Solved

DNS failure

Posted on 2014-04-14
22
139 Views
Last Modified: 2014-10-23
We recently assisted a client with the relocation of their website.  The site moved from inside the domain to a hosted site; the website still has the same name as the local domain.
Updated global DNS settings and the world can navigate to the website.  Updated the local DNS A record by simply inserting the global IP where there used to be a private IP.  One can ping the website via URL or IP successfully from inside the LAN.  Performing an http connection test is successful, too.  However, no one inside the local LAN can navigate to the website.  Depending on which browser one chooses to use, the message is basically that the page cannot be found.  Chrome cannot find the website, for example.
I'm open for suggestions; thanks ahead to anyone who has a moment to respond.
0
Comment
Question by:wolf2008
  • 6
  • 5
  • 4
  • +4
22 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39999892
From one of the computers in the lan run the following command:


nslookup www.domain.com 


Look at the result and see if it actually resolves to an IP address
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39999900
I would open DNS Manager from all servers, right click the server and Clear Cache.

Also, run an IPCONFIG /FLUSHDNS from the clients as well.
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 39999905
Also is the website the same as the server?

If so try adding www as a name to the DNS zone.

EG:

contoso.com
   - www <public IP of the new web server>

then hit www.contoso.com


If the domain is named contoso.com it'll look for the DC, and not the website.
0
 
LVL 1

Author Comment

by:wolf2008
ID: 39999922
Becraig,

Running this command returns a local IP.  Do you have suggestions from where you sit on how to correct that?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39999936
It should have returned a value for Server:xx.xx.xx.xx

If that server is an internal DNS server, then you should update your DNS server to point to the public ip address:

Create a new A record for www in zone domain.com pointing to the public ip address that should fix it...
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39999941
Hi,

see the Kyle Abrahams comment.

1. Go to DNS server.
2. create a A record shown below.
Name: www
IP: your site IP

a
Run  IPCONFIG /FLUSHDNS

and try.
0
 
LVL 1

Author Comment

by:wolf2008
ID: 39999947
Thanks for these suggestions.  
We have done these things already, as noted in my original post.  The A record has been updated; ipconfig /flushdns executed many times now.  That was my first and only intended step to take on the local LAN for this website move.  This is the only internal change I have made for other clients when moving a website.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39999964
Is the DNS server that is returned from nslookup the same ip/servername as your dns server  ?

try this:

nslookup - hit enter
set q=a - hit enter
www.domain.com - hit enter


you may have multiple records and need to deleted the extra one, this would tell you if that is the case and if there are multiple entries.

More importantly ENSURE the dns server you made the update on, is the same one returned in nslookup


I know it can get confusing when 20 people are telling you different things at the same time, but you can explore one path and then another as deemed necessary.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39999976
Hi,

Run below command on DNS server.

nslookup www.domain.com 

if it not resolve to your public site IP then restart the

1. DNS server service then try.
2. if not then open your DNS console, right click on your domain name and clear cache.

then again try nslookup www.domain.com
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 40000066
You updated the old ip where the new one was, but was that for your domain, or was that for WWW?

If you don't have a WWW in your DNS can you add one and make that the public IP?  Then try to browse by www.website.com?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40000201
I think Santosh Gupta is on the right track.  Running ipconfig /flushdns and /registerdns does not flush the DNS server's cache.  You need to flush the old cached record on the DNS server so that it refreshes with the new information for your www.domain.com IP address.  This can be done either by restarting the DNS server service or by opening the DNS management console, manually checking the cache and deleting the old record that points to the internal IP address.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:wolf2008
ID: 40001267
Thanks for all of the responses.  

We definitely have an A record pointing to the proper IP address of the website.  The A record is for www.

We have flushed the DNS.  We have scoured the DNS for any conflicting entries.  We have restarted the service and rebooted the server.

If I ping the URL and succeed, does this NOT show that DNS is proper?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40001369
If I ping the URL and succeed, does this NOT show that DNS is proper?

So, while pinging are you able to get public IP.
0
 
LVL 1

Author Comment

by:wolf2008
ID: 40001419
Santosh,

Yes.  That is the fact.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40001466
hi,

Try to access http://yoursitepublicIP

if you are still unable to access then need to see the router/firewall logs.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40001884
Download this tool:
http://www.microsoft.com/en-us/download/details.aspx?id=17148

It will be invaluable in the long run.

once you have it installed run

portqry -n www.domain.com -e 80

then
portqry -n xxx.xx.xx.x - 80

Where xx.xx above represents the public ip.

Let me know the results
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40002517
I suspect that the website is redirecting requests from www.domain.com to domain.com, and this is what's causing the problem. You can test this by browsing to www.domain.com from outside the LAN. Does the URL in the browser change to domain.com when the site's main page appears? If so, it's being redirected.

The only way to fix this is to remove the redirect from the site so that it will accept requests for www.domain.com. Since the internal and external domains have the same name, users inside the LAN will hit a domain controller when they try to browse to domain.com, because Active Directory uses blank host records in the domain's DNS zone to designate domain controllers. You shouldn't attempt to get around this by creating another blank host record and giving it the public IP of the website; internal users will only reach the site some of the time anyway, and you may cause Active Directory issues.
0
 
LVL 1

Author Comment

by:wolf2008
ID: 40030422
DrDave242,
We did exactly what you suggested to NOT do, and the issue has been resolved for nearly two weeks with no reports of any toxic byproducts.  My tech did two things, actually, which resulted in a resolution.  First, he deleted the A record that I had formerly only changed, and he recreated it using the exact same parameters, of course.  He also created a blank A record (no www or anything; so the record is for domain.com and not www.domain.com).  This is apparently our solution.  I'll let you know if/when things go awry.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40030451
I think that suggestion was the 4th comment on this thread to recreate the A record so internal DNS would know where to go:

Your Comment
by: becraigPosted on 2014-04-14 at 13:56:42ID: 39999936
Rank: Sage
It should have returned a value for Server:xx.xx.xx.xx
If that server is an internal DNS server, then you should update your DNS server to point to the public ip address:
Create a new A record for www in zone domain.com pointing to the public ip address that should fix it...

Creating a blank A record for domain.com would not be the source of your solution if you initial issue was accurate resolution of www.domain.com.

I surmise something else internally might have been amiss with DNS and it is cleaned up now, inclusive of the creation of a new A record.
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 40030489
Actually 2nd suggestion, but who's keeping track?  ;-)
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40030497
So true Kyle lol

Expert Comment
by: Kyle AbrahamsPosted on 2014-04-14 at 13:47:33ID: 39999905
Rank: Genius
Also is the website the same as the server?
If so try adding www as a name to the DNS zone.
EG:
contoso.com
   - www <public IP of the new web server>
then hit www.contoso.com
If the domain is named contoso.com it'll look for the DC, and not the website.


I did not even notice, like I said later in the thread so many different suggestions were made it probably got hard to keep track of a real investigative path.    

My suggestion was made after yours and only once I saw the OP indicate he was getting a local address on nslookup which made it quite clear at that point.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40054078
After a bit more research, I can tell you why it's working (assuming it still is): a feature of modern web browsers called client retry (or browser retry). When I started reading about it, I realized I'd read about it before but later forgot the information. It's not very well documented, apparently, but it works like this:

Note: This example assumes that nothing is cached on the client beforehand.

1.

The DNS client on your machine sends a host query for domain.com to your internal DNS server.

2.

The server responds with a list of all host records (and CNAME records, if they exist) matching the query. In your case, the response will contain the IP addresses of each of your DCs and the IP address of your web server, since you've created that blank host record. (Looking at previous queries for the same information would allow you to determine the order in which the addresses will be presented, due to the way round-robin DNS works, but we're not really concerned with that.)

3.

The DNS client gives this data to the web browser. So far, this is normal. Steps 4, 5, and 6 are where client retry comes in.

4.

The web browser attempts to connect to each address in the list until a successful connection is made.

5.

Assuming a connection is made, the browser displays the requested page as it normally would, but it also caches the address associated with the successful connection. This cache is separate from both the DNS client cache and the browser's cache of previously opened pages..

6.

Future connections from the same browser to the same FQDN will use the cached address.Because client retry isn't well documented, I don't know how long the address remains cached on the client, though it's safe to assume it's eventually purged. (Maybe the browser uses the TTL value of the corresponding host record - who can say?) When that happens, the next connection attempt starts over at step 1. (Well...not necessarily, since the DNS client may still have the address cached as well.)

I can think of one potential problem: if IIS ever gets installed on one of your DCs for whatever reason, and that DC's address is presented to the web browser before the address of the web server, that client won't be able to reach the web server. It'll connect to IIS on the DC, assume that's where you were trying to go, and cache the DC's address for future connections. That's obviously not ideal.

If you want to read more about client retry, you can find some (unofficial) information here and here...and probably in other places as well.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now