WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
DNS cannot resolve external company website
Last Week our local ISP/telephone/cable company started handling our DNS records. Everything seems to be working great except, when I try to go to our company website I get the following error:
"This site can’t be reached
www.mycompany.org’s server DNS address could not be found."
When I run nslookup I get this error:
"***myserver.mycompany.loc
This problem ONLY began when the ISP/Cable company started handling our DNS records!
Oddly enough if I try to go to our IPS/Cable company website I get the same exact error message in the browser and same error in nslookup. All other websites I go to resolve without any problems. We are running Windows SBS 2011 standard with all patches up to date and the static IP of our server is also the DNS being pushed to all our client PC's. There are no Forwarders in place in the DNS server. The error's described above happen on the server and every client PC in our offices regardless of whether they are connect via CAT5 or in-house wifi.
I have attached screen shots of the different errors. This is worth 500 points as I have now been with this problem for 4 days and the ISP cannot seem to resolve it.
browser-error-screen-shot.png
nslookup-screen-shot.png
ipconfig-screen-shot.png
functioning-correct-screen-shot-goog.png
"This site can’t be reached
www.mycompany.org’s server DNS address could not be found."
When I run nslookup I get this error:
"***myserver.mycompany.loc
This problem ONLY began when the ISP/Cable company started handling our DNS records!
Oddly enough if I try to go to our IPS/Cable company website I get the same exact error message in the browser and same error in nslookup. All other websites I go to resolve without any problems. We are running Windows SBS 2011 standard with all patches up to date and the static IP of our server is also the DNS being pushed to all our client PC's. There are no Forwarders in place in the DNS server. The error's described above happen on the server and every client PC in our offices regardless of whether they are connect via CAT5 or in-house wifi.
I have attached screen shots of the different errors. This is worth 500 points as I have now been with this problem for 4 days and the ISP cannot seem to resolve it.
browser-error-screen-shot.png
nslookup-screen-shot.png
ipconfig-screen-shot.png
functioning-correct-screen-shot-goog.png
Who is Participating?
What do you get when you do
nslookup www.mycompany.org 4.2.2.2
or
nslookup www.mycompany.org 8.8.8.8
Sudeep
nslookup www.mycompany.org 4.2.2.2
or
nslookup www.mycompany.org 8.8.8.8
Sudeep
Sudeen thank you for your comment. I can definitely resolve to the website using google dns. And I have tried that before my post with success. But still to my question posted, I cannot determine why this is now happening when prior to the moving of DNS records, this EXACT setup/configuration has worked perfectly for the past 7 yrs.
Why, why, why would you allow someone else to manage your dns? It would appear that they don't have forwarders setup
David regarding your somewhat condescending comment… My predecessor had DNS set up on an independent web hosting company which was at that point hosting our website. And since we were already pulling our DNS from our ISP's servers from the cable modem to our router, that's why they are handling our DNS records. I certainly am not a DNS expert and if there is a better way to do this I would welcome a suggestion.
Excellent advise. Just to clarify what you're saying...our local ISP provides our internet service, which gives us a static external IP and of course the ISP's DNS of which all numbers are plugged into our router between the cable modem and internal server. Just trying to understand why I'm forgoing AD integration with that setup?? Obviously I want to take the best solution that will keep our systems solid. And if the current setup isn't good, then I need to change to what is best.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month6 days, 19 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
I use Cloudflare for my Name Servers (I don't have 2 IP addresses on different subnets) and they have all of my external records (they provide caching/ddos protection) and an A record on Cloudflare that points to my External Ip address.. Internal addresses are handled completely by the local DNS server. If my Internet goes out, or have an extended power outage my globaly redundant WEB servers that reside in the cloud are always accessible. Also this way if I need to access an external site i.e. www.example.com from my domain example.com the search will go as follows:
locally no match -> dns forwarders -> registrar -> cloudflare -> website.
internal sites go to the local dns server and don't have to leave the organization.. so if internet goes out all computers can work just without internet access.