Peer-to-peer network unable to access a certain website

I need some ideas about how to solve a problem accessing a certain website.

I am the IT staff for a small medical office.  Six pc's  all running Windows 7 Pro in a peer-to-peer network.
I can remotely login to their system using LogMeIn.

The problem:
 - Occasionally it becomes impossible to access the web site “www.comcast.net”  .  The error message received is “server not found”.  However,  I can successfully access the web site from my home computer. This problem lasts for about 24 hours then mysteriously solves itself.

The firewall is a ZyWALL USG 50.  I have checked it and there are no instructions in it to block any website.

So, it is a big mystery to me as to why only 1 web site is blocked on what seems a random basis.  
I wonder if it some problem withing the Comcast.net web site which causes problems?

Q1.)  What steps would you take to troubleshoot this problem?

Q2.) Since there is no server involved and the firewall is the DNS server,  what thoughts do you have about changing the dns ip address so it uses Open DNS?
donpickAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You can try changing DNS. If the current DNS is old (out of date) then it could cause this issue. but I would think it would be more prevalent.

Try update the firmware in the firewall and rebooting it. If it is easy to set up, try a hard reset to factory specifications.
Fred MarshallPrincipalCommented:
To troubleshoot:

Do you have DNS that gets you the Comcast IP address?
command line:
nslookup
www.comcast.net

This should give you an IP address.   If not, you have a DNS problem.  If it does give an IP address then:
command line:
tracert www.comcast.net (or alternately use tracert xxx.xxx.xxx.xxx where the x's are the IP address).

This should trace out the path from your workstation to Comcast.  If it fails then the last hop is the last good point in the path and the next hop after that is the likely problem point.
If the problem point is your router then you know something.....
etc.
donpickAuthor Commented:
I looked in the Event viewer.  I see  a series of event errors stating:  "DNS client Events"  In the General window it says: "Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.  "  

The error event id is 1014.

I have no idea if this is related to my question.  This error occurs about once a month

Mr Marshall:   I will perform your suggestions within the next couple of days.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

donpickAuthor Commented:
Mr Marshall:
I was able to perform the NSLOOKUP task.  I know next to nothing about NSLOOKUP.
I opened a command prompt
I typed NSLOOKUP
 I get a >   for a response
I typed    www.comcast.net
NSLOOKUP reponded:

server :  Unknown
Address:  192.168.1.200
Non-authoritative answer:
Addresses:  2600:1406:1a::173d:c230
   2600:1406:1a::173d:c2d2
   96:17:15:32
  96:17: 15:40
Aliases:  www.comcast.net
      www.comcast.net.edgesuite.net


Could you please translate?  What does the above information signify?
JohnBusiness Consultant (Owner)Commented:
Did you try changing DNS and see if that helped?
Fred MarshallPrincipalCommented:
nslookup is a quite useful and fairly simple tool:

If you type "nslookup" then it will open the program .. as you did.
If you type "nslookup [space] [ someURL]" like "nslookup www.google.com"
then it will open the program AND look up www.google.com using the default DNS server.
Then it will stay in the program and you don't need to type "nslookup" any more as long as you have the > prompt.

If you type thereafter
[someURL][space][someDNSserver IP]
then the lookup will be done on that DNS server instead of your default DNS server.

With this you can compare your DNS server with others.  Maybe yours is broken or no longer a good address.

Translation:
Addresses:  2600:1406:1a::173d:c230
    2600:1406:1a::173d:c2d2
    96:17:15:32 <<< are you sure this wasn't 96.17.15.32 ?  an ipv4 IP address
   96:17: 15:40 <<< are you sure this wasn't 96.17.15.40 ?  an ipv4 IP address.

This says that you are getting DNS service from the DNS server at 192.168.1.200.
It also says that the URL you gave "www.comcast.net" was resolved to IP addresses.

But, the addresses you get are different than what I get.
23.59.189.105
23.59.189.88
These actually point to Akamai which is an edge service that Comcast would be using
If you do a reverse dns lookup on the web, the address you get comes back "" is all.  That seems strange.  Also, it doesn't lead to a web page.  So that appears to be your problem - the server at 192.168.1.200 giving what looks to be bad info.  
You might try 8.8.8.8 as a secondary DNS server address in your DHCP settings if that's possible.
You might also check where 192.168.1.200 is getting DNS service *from* - i.e. an external DNS server.
192.168.1.200 may have a DNS cache that's old.

All that said, it appears that www.comcast.com is redirected these days to www.xfinity.com with a different IP address.
I was not able to get to the page using any of the IP addresses - which is sort of unusual but may be the way of the modern internet
donpickAuthor Commented:
Mr. Hurst: Not yet, the office is closed for the long holiday.

Mr. Marshall:  Thanks for your info.

The 192.168.1.200 is the address of the ZyWall firewall.  As I vaguely recall, (I haven't visited the office is several months) the internet service is provided by Qwest (now CenturyLink).  I believe there is a Qwest modem under a desk somewhere which is the device that feeds the internet to all the other devices in the office.  

The malfunction happens randomly .  

I will look at the DNS settings in the firewall .   My guess is they point to the Qwest device.  
Mr Hurst and Mr Marshall:  What are your thoughts about changing one of the DNS addresses in the Qwest device to 8.8.8.8.?  

I recently visited OpenDns.com   Apparently this service is not free anymore.

Any thoughts you have will be greatly appreciated.
JohnBusiness Consultant (Owner)Commented:
DNS 8.8.8.8 is a good DNS to use. Certainly try that.  I have it as an alternate because my ISP DNS is known good
Fred MarshallPrincipalCommented:
I have always advocated using external, public DNS addresses for the simple reason that you don't need DNS if the internet is down.  So, there's no disadvantage in that sense.  When the internet is up then why not?  So, 8.8.8.8 and others are a good choice and, I believe, important at the least for backup.  Local DNS can cache addresses to the point where they get stale and you end up getting bad (i.e. old) addresses.  This is very equipment-specific so it may not apply for you.  In the end, any critical service like this should have alternatives.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
donpickAuthor Commented:
Thank you both.  Very good answers.
JohnBusiness Consultant (Owner)Commented:
@donpick - You are very welcome and I was happy to help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.