tips54
asked on
Random DNS issues
We started experiencing some DNS issues in the last couple of weeks. certain traveling websites will not come up. The site name resolves but at times it comes up and other times it does not.
We are also not able to ping 4.2.2.2 or do NSLookup.
Ping and nslookups worked fine until recently.
We recently migrated from one ISP to another and everything worked fine for two weeks after that move.
There no entries on the DC Logs related to dns. Windows firewall has not changed either .
Any suggestions on how to address this issue?
We are also not able to ping 4.2.2.2 or do NSLookup.
Ping and nslookups worked fine until recently.
We recently migrated from one ISP to another and everything worked fine for two weeks after that move.
There no entries on the DC Logs related to dns. Windows firewall has not changed either .
Any suggestions on how to address this issue?
I would never use a public dns server unless your out on a public network or wifi. Just my prefrence though.
As for your issue.
If you cant ping 4.2.2.2 try a tracert or monitor it with something like ping plotter.
This is an underlying network issue.
As for DNS, lets get into that:
What is a traveling website? Please be more specific here with URLS if you can.
If your using a local DNS server on your server, it needs to be able to query the outside, check for forwarders on your DNS server. You might have a forwarder for your old ISPs dns there.
I would remove forwarders all together if you have any, they are not necessary in most cases.
I would get your ISPs dns servers and monitor the new line to them, these are "inside" the ISPs network.
Monitor the link between you and your gateway as well.
Lets say you query from your workstation www.myhouse.com
this request goes to your local dns, if your local dns cant resolve it, it has to go upstream, this is very very common. If there is a forwarder that fails, it will most likely time out before it gets a root hint.
If you dont have forwarders and your dns server cant get a root hint it cant resolve the query and will fail.
No there wont be any DNS logs to show this, because its not a server issue, its a query issue and it does not log query issues in most cases, there would be a million entries.
I re-read your whole post, and you say "The site name resolves but at times it comes up and other times it does not"
Does this mean that myhouse.com will always resolve to the IP? Does almost every single site you query come up with the IP every time?
If YES, then you dont have a DNS issue, its something else.
Can you ping routers outside your network by IP?
Can you ping 8.8.8.8?
As for your issue.
If you cant ping 4.2.2.2 try a tracert or monitor it with something like ping plotter.
This is an underlying network issue.
As for DNS, lets get into that:
What is a traveling website? Please be more specific here with URLS if you can.
If your using a local DNS server on your server, it needs to be able to query the outside, check for forwarders on your DNS server. You might have a forwarder for your old ISPs dns there.
I would remove forwarders all together if you have any, they are not necessary in most cases.
I would get your ISPs dns servers and monitor the new line to them, these are "inside" the ISPs network.
Monitor the link between you and your gateway as well.
Lets say you query from your workstation www.myhouse.com
this request goes to your local dns, if your local dns cant resolve it, it has to go upstream, this is very very common. If there is a forwarder that fails, it will most likely time out before it gets a root hint.
If you dont have forwarders and your dns server cant get a root hint it cant resolve the query and will fail.
No there wont be any DNS logs to show this, because its not a server issue, its a query issue and it does not log query issues in most cases, there would be a million entries.
I re-read your whole post, and you say "The site name resolves but at times it comes up and other times it does not"
Does this mean that myhouse.com will always resolve to the IP? Does almost every single site you query come up with the IP every time?
If YES, then you dont have a DNS issue, its something else.
Can you ping routers outside your network by IP?
Can you ping 8.8.8.8?
Oh, on our dns servers I had to reduce scavenging of stale records to 6 hours.
ASKER
Thank you both for the replies.
I can't ping 8.8.8.8 either.
wlacroix,
If I enter Avis.com in the we address the tab resolves the name but the site does not come up 90% of the time.
If I ping the site it resolves but no replies.
I do have to forwarders , They are pointing to OpenDNS which we doe use. We are not blocking travel category. I did not enter any DNS information anywhere from the new ISP.
I can't ping 8.8.8.8 either.
wlacroix,
If I enter Avis.com in the we address the tab resolves the name but the site does not come up 90% of the time.
If I ping the site it resolves but no replies.
I do have to forwarders , They are pointing to OpenDNS which we doe use. We are not blocking travel category. I did not enter any DNS information anywhere from the new ISP.
Hi,
you are trying to ping the IP of sites and DNS. To ping with IP doesnot require DNS. what i am thinking may be your firewall/router or ISP is blocking the ping.
please RUN pathping 4.2.2.2 and see where it blocked.
you are trying to ping the IP of sites and DNS. To ping with IP doesnot require DNS. what i am thinking may be your firewall/router or ISP is blocking the ping.
please RUN pathping 4.2.2.2 and see where it blocked.
lots of sites wont reply to a ping its normal, be more concerned with the resolution.
If you cant ping 8.8.8.8 that is bad, I would start here and skp the DNS stuff for now.
Grab ping plotter or another software that shows you the visual route.
you can also do a tracert from a command prompt. It will give you an idea where it fails.
8.8.8.8 is public and responds from every site I have ever been on, around the globe.
SO does 4.2.2.2.
Your ISP should also be able to help you.
Can you do a tracert to 8.8.8.8 and post it for me?
Mine looks like this:
See attached
Google-ping-plotter.jpg
If you cant ping 8.8.8.8 that is bad, I would start here and skp the DNS stuff for now.
Grab ping plotter or another software that shows you the visual route.
you can also do a tracert from a command prompt. It will give you an idea where it fails.
8.8.8.8 is public and responds from every site I have ever been on, around the globe.
SO does 4.2.2.2.
Your ISP should also be able to help you.
Can you do a tracert to 8.8.8.8 and post it for me?
Mine looks like this:
See attached
Google-ping-plotter.jpg
You might have huge packet loss on pings, in some cases pings (an ICMP echo) are blocked and you will never get a reply.
If your ISP has one router that is set not to respond it may disrupt every ping downstream of it.
If your ISP has one router that is set not to respond it may disrupt every ping downstream of it.
ICMP echos are the very last type of packet to be transmitted by an overloaded router.
Which is funny because they are used so very commonly to tell if a device is active.
Which is funny because they are used so very commonly to tell if a device is active.
ASKER
ICMP works on the users networks times out But not on the servers network. I have the two segmented.
so, where do you face the issue, on server or PCs
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This appear to have been an issue with a defective Cisco firewall.
1. are you able to ping other DNS IPs like 8.8.8.8 ?
2. is nslookup working fine for local ips.
3. check your DNS forwarders.
4. check if you are able to access any website.
5. Check your root hints server