Able to Access Some Websites but not others

Gary Croxford
Gary Croxford used Ask the Experts™
on
THank you for looking at my question,

We have had a new server - OS MS Small Business Server 2011 - installed. There are some small teething problems one of which is that users can access some websites but not others

Eg can access experts-exchange, bbc.co.uk, google - can't access easyjet.com, santander.com

This is happening at the server too.

resolved the easyjet address to an ip address and tried linking to that from the IE address bar but that doesn't work either

have also flushed server dns

don't know where to go next
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
If you can ping them, then most likely it's your MTU settings.  If the settings are mis-matched on your NIC, Firewall, and within Windows, you can get these kind of errors.  MTU should be set for no more than 1492 in all places.

You can easily modify the MTU on the NICs and within Windows with DrTCP:  www.dslreports.com/drtcp
The router needs to be set from it's control panel.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
FYI, this is similar to what I've suggested here:  http:Q_21963681.html

Jeff
TechSoEasy
Gary CroxfordOperations Support Analyst

Author

Commented:
>Techsoeasy
Jeff,

can't ping those addresses i can't access
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
Can you please post a complete ipconfig /all from both your server and a workstation?

Thanks.

Jeff
TechSoEasy
Senior Infrastructure Manager
Commented:
I had this problem before and according to microsoft and http://serverfault.com/questions/98999/sbs-2008-dns-stops-working-after-1-day-for-uk-eu-and-some-other-tlds-outside :

The cause of this problem is that in EU countries (and certain other TLDs outside the USA), nameserver records are typically cached for more than 1 day. SBS2008 has a cap on the maximum time that it will allow nameserver records to be cached, which defaults to 1 day. This default works fine in the USA but When the .uk and .eu records become stale, they are not deleted from the cache but are no longer returned as valid records. Therefore, they effectively prevent DNS lookups in those TLDs from succeeding until the records expire and are deleted from teh cache, or the DNS Server service is restarted.

The fix is to increase the maximum Time To Live (TTL) setting in the DNS server so that it recognises records older than 1 day. Experience has shown that setting the value to 4 days is usually enough, but the maximum setting is 30 days.

Workaround

This problem can be temporarily resolved by restarting DNS Server service or by clearing the DNS cache on DNS server.

Permanent resolutions include - increasing the maximum DNS cache TTL value. - Reconfiguring the DNS server to use DNS forwarders instead of relying on Root Hints.

Solution

For a permanent work around, the MaxCacheTTL value needs to be changed to a value larger than the TLD TTL (Default value is 1 day, maximum value is 30 days). On SBS2008 there is no negative impact since this is the TTL for the cache of Resource Records. This is just the maximum value that it will be stored on DNS server. If the actual TTL is shorter, the shorter value will be used.    
1.Start Registry Editor (Regedit.exe).
2.Locate the following registry key:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
3.
On the Edit menu, click New, click DWORD (32-bit) Value , and then add the following value:

Value: MaxCacheTtl
 Data Type: DWORD
 Data value: 0x69780 (432000 in decimal = 5 days)

 4.
Click OK .

5.Quit Registry Editor.
6.Restart the DNS server.

As an extra precaution, clear the DNS resolver cache using
IPCONFIG /FlushDNS

 After the change, the server should be monitored to check if the issue occurs again. Since this value won’t affect the normal behavior on SBS2008, we can increase this value to a larger value if the issue persi
this solution worked for me like charm
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
run http://intodns.com and post the results
Gary CroxfordOperations Support Analyst

Author

Commented:
>absi81

Has worked like a charm for me also

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial