Announcement

Collapse
No announcement yet.

Trouble Accessing One Website. Is It DNS?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trouble Accessing One Website. Is It DNS?

    Hi all,

    Have a question about an issue that recently popped up. Running server 2003. For some reason, we can no longer access a particular website (not our website, a vendor we work with) from inside our network. So far, its just this one website that we can not get to. We used to be able to get to it, but starting last week it has become inaccessible. I can access the site fine from home, or anywhere else I have tried. We didnt make any configuration changes lately, so not sure why its happening.

    Is there something on the server side that i can check? Would it have to do with DNS settings? We do have a Cisco ASA firewall, but I'm hoping its not something in there thats causing the problem. As I said, we used to eb able to hit it fine, now we get nothing.

    Appreciate any suggestions!

    Thanks

    JG

  • #2
    Re: Trouble Accessing One Website. Is It DNS?

    What is the error returned when you try to access that site? Is it a lookup error or a timeout error? Can you ping the site? Can you access the site via it's IP address? What does an nslookup query return? Open up a command prompt, type 'set type=all', make note of what DNS server is being used by nslookup (it will be whatever DNS server your computer uses), and then type in the domain name of the website that you're trying to reach. You could also change your nslookup DNS server ( 'server [IP]' ) to one of OpenDNS's servers ( 208.67.222.222 ) and try nslookup again and see what the results are.

    Are there other services that the domain responds to like https, FTP, SSH etc that you can try? Maybe their web server is blocking your IP for some odd reason?

    You could also check your internal DNS server (if you're using one) and see if somehow a record for that site was inserted into your internal zone.
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

    Comment


    • #3
      Re: Trouble Accessing One Website. Is It DNS?

      Had a problem the same. It was just the one site and a router reboot made it available for a few days but later on it got worse. In the end I replaced the router and the problem has not returned.
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2

      Comment


      • #4
        Re: Trouble Accessing One Website. Is It DNS?

        Thanks for the response.

        Hopefully I can answer your questions. So far, when trying to access the site we just get a timeout, 'server is taking to long to respond' message. This is the same whether I use the url or the IP address. I can't ping the site, but I can't ping any websites. I'm assuming something was built into the system that does not allow us to ping a site, if that makes sense? If I try a ping, for example ping www.google.com, it will say pinging, and show the IP, but it never returns successful pings just request timeouts.

        It appears that I can get to their ftp site, at 'ftp.domain.com'. When i hit that site i get the Index of ftp://ftp.domain.com/ page. I've had to use their ftp site in the past to download files, but I used the FireFtp addon for Firefox to do so. I can also still access that.

        I'm not familiar with the nslookup feature, but i tried following what you suggested and when i run nslookup, I see my DNS server, 10.1.x.x, and enter 'set type=all'. Then I enter the domain I can't access, and it returns 'non-authoritative answer: www.domain.com internet address 69.72.x.x'. Did I do that right, or should I be seeing something else?

        As for the DNS settings on the server, I'm not exactly sure what i should be looking for in there. I've been sifting through the reverse and forward lookup zones, but I'm not sure if thats where I should be looking for an issue.

        I have asked the company if they changed anything on their end, but they said everything is the same, and seem to think the issue is with us.

        Thanks again

        Comment


        • #5
          Re: Trouble Accessing One Website. Is It DNS?

          Originally posted by biggles77 View Post
          Had a problem the same. It was just the one site and a router reboot made it available for a few days but later on it got worse. In the end I replaced the router and the problem has not returned.
          Thanks. I was thinking about rebooting the router, but I'll have to wait until the morning to do that. Hopefully thats not where the problem lies, but who knows. The reboots worth a shot.

          Comment


          • #6
            Re: Trouble Accessing One Website. Is It DNS?

            DNS looks to be fine. Your DNS server basically said "Hey, I'm not the authority for the domain you're asking about but the server that is the authority says it's this ip address", which is exactly what it should do. To verify the info being returned do a lookup for the domain in question from www.dnsstuff.com and see if it jibes with the results of your nslookup.

            Try running a trace route from your computer to the ip address of the web server in question and see if that provides any clues.

            Comment


            • #7
              Re: Trouble Accessing One Website. Is It DNS?

              Originally posted by joeqwerty View Post
              DNS looks to be fine. Your DNS server basically said "Hey, I'm not the authority for the domain you're asking about but the server that is the authority says it's this ip address", which is exactly what it should do. To verify the info being returned do a lookup for the domain in question from www.dnsstuff.com and see if it jibes with the results of your nslookup.

              Try running a trace route from your computer to the ip address of the web server in question and see if that provides any clues.
              Thanks for the response,

              DNS seems to check out fine., When I run the trace route, the test does not get past our gateway, 10.1.10.1. everything after that is a timeout. Would that point to an issue on the firewall?

              Thanks again

              Comment


              • #8
                Re: Trouble Accessing One Website. Is It DNS?

                Sure, your gateway might block ICMP.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Trouble Accessing One Website. Is It DNS?

                  Originally posted by Dumber View Post
                  Sure, your gateway might block ICMP.

                  You're probably correct, as I get the same response with any website that I try.

                  Comment


                  • #10
                    Re: Trouble Accessing One Website. Is It DNS?

                    Restart your gateway/firewall and check whether problem still persists.

                    Some times the problem might be with your ISP. Check with your ISP and make sure the website is resolving fine from their router properly.
                    Mohan Mathew[VU3MMU]
                    MCITP [AD]

                    Comment


                    • #11
                      Re: Trouble Accessing One Website. Is It DNS?

                      Originally posted by mohanmathew View Post
                      Restart your gateway/firewall and check whether problem still persists.

                      Some times the problem might be with your ISP. Check with your ISP and make sure the website is resolving fine from their router properly.
                      I've tried the router and firewall reboot this morning, but still no luck. I will put in a call to the ISP later today to see if there may be an issue on their end.

                      I appreciate all the suggestions thus far.

                      Thanks

                      Comment


                      • #12
                        Re: Trouble Accessing One Website. Is It DNS?

                        Originally posted by jgarzoli View Post
                        You're probably correct, as I get the same response with any website that I try.
                        Is this a rule that you want to keep? I'm not sure if blocking all outbound ICMP (or is it all inbound ICMP replies that are being blocked?) is necessary. Removing that rule would allow for you to do basic diagnostic tests in this scenario and many others. Ping and it's bigger brother pathping are useful tools for solving errors like this. Just sayin'.
                        Wesley David
                        LinkedIn | Careers 2.0
                        -------------------------------
                        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                        Vendor Neutral Certifications: CWNA
                        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                        Comment


                        • #13
                          Re: Trouble Accessing One Website. Is It DNS?

                          And also that is not fully correct.
                          Routers on the Internet might also block ICMP traffic and because of that you never know if where the precise problem lies.
                          Also the remote site might have blocked ICMP for example.

                          Ever tried pinging www.microsoft.com and then www.google.com ?
                          Microsoft doesn't allow ICMP however google does.
                          Qhat does this telling me? That www.microsoft.com is down? And still though it isn't.

                          It's important you can resolve the correct Internet host names.
                          It's important that you know for curtain that you are connected to the Internet.
                          It's important to know that your firewall isn't blocking the traffic.
                          If the cached Internet host name is correct and you are connected to the Internet then it isn't your problem anymore, ok, not quite true because it may also be filters and so on on the firewall.

                          A better solution is to try if you can reach the website outside of your firewall eg bypassing it (I don't recommend this) or trying it from home.
                          Still though, if you are trying it from home, then it might be that your private ISP don't have an issue but your corporate ISP does have an issue.

                          An other option is to start a sniffer trace on the firewall to see what is happening. This is usually the best option to do.
                          You can see if the packets are leaving your firewall and if you get a response.
                          If you don't get a response contact the remote side and/or your ISP.
                          Last edited by Dumber; 28th January 2009, 15:35.
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Trouble Accessing One Website. Is It DNS?

                            Unfortunately, if its a firewall issue I dont have the know-how to get into it. Its a Cisco ASA, and we used an outside vendor to configure and install, and I'm not well-versed on the Cisco IOS. Due to financial problems here, I'll never be able to get him back in to look at it. So I wont be able to change the ICMP settings either. Maybe I'll be able to find some instructs somewhere online that will walk me through.

                            I asked our ISP, and of course he asked me to send the results of a trace route, which I cant do because of the blocked ICMP settings. I'm stuck in a vicious circle here!

                            Comment


                            • #15
                              Re: Trouble Accessing One Website. Is It DNS?

                              I don't know how your ASA config looks like but you should do something like this:
                              http://ciscohacks.com/archives/6-All...h-the-ASA.html

                              But make sure that you put it in your own ACL
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X