been a day and it seems to be more than that. When i run a tracert from inside the network it points to the 206.188.192.47 and stops at hop 10.

Tracert Results from Inside the Network
When I run tracert from outside the network it hops all the way to the external ip of the server.
Tracert Results from Outside the NetworkI would appreciate the help i need this webapp to be up since it does a crucial function at this place.

Addresses are fake if you need me to place real addresses so you can help let me know.
Thanks in advance  
0
Osram34
Asked:
Osram34
  • 10
  • 3
  • 3
  • +1
1 Solution
 
Moomin83Commented:
Hi Osram34

I assume the forward look up within DNS has been confirmed to be correct. Secondly you could try adding a DNS c name for the web app pointing it to the correct ip address. Also check if there is no faulty "reverse" lookup within the DNS setup. lastly you can perform the basic "ipconfig /flushdns" and "ipconfig /registerdns" from command prompt on the server hosting the webapp.

Hope it helps
0
 
Osram34Author Commented:
Thanks for the prompt response what exactly do mean my a c record??? i've just found the advanced view option in dnsmgmt and seems like in the cahced lookups is where the problem is.  I found the address that im trying to modify and it has a record to the exterior wrong ip.  the time to live on it is in about an hour and 15 minutes i hope this will get resolved as soon as this a record dies or should i just delete it. Don't want to make things worse.
0
 
HobettCommented:
Deleting the cahced record will be fine. You can could then ping -a webapp.capsure.com to get it to resolve the name and cache it. This will then let you know if the record gets setup correctly.

ipconfig /flushdns will clear the whole cache which won't help much in tracking down why it is the wrong ip being resolved and may cause more problems.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Moomin83Commented:
Alias(Cname) is a record in DNS, attached is an example (personal info removed)
creating new records by selecting right mouse click within the forward look up in DNS
cname1.JPG
cname.JPG
0
 
pcfreakerCommented:
Hi,

Is your domain named: capsure.com?
0
 
Osram34Author Commented:
hobett i went ahead and deleted the record and it seemed to have worked for a little bit like 10 minutes. WHen i do nslookup on both the one ending in com and the on ending in com. i get the internal ip address but when i ping -a webapp.capsure.com i get the bogus external again where do you think this ip is coming from?
0
 
HobettCommented:
So you are using nslookup and it is using the default DNS server, e.g. nslookup capsure.com and not nslookup - ipOfDnsServer? As Ping and nslookup should use the same dns server.

I would test each of your dns servers to see which one has the incorrect entry. I would start with the DNS servers that the caching server is looking to as forwarders if any are set. It may be that one of those servers has an incorrect entry.

When I ping capsure.com I get: 81.200.64.50 which I note is different to the response in your first post.
0
 
Osram34Author Commented:
here let me show you all my screen shots you have some time??
0
 
Osram34Author Commented:
0
 
HobettCommented:
I'm afraid I've run out of time tonight - cats and the Mrs are telling me it's bed time :(

Nslookup and ping do not use the same system libraries to lookup hostnames. Ping uses the system library whereas nslookup uses it's own internal library.

Explained better here:
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-results-different-to-ping.html

Why there is a difference between .com. and .com
http://oreilly.com/catalog/netpc/excerpt/sidebar.dns.htm

I'm on a corporate away day tomorrow so won't get chance to look tomorrow, sorry.
0
 
pcfreakerCommented:
I think I get your problem, is the external ip you are resolving not the correct one? Is it the same ip you are getting request time out the same ip you contact externally?

How do you enter the site outside, via www.website.com? 

Your main domain is joalvarez.local, so I guess you should access internally via webapp.joalvarez.local?

Could you point out this questions pls
0
 
Osram34Author Commented:
Outside you enter the address directly joalvarez.capsure.com the same way as it should be accsible from within the network. Software is referenced that dns to access the db. so its not just for web access. And yeah that external ip that it points to is the ip for www.capsure.com. The joalvarez.capsure.com should be pointing to either my internal ip or my external ip from within the network.  From outside the netowrk my dns resolves perfectly and points to my external ip. I've neutralized the problem temporarily with the hosts file but the problem is yet to be solved maybe you can shine some light.
0
 
Osram34Author Commented:
Hopefully i didn't consfuse you let me know.... not sure if im making much sense at this point.

0
 
pcfreakerCommented:
I think I get the picture, outside you use www.capsure.com and internally joalvarez.capsure.com, but as I can see capsure.com is not your local domain, so basically it will always try to go to the outside since that domain (capsure.com) is not authoritive for your DNS.
The only way to access locally is when you use joalvarezinc.local, meaining that if you use http://capsure.joalvarezinc.local you will be directed to the local ip 192.168.2.15.

Correct me if I'm wrong about this.

However, if you need to use the www.capsure.com, you should create this domain whithin your DNS server: A primary domain called capsure.com and create an A record called www and the ip should be 192.168.2.15, that way you will resolve to www.capsure.com to the ip 192.168.2.15.

Rgds.
0
 
Osram34Author Commented:
i guess i didnt make sense yesterday...  sorry long day of troubleshooting. www.capsure.com is the dev of the web app so webapp.capsure.com is how you would access form outside the netowork.  From inside the network it was accessed exactly the same for about a year or so webapp.capsure.com without a problem untill the other day.  Internal DNS keeps on referencing the wrong ip for some reason.
0
 
Osram34Author Commented:
I think i know what you mean... ill be at the office in a bit ill let u know
0
 
Osram34Author Commented:
thanks for everyones involvement in this question.... It just happened that their domain provider had changed their configuration and my name server took a long time to re populate.  A total of about 10 days for my name server to pick up the new settings... :( what  a bummer seems like everything is back to normal. Still i believe when software developers change things like their domain that could infact affect someones installation the customers should be warned about such changes. www.capsure.com
0
 
Osram34Author Commented:
Time was the answer to the question...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 10
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now