Link to home
Start Free TrialLog in
Avatar of ajurkevich
ajurkevich

asked on

Active Directory DNS causes issue with external third-party website?

Definitely need some help with this one--

There is a third-party website that we are required to use to conduct abuse investigations.  The site works fine except for one process which is required to complete the investigation (it involves the failure of trying to save a site-generated form letter to an investigative note entry which is then used to close said investigation).

In researching the issue, I discovered that the issue described above exists when a given workstation on our domain is using our active directory DNS servers.  However, if I explicitly set the workstation to use an external public DNS server (like Google, OpenDNS, or even Comcast) instead of our active directory DNS servers, the site works perfectly, and there's no issue at all.

Needless to say, any other site that our staff may browse to when the active directory DNS servers are in use have no issue at all.

I'm truly stumped at this point as to how this is even possible . . . ?

Other bits:  Our AD environment is running at the Server 2012 R2 functional level, and we're not using DNS forwarder entries, so AD DNS would turn to the Root Hints server list (a.root-servers.net, b.root-servers.net, etc.) to resolve a query.

Any help is most welcome . . .
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

There's no reason your DNS server can't host another domain's names.  We "host" Facebook on our internal DNS as a cheap way to stop people from getting to Facebook from the corporate network.  Consequently, I'd look to see if you don't have a zone for the problem domain with an entry for the problem server.  

Alternately, your proxy may be configured to block access to a particular file/page type, or some combination of letters in the URL, so you could look there as well.
You really need to "see" the failure.

IE/Edge have developer tools you can turn on to trace the network requests. Firefox has extensions such as Firebug that do the same. You could even Wireshark it, but Wireshark usually isn't good for derailed browser troubleshooting and browser tools do better (less noise, https aware, etc.)

Fire up your network trace. Capture one set from a working configuration. Do another from a failing one. Find the failure. Then you have a legitimate starting place, what DNS query failed, why, etc.
ASKER CERTIFIED SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial