Greg Smela
asked on
People on LAN can't reach external website with same domain name.
I've fixed this problem art other locations years ago but this has me stumped. A small LAN with Windows Server 2012R2 - the only one on a domain... "thisdomain.local" as set in DNS.
Until a few days ago everyone could reach their website hosted externally. "www.thisdomain.com"
The site is reachable from their router if I plug my laptop into it.
I can ping the external website's IP address from any machine in the building. And, I can ping www.thisplace.com which tells me DNS is resolving properly.
But if I point a browser at the site it times out and says:
"There was a temporary DNS error. Try refreshing the page. Error code: INET_E_RESOURCE_NOT_FOUND"
I've disabled the Server's Windows firewall but no change. Any ideas? Thank you.
Until a few days ago everyone could reach their website hosted externally. "www.thisdomain.com"
The site is reachable from their router if I plug my laptop into it.
I can ping the external website's IP address from any machine in the building. And, I can ping www.thisplace.com which tells me DNS is resolving properly.
But if I point a browser at the site it times out and says:
"There was a temporary DNS error. Try refreshing the page. Error code: INET_E_RESOURCE_NOT_FOUND"
I've disabled the Server's Windows firewall but no change. Any ideas? Thank you.
Are you sure this website is working from other location, like from home ?
Did you try change DNS on one of computers using 8.8.8.8 for test only ?
Did you try change DNS on one of computers using 8.8.8.8 for test only ?
Check internal DNS. Sounds like something weird is going on there. CPS pretty much mentioned what commands you should be running. Try flushing the DNS cache of your workstations. Also, do you have any sort of proxy in place?
ASKER
CPS -
In all cases the result shows cdns01.comcast.net can't find www.thisdomain.com.
Comcast connection. Yet it works if I go directly through the router.
In all cases the result shows cdns01.comcast.net can't find www.thisdomain.com.
Comcast connection. Yet it works if I go directly through the router.
What is the difference between going from the router and going from the network itself? The traffic has to go through things.
Is there a firewall of some sort? A proxy?
Is there a firewall of some sort? A proxy?
ASKER
No proxy. Switches and a Windows 2012R2 server. The only firewall is the Windows firewall and I had disabled that for testing, cleared cache, DNS, etc.
I suggest updating FORWARDERs on the DNS server to OpenDNS or another third party's DNS servers of choice. We do this for all client sites as Microsoft has had a few bugs with Root Hints and we don't trust ISP DNS servers. Ever.
ASKER
I'd tried that - using Google's (which is what i've done when I've come across this in the past) but the same results. With and without Root Hints enabled.
Could you show the results of ipconfig /all when connected to the network vs being connected to the router?
In all cases the result shows cdns01.comcast.net can't find www.thisdomain.com.
Can you post a screenshot of this output? I don't understand why you're getting a response from a Comcast server if you're querying your internal server. (It might be forwarding, but the nslookup output won't show that.)
ASKER
This is using Comcast NS.
ss.jpg
ss.jpg
Those are IPv6 addresses.
Please post IPConfig /all as requested from the DC/DNS server and also post the Scope/Server options from DHCP.
EDIT: Seen this before when the ISP modem was bleeding in to the internal network.
Please post IPConfig /all as requested from the DC/DNS server and also post the Scope/Server options from DHCP.
EDIT: Seen this before when the ISP modem was bleeding in to the internal network.
It looks like you've got one of the infuriating routers that forces you to use Comcast's DNS servers via IPv6 no matter what you do. That's why it can't resolve the .local domain name, but it doesn't explain the issue you're seeing with the website, since its name resolves just fine.
ASKER
Here's ipconfig /all from a workstation. I have to go to the server to access the DHCP server - no remote access from here.
ss2.jpg
ss2.jpg
ASKER
The scope for DHCP is:
003 Router 192.168.1.1
006 DNS Servers 192.168.1.4
015 DNS Domain Name thisdomain.com
that's just the options.
003 Router 192.168.1.1
006 DNS Servers 192.168.1.4
015 DNS Domain Name thisdomain.com
that's just the options.
The ipconfig output from the workstation illustrates what I mean about the router. Your DHCP scope options show that 192.168.1.4 should be that workstation's only DNS server, and the ipconfig output shows that the workstation did indeed obtain its address from the DHCP server. But the actual list of DNS servers it's using? All Comcast, all the time.
I really hate those routers. And, by extension, Comcast.
I really hate those routers. And, by extension, Comcast.
ASKER
So could Comcast had pushed something to the router? It was fine until a day or so...
This is a very simple network. Can I just disable IP6? Rename the local domain (a pain I know)? Would that work?
This is a very simple network. Can I just disable IP6? Rename the local domain (a pain I know)? Would that work?
So could Comcast had pushed something to the router? It was fine until a day or so...Not impossible.
If you want me to throw out a few strange suggestions....
- Reboot the server (cause you know, solves about 60 percent of issue)
- Change priority such that IPv4 has higher priority than IPv6 on the server. And if need be, the workstations. (Less ugly than unbinding from NICs)
But also, I noticed where you mentioned this:
003 Router 192.168.1.1I thought the domain was thisdomain.local
006 DNS Servers 192.168.1.4
015 DNS Domain Name thisdomain.com
ASKER
You're right - the domain is thisdomain.local <--- I just typed those as i couldn't get to the side of the building where the server is. I will try changing the priority as I've already booted the server.
Yes. It is the Comcast modem that is the problem.
Make sure IPv6 is not bleeding through the router that is plugged in to the Comcast modem.
Make sure IPv6 is not bleeding through the router that is plugged in to the Comcast modem.
Just looked at the IPConfig /all from the desktop.
Those are public IPv6 addresses. Definitely seen this before. It's the modem that's pushing things through.
Make sure the modem is plugged in to the WAN port of the router and the router is set up correctly.
Those are public IPv6 addresses. Definitely seen this before. It's the modem that's pushing things through.
Make sure the modem is plugged in to the WAN port of the router and the router is set up correctly.
ASKER
Thanks. The ports are correct. Something happened to the router? What's frustrating is it was working fine - with nothing changed on this end - for years...
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
nslookup
www.thisdomain.com
www.thisdomain.local
thisdomain.local
server 1.1.1.1
www.thisdomain.com
www.thisdomain.local
thisdomain.local
If you would post the results, that will give us some good details about how DNS is working for the different names.