asked on
DNS Issue - can't get to certain websites. DNS server won't use forwarders
Hello All,
I'm having trouble getting to a few websites on our domain. My DC handles DNS (Server 2008 R2).
Forwarders used: 75.75.75.75 (comcast's preferred DNS server)
8.8.8.8 (googles public dns server)
I can't get to a few sites, most seem to be .gov or .mil sites.. www.mass.gov is one of them..
All workstations are using the DC as the only source for DNS. I can't get to mass.gov, but i looked up the IP address (http://170.63.206.54 ) and that will get me to the website.
I tested that both forwarders can resolve the IP and they both can.
I used nslookup -debug www.mass.gov. 8.8.8.8 -- it resolved to the correct IP.
It appears my DNS server isn't checking with the forwarders -- can anyone help me troubleshoot this?
I'm having trouble getting to a few websites on our domain. My DC handles DNS (Server 2008 R2).
Forwarders used: 75.75.75.75 (comcast's preferred DNS server)
8.8.8.8 (googles public dns server)
I can't get to a few sites, most seem to be .gov or .mil sites.. www.mass.gov is one of them..
All workstations are using the DC as the only source for DNS. I can't get to mass.gov, but i looked up the IP address (http://170.63.206.54 ) and that will get me to the website.
I tested that both forwarders can resolve the IP and they both can.
I used nslookup -debug www.mass.gov. 8.8.8.8 -- it resolved to the correct IP.
It appears my DNS server isn't checking with the forwarders -- can anyone help me troubleshoot this?
DNS
Last Comment
Dalton1981
dnslint.exe is very useful for diagnosing DNS problems in 2008 R2.
http://support.microsoft.com/kb/321045
http://support.microsoft.com/kb/321045
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Thanks for sharing the solution you found. I wonder where the breakage is... In my networks I haven't had to disable EDNS for it to work.
One last point, you might want to try nslookup -type=TXT rs.dns-oarc.net 75.75.75.75 from your network. This will check whether it's Comcast's DNS server that you're using as a forwarder that is blocking.
I already tested 8.8.8.8 and it came back good. If you were to do the same and it was blocked then I would say it's something with your firewall that is limiting.
Lastly, if you're interested in reading more about this: http://msmvps.com/blogs/acefekay/archive/2010/10/11/edns0-extension-mechanisms-for-dns.aspx
I already tested 8.8.8.8 and it came back good. If you were to do the same and it was blocked then I would say it's something with your firewall that is limiting.
Lastly, if you're interested in reading more about this: http://msmvps.com/blogs/acefekay/archive/2010/10/11/edns0-extension-mechanisms-for-dns.aspx
ASKER
I found the solution on another website & shared it
Also run dcdiag /test:dns /v to see if there's any errors.
Do you have a firewall in front of the network that could be blocking DNS traffic?
You might try removing forwarders and seeing if root hints work for you.