Solved

DNS not resolving for specific website

Posted on 2016-09-27
12
114 Views
Last Modified: 2016-09-29
One of our employees is trying to access a specific website.  That website won't load on any computer inside our network, but I can tell from outside the network there's nothing wrong with the website.  If I change the DNS on the client PC to point to a public DNS such as 8.8.8.8 instead of my internal DNS server, the website loads fine.  I'm sure this means there is a problem with my internal DNS server, but what is it, and how do I find/fix it?

The website in question had previously been working fine, and I'm unaware of any changes made.
0
Comment
Question by:fallriverelectric
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41818340
Is it possible you have a DNS forward lookup zone in your DNS servers for the address you are attempting to access?  Is it happening for everyone or just one user?

If you run the following from a command prompt or PowerShell console, is the result an internal (private) IP address or a public IP address?

nslookup ENTER_SITE_ADDRESS_HERE

Open in new window


If it resolves an external IP address, try running "ipconfig /flushdns" to clear the local DNS cache from the machine.

If it resolved an internal IP address, you will need to work with your IT staff to remediate.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 41818341
what happens if you ping the website from your internal network? did ping resolve some IP address?
0
 

Author Comment

by:fallriverelectric
ID: 41818358
It happens for every user.

The nslookup resolves to an internal IP address.  DNS flush did not help.  

Pinging it does resolve to an external IP address.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 41820830
OK, you need to track this down then in stages.  Using nslookup as already suggested will stop other issues like HOSTS table entries getting in the way.

nslookup
server x.x.x.x   where x.x.x.x is your normally issued DNS server for clients.
www.domain.com.

So that returns the wrong address (make sure last .)?

server y.y.y.y where y.y.y.y is your forwarder used by your DNS server - is this direct to internet or another corporate server for instance.

So that returns the wrong address (make sure last .)?

If your internal server returns the wrong address and the forwarder doesn't then need to just focus on there.  It would suggest that there must be a conditional forwarder on there or perhaps a zone of that specific domain.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41820857
I'm not sure I entirely understand what you want me to check.  Here are the results I'm seeing:


nslookup energystar.gov
Server: myDNSserver.domain.local
Address: 1.2.3.4

DNS request timed out.
         timeout was 2 seconds.
DNS request timed out.
         timeout was 2 seconds.
*** Request to myDNSserver.domain.local timed-out

In contrast if I run the nslookup on google.com I see:


nslookup google.com
Server: myDNSserver.domain.local
Address: 1.2.3.4

Name: google.com
Addresses: 2607:f8b0:400a:808::200e
                     172.217.3.174  

I see nothing under the Conditional Forwarders container on the DNS server, nor a zone for energystar.gov.  I also don't have anything in the forwarders tab.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 41820924
What I meant was type nslookup and press return.  Then you can type in

server x.x.x.x    to make it try server x.x.x.x for DNS and then type in
energystar.gov.  (with final dot) to make it look it up.

But sounds like you aren't using forwarders anyway.  In which case I would suggest on your server:

Add forwarder to your ISP DNS or google say - 8.8.8.8 and 8.8.4.4
right click on server name, Clear cache
ipconfig /flushdns on client
try nslookup to server again

You get "myDNSserver.domain.local timed out" which is odd.  Is one or more of your DNS servers specified by that name not responding - maybe it has multiple IP's?

Hence trying in nslookup

nslookup
server x.x.x.x (one of your dns servers)
energystar.gov.
server x.x.x.x (another dns server)
etc.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41821893
Ok, thanks for the clarification.  When I do it that way I get the same results.  I know that server is responding because if I do nslookup on any other address it shows it using that same internal DNS server and the lookup succeeds.  If I change the server to a different internal DNS, it still times out.  

I added forwarders for my ISP and the website works perfectly now, along with nslookup.  I know we used to have forwarders listed, and I'm trying to find out the reason why they were no longer there.  What reason would there be for someone to remove those forwarders?  Will adding them cause me any problems moving forward?
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41821921
Do you need forwarders if the Root Hints are available and working?

If the Root Hints are not working, then I would troubleshoot that rather than the forwarders not being present.
0
 

Author Comment

by:fallriverelectric
ID: 41821970
I guess I don't know how to answer that.  Root hints seemed to be working for everything except this specific website.  How would I go about troubleshooting that?  Are root hints generally preferable to forwarders?
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41822005
Traditionally, if forwarders are not configured (or working) the root hints are used.  If the root hints are not working then forwarders are recommended.

Typically, there is a large list of name servers in the root hints list, but if the list is small there could be an issue with those that are listed.  You can always add the name servers back in the root hints list.

Take a look at these references for troubleshooting root hints...

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 41822039
As has been said above there must be some entry in root hints returning odd value.  Maybe you have somehow added an internal or incorrect server in the root hints list.

No real issue with using a forwarder anyway, either ISP, OpenDNS, Google etc.

Only reason not to maybe would be down to an unreliable ISP DNS kit at some point or the fact you might have to wait for their caches to clear too if a change is needed.

Vast majority of systems I would us a forwarder on, also simplifies your firewall config to tie down from server to internet only needs those couple of IP's for DNS rather than any/any rules.

Steve
1

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2008 to Server 2012 6 48
BranchCache not working 9 24
Two Hyper-V VM server issues 3 46
Deduplication setup for Veeam Backup repository best practice ? 15 71
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question