Solved

DNS not resolving for specific website

Posted on 2016-09-27
12
64 Views
Last Modified: 2016-09-29
One of our employees is trying to access a specific website.  That website won't load on any computer inside our network, but I can tell from outside the network there's nothing wrong with the website.  If I change the DNS on the client PC to point to a public DNS such as 8.8.8.8 instead of my internal DNS server, the website loads fine.  I'm sure this means there is a problem with my internal DNS server, but what is it, and how do I find/fix it?

The website in question had previously been working fine, and I'm unaware of any changes made.
0
Comment
Question by:fallriverelectric
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
Is it possible you have a DNS forward lookup zone in your DNS servers for the address you are attempting to access?  Is it happening for everyone or just one user?

If you run the following from a command prompt or PowerShell console, is the result an internal (private) IP address or a public IP address?

nslookup ENTER_SITE_ADDRESS_HERE

Open in new window


If it resolves an external IP address, try running "ipconfig /flushdns" to clear the local DNS cache from the machine.

If it resolved an internal IP address, you will need to work with your IT staff to remediate.
0
 
LVL 19

Expert Comment

by:helpfinder
Comment Utility
what happens if you ping the website from your internal network? did ping resolve some IP address?
0
 

Author Comment

by:fallriverelectric
Comment Utility
It happens for every user.

The nslookup resolves to an internal IP address.  DNS flush did not help.  

Pinging it does resolve to an external IP address.
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
OK, you need to track this down then in stages.  Using nslookup as already suggested will stop other issues like HOSTS table entries getting in the way.

nslookup
server x.x.x.x   where x.x.x.x is your normally issued DNS server for clients.
www.domain.com.

So that returns the wrong address (make sure last .)?

server y.y.y.y where y.y.y.y is your forwarder used by your DNS server - is this direct to internet or another corporate server for instance.

So that returns the wrong address (make sure last .)?

If your internal server returns the wrong address and the forwarder doesn't then need to just focus on there.  It would suggest that there must be a conditional forwarder on there or perhaps a zone of that specific domain.

Steve
0
 

Author Comment

by:fallriverelectric
Comment Utility
I'm not sure I entirely understand what you want me to check.  Here are the results I'm seeing:


nslookup energystar.gov
Server: myDNSserver.domain.local
Address: 1.2.3.4

DNS request timed out.
         timeout was 2 seconds.
DNS request timed out.
         timeout was 2 seconds.
*** Request to myDNSserver.domain.local timed-out

In contrast if I run the nslookup on google.com I see:


nslookup google.com
Server: myDNSserver.domain.local
Address: 1.2.3.4

Name: google.com
Addresses: 2607:f8b0:400a:808::200e
                     172.217.3.174  

I see nothing under the Conditional Forwarders container on the DNS server, nor a zone for energystar.gov.  I also don't have anything in the forwarders tab.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
Comment Utility
What I meant was type nslookup and press return.  Then you can type in

server x.x.x.x    to make it try server x.x.x.x for DNS and then type in
energystar.gov.  (with final dot) to make it look it up.

But sounds like you aren't using forwarders anyway.  In which case I would suggest on your server:

Add forwarder to your ISP DNS or google say - 8.8.8.8 and 8.8.4.4
right click on server name, Clear cache
ipconfig /flushdns on client
try nslookup to server again

You get "myDNSserver.domain.local timed out" which is odd.  Is one or more of your DNS servers specified by that name not responding - maybe it has multiple IP's?

Hence trying in nslookup

nslookup
server x.x.x.x (one of your dns servers)
energystar.gov.
server x.x.x.x (another dns server)
etc.

Steve
0
 

Author Comment

by:fallriverelectric
Comment Utility
Ok, thanks for the clarification.  When I do it that way I get the same results.  I know that server is responding because if I do nslookup on any other address it shows it using that same internal DNS server and the lookup succeeds.  If I change the server to a different internal DNS, it still times out.  

I added forwarders for my ISP and the website works perfectly now, along with nslookup.  I know we used to have forwarders listed, and I'm trying to find out the reason why they were no longer there.  What reason would there be for someone to remove those forwarders?  Will adding them cause me any problems moving forward?
0
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
Do you need forwarders if the Root Hints are available and working?

If the Root Hints are not working, then I would troubleshoot that rather than the forwarders not being present.
0
 

Author Comment

by:fallriverelectric
Comment Utility
I guess I don't know how to answer that.  Root hints seemed to be working for everything except this specific website.  How would I go about troubleshooting that?  Are root hints generally preferable to forwarders?
0
 
LVL 14

Expert Comment

by:Todd Nelson
Comment Utility
Traditionally, if forwarders are not configured (or working) the root hints are used.  If the root hints are not working then forwarders are recommended.

Typically, there is a large list of name servers in the root hints list, but if the list is small there could be an issue with those that are listed.  You can always add the name servers back in the root hints list.

Take a look at these references for troubleshooting root hints...

0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
As has been said above there must be some entry in root hints returning odd value.  Maybe you have somehow added an internal or incorrect server in the root hints list.

No real issue with using a forwarder anyway, either ISP, OpenDNS, Google etc.

Only reason not to maybe would be down to an unreliable ISP DNS kit at some point or the fact you might have to wait for their caches to clear too if a change is needed.

Vast majority of systems I would us a forwarder on, also simplifies your firewall config to tie down from server to internet only needs those couple of IP's for DNS rather than any/any rules.

Steve
1

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
Resolve DNS query failed errors for Exchange
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now