Solved

NFL.com can't be found

Posted on 2016-08-30
13
94 Views
Last Modified: 2016-08-30
I cannot access www.nfl.com from with in my firewall.  Here is what I have done to resolve the problem (please not all other sites are working):

1.  I setup a laptop with an external IP address and DNS Server and connected directly to my router and I am able to go to NFL.com
2.  If I give myself a public DNS setting the firewall, I cannot connect or ping nfl.com.
3.  If I configure the same laptop with public DNS and go out the DMZ port of the firewall, I cannot get to NFL.com or ping the site.
4.  I added nfl.com to our allowed domains in the firewall, cannot ping cannot get to site.
5.  I tried getting to NFL.com by IP address, that did not work.
Heres where it get interesting......
6.  I rebooted the router and the firewall, for about 30 seconds I was able to ping and get to NFL.com, then it went away again.
7.  I rebooted the firewall again, to test my theory, as soon as I had an internet connection I was able to ping and get to NFL.com for about 30 seconds and then it went away again.
8.  I opened a ticket with Sonicwall, they said it was my DNS server.
9.  I got an outside consultant to take a look, they said it was my DNS server, but couldn't find any problems with it!

OH and I did all the stupid stuff, cleared DNS Cache, refreshed page, cleared ARP Cache and check the Malware and Viruses on the network.

I don't believe this is a DNS issue directly, there is something in the firewall stopping nfl.com from resolving and allowing us to the site.  It has to be in the firewall.

We have a Sonicwall NSA3500 with SonicOS Enhanced 5.8.1.15-71o firmware.
Application Control Enabled
Antivirus Enabled
Content Filtering Enabled

This is maddening, can anyone help?
0
Comment
Question by:commeng
  • 7
  • 6
13 Comments
 
LVL 26

Expert Comment

by:DrDave242
ID: 41776633
Have you used nslookup or dig to confirm whether your internal DNS server is able to resolve nfl.com and/or www.nfl.com to the correct IP address? If it can, then DNS is most likely not the problem.

Do you have experience with Wireshark or some other packet-capture tool? If DNS is working fine (and maybe even if it's not), that would be my next step.
0
 

Author Comment

by:commeng
ID: 41776758
I used NSlookup:

nslookup nfl.com (failed)
nslookup nfl.com 8.8.8.8 (failed)
nslookup nfl.com 8.8.4.4 (failed)

I have not used Wireshark a lot but a little bit.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41776762
You're able to look up other domains using 8.8.8.8 with the same command, though (e.g., nslookup google.com 8.8.8.8)?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:commeng
ID: 41776773
Yes that works just fine either way

nslookup google.com
nslookup 8.8.8.8
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41776794
I believe you're right that it's got to be the firewall. It seems to be restricting traffic that has anything to do with the nfl.com domain, even DNS queries. That seems strange to me, but maybe that's how Sonicwall's content filtering works. I'll admit that I don't know much about that firewall, but I did find a support article illustrating how to restrict access to a particular domain (youtube.com in the article itself) using content filtering:

https://support.software.dell.com/kb/sw9909

I'm not entirely sure that will be helpful, because CFS appears to only block Web traffic and not DNS, but it's worth a look anyway. You may also want to look at the firewall logs to see what, if anything, gets logged when you try to resolve nfl.com.
0
 

Author Comment

by:commeng
ID: 41776816
Yeah I tried adding nfl.com to the trusted domains and that did not resolve the issue.  I'm wondering if I turn off all the security services for a brief moment, if that would answer what is causing the issue.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41776828
Yeah, that's worth a shot. You can wait until after-hours to do this if you're concerned about any effects it may have during the day.
0
 

Assisted Solution

by:commeng
commeng earned 0 total points
ID: 41776834
Application Control can block DNS, but I don't see that it is blocking DNS, so I don't know.  I might not be looking in the right place.
0
 

Author Comment

by:commeng
ID: 41776867
SOB!!!!!!!!!!!!!!!!!  NFL is listed under Gaming!!!!!!!!!!!!!!
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41776885
Nice.

Were employees spending too much time playing fantasy football? :)
0
 

Author Comment

by:commeng
ID: 41776898
We actually provide a service contract to the Redskins, so we need access NFL in order to complete our work.  I'm really upset right now.  I appreciate your help Dr. Dave, I was looking for a web site block, not a DNS block.  Thank you!
0
 

Author Closing Comment

by:commeng
ID: 41776906
Dr. Dave, you pointed me in the right direction and I really appreciate it, thank you so much!
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41776910
Ah! Yeah, seems pretty important for you to be able to access that!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question