Solved

DNS not resolving for specific website

Posted on 2016-09-27
12
98 Views
Last Modified: 2016-09-29
One of our employees is trying to access a specific website.  That website won't load on any computer inside our network, but I can tell from outside the network there's nothing wrong with the website.  If I change the DNS on the client PC to point to a public DNS such as 8.8.8.8 instead of my internal DNS server, the website loads fine.  I'm sure this means there is a problem with my internal DNS server, but what is it, and how do I find/fix it?

The website in question had previously been working fine, and I'm unaware of any changes made.
0
Comment
Question by:fallriverelectric
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41818340
Is it possible you have a DNS forward lookup zone in your DNS servers for the address you are attempting to access?  Is it happening for everyone or just one user?

If you run the following from a command prompt or PowerShell console, is the result an internal (private) IP address or a public IP address?

nslookup ENTER_SITE_ADDRESS_HERE

Open in new window


If it resolves an external IP address, try running "ipconfig /flushdns" to clear the local DNS cache from the machine.

If it resolved an internal IP address, you will need to work with your IT staff to remediate.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 41818341
what happens if you ping the website from your internal network? did ping resolve some IP address?
0
 

Author Comment

by:fallriverelectric
ID: 41818358
It happens for every user.

The nslookup resolves to an internal IP address.  DNS flush did not help.  

Pinging it does resolve to an external IP address.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 41820830
OK, you need to track this down then in stages.  Using nslookup as already suggested will stop other issues like HOSTS table entries getting in the way.

nslookup
server x.x.x.x   where x.x.x.x is your normally issued DNS server for clients.
www.domain.com.

So that returns the wrong address (make sure last .)?

server y.y.y.y where y.y.y.y is your forwarder used by your DNS server - is this direct to internet or another corporate server for instance.

So that returns the wrong address (make sure last .)?

If your internal server returns the wrong address and the forwarder doesn't then need to just focus on there.  It would suggest that there must be a conditional forwarder on there or perhaps a zone of that specific domain.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41820857
I'm not sure I entirely understand what you want me to check.  Here are the results I'm seeing:


nslookup energystar.gov
Server: myDNSserver.domain.local
Address: 1.2.3.4

DNS request timed out.
         timeout was 2 seconds.
DNS request timed out.
         timeout was 2 seconds.
*** Request to myDNSserver.domain.local timed-out

In contrast if I run the nslookup on google.com I see:


nslookup google.com
Server: myDNSserver.domain.local
Address: 1.2.3.4

Name: google.com
Addresses: 2607:f8b0:400a:808::200e
                     172.217.3.174  

I see nothing under the Conditional Forwarders container on the DNS server, nor a zone for energystar.gov.  I also don't have anything in the forwarders tab.
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 41820924
What I meant was type nslookup and press return.  Then you can type in

server x.x.x.x    to make it try server x.x.x.x for DNS and then type in
energystar.gov.  (with final dot) to make it look it up.

But sounds like you aren't using forwarders anyway.  In which case I would suggest on your server:

Add forwarder to your ISP DNS or google say - 8.8.8.8 and 8.8.4.4
right click on server name, Clear cache
ipconfig /flushdns on client
try nslookup to server again

You get "myDNSserver.domain.local timed out" which is odd.  Is one or more of your DNS servers specified by that name not responding - maybe it has multiple IP's?

Hence trying in nslookup

nslookup
server x.x.x.x (one of your dns servers)
energystar.gov.
server x.x.x.x (another dns server)
etc.

Steve
0
 

Author Comment

by:fallriverelectric
ID: 41821893
Ok, thanks for the clarification.  When I do it that way I get the same results.  I know that server is responding because if I do nslookup on any other address it shows it using that same internal DNS server and the lookup succeeds.  If I change the server to a different internal DNS, it still times out.  

I added forwarders for my ISP and the website works perfectly now, along with nslookup.  I know we used to have forwarders listed, and I'm trying to find out the reason why they were no longer there.  What reason would there be for someone to remove those forwarders?  Will adding them cause me any problems moving forward?
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41821921
Do you need forwarders if the Root Hints are available and working?

If the Root Hints are not working, then I would troubleshoot that rather than the forwarders not being present.
0
 

Author Comment

by:fallriverelectric
ID: 41821970
I guess I don't know how to answer that.  Root hints seemed to be working for everything except this specific website.  How would I go about troubleshooting that?  Are root hints generally preferable to forwarders?
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41822005
Traditionally, if forwarders are not configured (or working) the root hints are used.  If the root hints are not working then forwarders are recommended.

Typically, there is a large list of name servers in the root hints list, but if the list is small there could be an issue with those that are listed.  You can always add the name servers back in the root hints list.

Take a look at these references for troubleshooting root hints...

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 41822039
As has been said above there must be some entry in root hints returning odd value.  Maybe you have somehow added an internal or incorrect server in the root hints list.

No real issue with using a forwarder anyway, either ISP, OpenDNS, Google etc.

Only reason not to maybe would be down to an unreliable ISP DNS kit at some point or the fact you might have to wait for their caches to clear too if a change is needed.

Vast majority of systems I would us a forwarder on, also simplifies your firewall config to tie down from server to internet only needs those couple of IP's for DNS rather than any/any rules.

Steve
1

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question