Solved

DNS not resolving for specific website

Posted on 2016-09-27
12
131 Views
Last Modified: 2016-09-29
One of our employees is trying to access a specific website.  That website won't load on any computer inside our network, but I can tell from outside the network there's nothing wrong with the website.  If I change the DNS on the client PC to point to a public DNS such as 8.8.8.8 instead of my internal DNS server, the website loads fine.  I'm sure this means there is a problem with my internal DNS server, but what is it, and how do I find/fix it?

The website in question had previously been working fine, and I'm unaware of any changes made.
0
Comment
Question by:fallriverelectric
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41818340
Is it possible you have a DNS forward lookup zone in your DNS servers for the address you are attempting to access?  Is it happening for everyone or just one user?

If you run the following from a command prompt or PowerShell console, is the result an internal (private) IP address or a public IP address?

nslookup ENTER_SITE_ADDRESS_HERE

Open in new window


If it resolves an external IP address, try running "ipconfig /flushdns" to clear the local DNS cache from the machine.

If it resolved an internal IP address, you will need to work with your IT staff to remediate.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 41818341
what happens if you ping the website from your internal network? did ping resolve some IP address?
0
 

Author Comment

by:fallriverelectric
ID: 41818358
It happens for every user.

The nslookup resolves to an internal IP address.  DNS flush did not help.  

Pinging it does resolve to an external IP address.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 41820830
OK, you need to track this down then in stages.  Using nslookup as already suggested will stop other issues like HOSTS table entries getting in the way.

nslookup
server x.x.x.x   where x.x.x.x is your normally issued DNS server for clients.
www.domain.com.

So that returns the wrong address (make sure last .)?

server y.y.y.y where y.y.y.y is your forwarder used by your DNS server - is this direct to internet or another corporate server for instance.

So that returns the wrong address (make sure last .)?

If your internal server returns the wrong address and the forwarder doesn't then need to just focus on there.  It would suggest that there must be a conditional forwarder on there or perhaps a zone of that specific domain.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41820857
I'm not sure I entirely understand what you want me to check.  Here are the results I'm seeing:


nslookup energystar.gov
Server: myDNSserver.domain.local
Address: 1.2.3.4

DNS request timed out.
         timeout was 2 seconds.
DNS request timed out.
         timeout was 2 seconds.
*** Request to myDNSserver.domain.local timed-out

In contrast if I run the nslookup on google.com I see:


nslookup google.com
Server: myDNSserver.domain.local
Address: 1.2.3.4

Name: google.com
Addresses: 2607:f8b0:400a:808::200e
                     172.217.3.174  

I see nothing under the Conditional Forwarders container on the DNS server, nor a zone for energystar.gov.  I also don't have anything in the forwarders tab.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 41820924
What I meant was type nslookup and press return.  Then you can type in

server x.x.x.x    to make it try server x.x.x.x for DNS and then type in
energystar.gov.  (with final dot) to make it look it up.

But sounds like you aren't using forwarders anyway.  In which case I would suggest on your server:

Add forwarder to your ISP DNS or google say - 8.8.8.8 and 8.8.4.4
right click on server name, Clear cache
ipconfig /flushdns on client
try nslookup to server again

You get "myDNSserver.domain.local timed out" which is odd.  Is one or more of your DNS servers specified by that name not responding - maybe it has multiple IP's?

Hence trying in nslookup

nslookup
server x.x.x.x (one of your dns servers)
energystar.gov.
server x.x.x.x (another dns server)
etc.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41821893
Ok, thanks for the clarification.  When I do it that way I get the same results.  I know that server is responding because if I do nslookup on any other address it shows it using that same internal DNS server and the lookup succeeds.  If I change the server to a different internal DNS, it still times out.  

I added forwarders for my ISP and the website works perfectly now, along with nslookup.  I know we used to have forwarders listed, and I'm trying to find out the reason why they were no longer there.  What reason would there be for someone to remove those forwarders?  Will adding them cause me any problems moving forward?
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41821921
Do you need forwarders if the Root Hints are available and working?

If the Root Hints are not working, then I would troubleshoot that rather than the forwarders not being present.
0
 

Author Comment

by:fallriverelectric
ID: 41821970
I guess I don't know how to answer that.  Root hints seemed to be working for everything except this specific website.  How would I go about troubleshooting that?  Are root hints generally preferable to forwarders?
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41822005
Traditionally, if forwarders are not configured (or working) the root hints are used.  If the root hints are not working then forwarders are recommended.

Typically, there is a large list of name servers in the root hints list, but if the list is small there could be an issue with those that are listed.  You can always add the name servers back in the root hints list.

Take a look at these references for troubleshooting root hints...

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 41822039
As has been said above there must be some entry in root hints returning odd value.  Maybe you have somehow added an internal or incorrect server in the root hints list.

No real issue with using a forwarder anyway, either ISP, OpenDNS, Google etc.

Only reason not to maybe would be down to an unreliable ISP DNS kit at some point or the fact you might have to wait for their caches to clear too if a change is needed.

Vast majority of systems I would us a forwarder on, also simplifies your firewall config to tie down from server to internet only needs those couple of IP's for DNS rather than any/any rules.

Steve
1

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question