• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 141
  • Last Modified:

DNS cannot resolve external company website

Last Week our local ISP/telephone/cable company started handling our DNS records. Everything seems to be working great except, when I try to go to our company website I get the following error:

"This site can’t be reached
www.mycompany.org’s server DNS address could not be found."

When I run nslookup I get this error:

"***myserver.mycompany.local can't find www.mycompany.org: Server failed".

This problem ONLY began when the ISP/Cable company started handling our DNS records!

Oddly enough if I try to go to our IPS/Cable company website I get the same exact error message in the browser and same error in nslookup. All other websites I go to resolve without any problems. We are running Windows SBS 2011 standard with all patches up to date and the static IP of our server is also the DNS being pushed to all our client PC's. There are no Forwarders in place in the DNS server. The error's described above happen on the server and every client PC in our offices regardless of whether they are connect via CAT5 or in-house wifi.

 I have attached screen shots of the different errors. This is worth 500 points as I have now been with this problem for 4 days and the ISP cannot seem to resolve it.
browser-error-screen-shot.png
nslookup-screen-shot.png
ipconfig-screen-shot.png
functioning-correct-screen-shot-goog.png
0
Houston Blancett
Asked:
Houston Blancett
  • 4
  • 2
1 Solution
 
Sudeep SharmaTechnical DesignerCommented:
What do you get when you do
nslookup www.mycompany.org 4.2.2.2
or
nslookup www.mycompany.org 8.8.8.8

Sudeep
1
 
Houston BlancettAuthor Commented:
Sudeen thank you for your comment. I can definitely resolve to the website using google dns. And I have tried that before my post with success.  But still to my question posted, I cannot determine  why this is now happening when prior to the moving of DNS records, this EXACT setup/configuration has worked perfectly for the past 7 yrs.
0
 
David Johnson, CD, MVPOwnerCommented:
Why, why, why would you allow someone else to manage your dns? It would appear that they don't have forwarders setup
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Houston BlancettAuthor Commented:
David regarding your somewhat condescending comment… My predecessor had DNS set up on an independent web hosting company which was at that point hosting our website. And since we were already pulling our  DNS from our ISP's servers from the cable modem to our router, that's why they are handling our DNS records. I certainly am not a DNS expert and if there is a better way to do this I would welcome a suggestion.
0
 
David Johnson, CD, MVPOwnerCommented:
ISP's are notorious for not having good DNS servers. So at your domain registrar you set your NS records to point to your ISP's DNS servers? If the ISP manages your DNS then you forgo Active Directory Integration.  DNS is something is trivial to manage and is pretty much a set it up and forget it item.

I use Cloudflare for my Name Servers (I don't have 2 IP addresses on different subnets) and they have all of my external records (they provide caching/ddos protection) and an A record on Cloudflare that points to my External Ip address.. Internal addresses are handled completely by the local DNS server.  If my Internet goes out, or have an extended power outage my globaly redundant WEB servers that reside in the cloud are always accessible. Also this way if I need to access an external site i.e. www.example.com from my domain example.com the search will go as follows:
locally  no match -> dns forwarders ->  registrar -> cloudflare -> website.
internal sites go to the local dns server and don't have to leave the organization.. so if internet goes out all computers can work just without internet access.
1
 
Houston BlancettAuthor Commented:
Excellent advise. Just to clarify what you're saying...our local ISP provides our internet service, which gives us a static external IP and of course the ISP's DNS of which all numbers are plugged into our router between the cable modem and internal server. Just trying to understand why I'm forgoing AD integration with that setup?? Obviously I want to take the best solution that will keep our systems solid. And if the current setup isn't good, then I need to change to what is best.
0
 
Houston BlancettAuthor Commented:
Closing this as I took DNS records back from local ISP to manage myself. Once I completed that change, DNS is now resolving correctly. Thank you experts for your comments.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now