Announcement

Collapse
No announcement yet.

Issue -- DNS Resolution to External URL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Issue -- DNS Resolution to External URL

    Hello All, first time poster. Glad to be here.

    Here is my issue.

    I am trying to hit an external website from inside my business domain.

    I have setup my 3 Win2K3 DNS servers with Forwarders to point to Google DNS, XO DNS, and OPEN DNS IP's. I also setup my DNS info on my DHCP server to point to the same external DNS Plus our internal DNS servers.

    For some reason I can not get users to see this external URL's unless I add one of the External DNS IP's to there TCP Stack on their XP/Win7 PC's.

    I have cleared the cache on my desktop along with clearing cookies and temp I-Net files. I also cleare the DNS Cache on the DNS Server.


    Here is the results when doing nslookup:

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\nslookup
    Default Server: server.xyz.com (our internal DNS Server)
    Address: 112.118.0.12

    > sss.org (External URL trying to hit)

    Server: server.xyz.com (our internal DNS Server)
    Address: 112.118.0.12

    *** server.xyz.com can't find sss.org: Non-existent domain

    If anybody has any ideas I would love to hear them.

  • #2
    Re: Issue -- DNS Resolution to External URL

    A few things:

    1. Why do you have 3 internal DNS servers? Do you load balance the DHCP clients across all 3? 3 seems like overkill. 2 would probably suffice.

    2. Remove any external DNS servers from your DHCP scope\server options. The DHCP clients should only use the internal DNS servers for name resolution.

    3. Remove all but the Google DNS servers from the forwarder configuration on your internal DNS servers.

    This will bring everything to a simpler, more consistent state. After doing the above, flush the DNS server cache on all 3 DNS servers and reboot one of the DHCP clients and try nslookup again. Post your results back here.

    Comment


    • #3
      Re: Issue -- DNS Resolution to External URL

      I tried all you suggested and i am still getting the same errors. I am getting the same nslookup results.


      Here is the results when doing nslookup:

      Microsoft Windows [Version 6.1.7600]
      Copyright (c) 2009 Microsoft Corporation. All rights reserved.

      C:\Users\nslookup
      Default Server: server.xyz.com (our internal DNS Server)
      Address: 112.118.0.12

      > sss.org (External URL trying to hit)

      Server: server.xyz.com (our internal DNS Server)
      Address: 112.118.0.12

      *** server.xyz.com can't find sss.org: Non-existent domain

      If anybody has any ideas I would love to hear them.

      Comment


      • #4
        Re: Issue -- DNS Resolution to External URL

        Have you tried nslookup ont the dns server itself. Does that work properly?

        gerth
        gerth

        MCITP sa, ea & va, [email protected]

        Comment


        • #5
          Re: Issue -- DNS Resolution to External URL

          Tried from the dns servers and I get the same error messages with nslookup.

          Comment


          • #6
            Re: Issue -- DNS Resolution to External URL

            Do any of the DNS servers have a root zone (.)?

            Comment


            • #7
              Re: Issue -- DNS Resolution to External URL

              I dont see a root zone.

              Comment


              • #8
                Re: Issue -- DNS Resolution to External URL

                At this point I would recommend installing Microsoft Network Monitor on one of the DNS servers and starting a packet capture, then run nslookup on the server and query for sss.org and a few other external domains, then look at the capture and see what's going on. You should see the queries going from your server to the forwarders and the answers being returned from the forwarders. Try that and post your findings back here.

                Comment


                • #9
                  Re: Issue -- DNS Resolution to External URL

                  Will do, it may take a bit.

                  Comment


                  • #10
                    Re: Issue -- DNS Resolution to External URL

                    Originally posted by 100mbs View Post
                    Will do, it may take a bit.
                    No worries, I'll keep an eye out for your next post.

                    Comment


                    • #11
                      Re: Issue -- DNS Resolution to External URL

                      I am still looking into the MS Network Tool. But in the meantime i ran some tests from my firewall to see if it can see the url i am trying to hit.

                      I can ping and traceroute to the url. When I try and do a Reverse Name Resolution it looks like it fails.


                      Resolver Response

                      DNS Server 172.16.0.1 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.
                      DNS Server 172.16.0.2 resolved to sss.org
                      DNS Server 172.16.0.3 resolved to sss.org
                      NetBios host 65.17.194.20 failed

                      Comment


                      • #12
                        Re: Issue -- DNS Resolution to External URL

                        I'm a little confused by the results as I'm not sure exactly what they're telling us but nonetheless I don't really think it's important. PTR records for public FQDN's aren't a requirement, aren't typically used, and the owner of the netblock is often not the same company that hosts the DNS namespace or web site so PTR records often can't and won't be created anyway.

                        For instance, I host half a dozen web sites on the same ip address. The owner of the netblock that holds that ip address hosts the PTR zone for that netblock and uses their own PTR record for that ip address, such as:

                        host.ipaddress.domain.com

                        Your problem is with forward lookups, not reverse lookups anyway.

                        Comment


                        • #13
                          Re: Issue -- DNS Resolution to External URL

                          Hey Joeqwerty,

                          What sort of info do you want to see from the MS Network Tool. It dumps a lot of info.

                          I ran a Web Developer Tool called "Fiddler2" When trying to hit the sss.org url and i get the following error.

                          "Fiddler: DNS Lookup for www.ssfhs.org failed. No such host is known".

                          Comment


                          • #14
                            Re: Issue -- DNS Resolution to External URL

                            You want to look at just the DNS packets. In the Display Filter window type DNS and hit the apply button, this will filter the capture to only display the DNS packets in the capture. Then you want to look for the queries from the server for www.ssfhs.org and see that they are being sent to the forwarders and that the forwarders are returning the answers. If you don't see the packets being sent to the forwarders then the problem is isolated to the DNS server itself. If you see the packets being sent to the forwarders but you don't see the answers coming back from the forwarders then the problem is probably a firewall or router issue. You can upload the capture here as a zip file (I think) and I can look at it as well.

                            My suggestion would be to flush the DNS server and client cache, start a new capture, and try to ping or nslookup the domain in question, then stop the capture and upload it here as a zip file.

                            Comment


                            • #15
                              Re: Issue -- DNS Resolution to External URL

                              Joeqwerty,

                              I am sending you an email with the capture.

                              Comment

                              Working...
                              X