DNS lookup issue

We are experiencing issues looking up certain external DNS records from our Active Directory network.  The vast majority of lookups work as expected.

An example would be kitchenways.myshopify.com ( or any myshopify.com URL )  this is an issue as we are setting up a number of shopify sites and need reliable access to them.

If we try a lookup from any PC  or Domain Controller we get a time out.  If we specify an external server such as googles public DNS server on then we get the response we would expect.

C:\Windows\system32>nslookup kitchenways.myshopify.com
Server:  dc-02.exact.ds

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dc-02.exact.ds timed-out

C:\Windows\system32>nslookup kitchenways.myshopify.com
Server:  google-public-dns-a.google.com

Non-authoritative answer:
Name:    shops.shopify.com

Aliases:  kitchenways.myshopify.com

The output from dcdiag /test:dns /v /e returns no errors - results attached.dns-diag.txt

Not sure how we resolve this.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Assuming your DCs are behind a firewall, you may need to flush the DNS cache on the appliance. Or, give atleast 24 hours for the DNS to replicate....depending on TTL.
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Do you by any change have a shopify.com zone on your internal DNS servers?
vodyanoiAuthor Commented:
to answer both questions as best I can.

ConeyrsIT . Yes the DCs are behind a firewall - a Cisco PIX 525, which is  not used for any  DNS lookups. This issue has been going on for a number of months but we have lived with it and worked around it.

Jeremy.  No we do not have a shopify.com zone on the internal DNS servers.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
You may want to change the forwarders on your internal DNS servers then. It should be resolving. You could also try configuring a conditional forwarder for the shopify.com domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Have you configured your DNS to use root hints or are you using forwarders.  If you are using forwarders, what is the IP you are forwarding to.  If you change it to (Google DNS), does it work?  If you are behind a firewall, is there access lists limiting access to DNS servers outside of your organization (i.e. access list allowing access to for DNS only).
vodyanoiAuthor Commented:
We use forwarders in  this order top to bottom, and root hints if no forwarders are available:                                            google public DNS                                            google public DNS

We are behind a firewall, all outbound traffic is allowed with no restriction.

We have added a conditional forwarder to myshopify.com with and as the DNS servers

from command line

nslookup kitchenways.myshopify.com

fails the first time and succeeds on the second attempt

This seems to be enough that access to the websites now works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.