Solved

NFL.com can't be found

Posted on 2016-08-30
13
65 Views
Last Modified: 2016-08-30
I cannot access www.nfl.com from with in my firewall.  Here is what I have done to resolve the problem (please not all other sites are working):

1.  I setup a laptop with an external IP address and DNS Server and connected directly to my router and I am able to go to NFL.com
2.  If I give myself a public DNS setting the firewall, I cannot connect or ping nfl.com.
3.  If I configure the same laptop with public DNS and go out the DMZ port of the firewall, I cannot get to NFL.com or ping the site.
4.  I added nfl.com to our allowed domains in the firewall, cannot ping cannot get to site.
5.  I tried getting to NFL.com by IP address, that did not work.
Heres where it get interesting......
6.  I rebooted the router and the firewall, for about 30 seconds I was able to ping and get to NFL.com, then it went away again.
7.  I rebooted the firewall again, to test my theory, as soon as I had an internet connection I was able to ping and get to NFL.com for about 30 seconds and then it went away again.
8.  I opened a ticket with Sonicwall, they said it was my DNS server.
9.  I got an outside consultant to take a look, they said it was my DNS server, but couldn't find any problems with it!

OH and I did all the stupid stuff, cleared DNS Cache, refreshed page, cleared ARP Cache and check the Malware and Viruses on the network.

I don't believe this is a DNS issue directly, there is something in the firewall stopping nfl.com from resolving and allowing us to the site.  It has to be in the firewall.

We have a Sonicwall NSA3500 with SonicOS Enhanced 5.8.1.15-71o firmware.
Application Control Enabled
Antivirus Enabled
Content Filtering Enabled

This is maddening, can anyone help?
0
Comment
Question by:commeng
  • 7
  • 6
13 Comments
 
LVL 25

Expert Comment

by:DrDave242
ID: 41776633
Have you used nslookup or dig to confirm whether your internal DNS server is able to resolve nfl.com and/or www.nfl.com to the correct IP address? If it can, then DNS is most likely not the problem.

Do you have experience with Wireshark or some other packet-capture tool? If DNS is working fine (and maybe even if it's not), that would be my next step.
0
 

Author Comment

by:commeng
ID: 41776758
I used NSlookup:

nslookup nfl.com (failed)
nslookup nfl.com 8.8.8.8 (failed)
nslookup nfl.com 8.8.4.4 (failed)

I have not used Wireshark a lot but a little bit.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 41776762
You're able to look up other domains using 8.8.8.8 with the same command, though (e.g., nslookup google.com 8.8.8.8)?
0
 

Author Comment

by:commeng
ID: 41776773
Yes that works just fine either way

nslookup google.com
nslookup 8.8.8.8
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41776794
I believe you're right that it's got to be the firewall. It seems to be restricting traffic that has anything to do with the nfl.com domain, even DNS queries. That seems strange to me, but maybe that's how Sonicwall's content filtering works. I'll admit that I don't know much about that firewall, but I did find a support article illustrating how to restrict access to a particular domain (youtube.com in the article itself) using content filtering:

https://support.software.dell.com/kb/sw9909

I'm not entirely sure that will be helpful, because CFS appears to only block Web traffic and not DNS, but it's worth a look anyway. You may also want to look at the firewall logs to see what, if anything, gets logged when you try to resolve nfl.com.
0
 

Author Comment

by:commeng
ID: 41776816
Yeah I tried adding nfl.com to the trusted domains and that did not resolve the issue.  I'm wondering if I turn off all the security services for a brief moment, if that would answer what is causing the issue.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 25

Expert Comment

by:DrDave242
ID: 41776828
Yeah, that's worth a shot. You can wait until after-hours to do this if you're concerned about any effects it may have during the day.
0
 

Assisted Solution

by:commeng
commeng earned 0 total points
ID: 41776834
Application Control can block DNS, but I don't see that it is blocking DNS, so I don't know.  I might not be looking in the right place.
0
 

Author Comment

by:commeng
ID: 41776867
SOB!!!!!!!!!!!!!!!!!  NFL is listed under Gaming!!!!!!!!!!!!!!
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 41776885
Nice.

Were employees spending too much time playing fantasy football? :)
0
 

Author Comment

by:commeng
ID: 41776898
We actually provide a service contract to the Redskins, so we need access NFL in order to complete our work.  I'm really upset right now.  I appreciate your help Dr. Dave, I was looking for a web site block, not a DNS block.  Thank you!
0
 

Author Closing Comment

by:commeng
ID: 41776906
Dr. Dave, you pointed me in the right direction and I really appreciate it, thank you so much!
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 41776910
Ah! Yeah, seems pretty important for you to be able to access that!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now