• 0

DNS Resolution Issue for External Website


Go to solution Solved by sc302,

Question

D!ABOL!C

I have a weird issue and I am kinda stumped. I'll give you the full run down on the setup and what I have done.

 

We have a customer who hosted a website internally. The server is about to go end of support so they decided to go to a hosted solution instead of replace it. The new website is up and running and outside of their network when you browse to it, it comes up. Internally, the old site still comes up. We have left the old server running if you were curious.

 

So here is what I have done. I went to our domain controllers and checked to see if there was a WWW record for the website. There was and it was still pointing to the internal IP. I have verified the external IP and changed the WWW record to the new external IP address and checked that it has replicated to the other internal DNS server. When we ping the website by name, it does resolve to the correct IP address. When we open up a browser on a PC inside the network and try to go to the website, it still goes to the old website. When I input the IP address of the website in the browser, I get a page cannot be displayed error. I have run an ipconfig /flushdns command on the workstation and the new site still does not load

 

This is where I am stumped, I'm not sure how to troubleshoot from here. Externally, everything is fine, the new website comes up, it is only internally where they keep getting the old page. I doubt this will make a difference, but they are going to reset the cable modem and web filter they have and see if that changes anything.

 

Any input would be fantastic. Thank you!

Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0
sc302

Ok, the site is probably cached locally.  Can you try either in a new browser, a new pc, or a new profile that has never been to that site.  You can clear your cache in your browser too as it may be easier/quicker to do.  Also if you have a webfilter or proxy that is caching you may want to try to bypass that if you can or clear the cache in that. 

Link to post
Share on other sites
  • 0
D!ABOL!C

Ok, the site is probably cached locally.  Can you try either in a new browser, a new pc, or a new profile that has never been to that site.  You can clear your cache in your browser too as it may be easier/quicker to do.  Also if you have a webfilter or proxy that is caching you may want to try to bypass that if you can or clear the cache in that. 

 

Unfortunately I don't have access to a machine that hasn't gone to the site but I have cleared the cache on the PC using CCleaner on one of the servers. I had it clear everything, cookies, history etc.

 

I'll take a look at the web filter though, i'm not sure if there is a clear cache option, but I will definitely look in to that. Thanks for the options!

Link to post
Share on other sites
  • 0
+Thayios

You removed the www.* host A entry out of the DNS on the server but did you remove the wild card entry (same as parent folder); also clear the cache on the DNS Servers if you haven't done so already. 

 

What is NSLookup giving you for the authoritative answer back? 

Link to post
Share on other sites
  • 0
+BudMan

He says he is resolving the correct IP via ping

"When we ping the website by name, it does resolve to the correct IP address."

This points to the problem not being dns related, since he says he cleared the cache on the client --- UNLESS they are going through a proxy?? If so then the proxy has to be able to resolve the correct IP.

You say when you go to the http://ipaddress what happens?

"When I input the IP address of the website in the browser, I get a page cannot be displayed "

What is the IP - you say it is an outside site? Can you PM me the fqdn of the site and IP address you believe it is suppose to be. Not all sites work with IP - but normally you don't get a can not display error, you get some default site on that server. Or an error from the server.

Sounds like you have more of connectivity issue to the site than a name resolution problem.

Link to post
Share on other sites
  • 0
D!ABOL!C

It looks like they are good now, one of these three things did it.

 

The web filter had the DNS settings pointing to the internal servers, not sure why we did that, but we set it up to external DNS servers.

They also reset the Modem and rebooted the Web Filter.

 

So one of those things did it. I'm thinking it was the web filter. Thanks for the help pointing me in the direction! I marked SC302's response as correct as it was probably the web filter setting. Thank you again!

Link to post
Share on other sites
  • 0
+BudMan

When you say webfilter - you mean a proxy?

Link to post
Share on other sites
  • 0
sc302

When you say webfilter - you mean a proxy?

Doesn't have to be, it could be a pass through webfilter, like a barracuda, blue coat, or one of the many others.  the barracuda web filter 410 has the ability to cache without being a proxy.

Link to post
Share on other sites
  • 0
+BudMan

exactly why I asked ;)

Link to post
Share on other sites
  • 0
D!ABOL!C

When you say webfilter - you mean a proxy?

 

It's a Barracuda Web Filter.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Namerah S
      LinkedIn is not working right now, support team is working on fixing it
      by Namerah Saud Fatmi

      Reports are pouring in from news sources such as The Verge and individuals alike. The professional networking service LinkedIn is currently facing some problems and is facing an outage. Both the website and the mobile application seem to be affected by the breakdown.

      LinkedIn's team members have responded to the outage, taking to Twitter to address the users' concerns. The response can be seen in the Tweet below:

      According to Downdetector, 89% of LinkedIn users are having trouble with the website at the moment.

      Hopefully, the Microsoft-owned professional networking platform will be back online soon. In the meantime, users will have to sit tight and wait patiently.

    • By News Staff
      Save 94% off Sellful: All-in-One Business Software for Freelancers & Entrepreneurs
      by Steven Parker



      Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 94% off Sellful: All-in-One Business Software for Freelancers & Entrepreneurs. Website Builder, CRM, SEO, Appointments & more — this platform combines all your business needs in one platform.

      What's the deal?
      Ever feel like a client’s needs simply can’t be met on a single platform? With Sellful, it’s all here. Build anything from simple websites to complex workflows to automate your business in a few clicks. Manage everything from email & social media marketing, to payroll & invoicing. It's got a website builder, online shop, CRM, ERP, marketing, memberships, invoicing, appointments, online courses, project manager, and point of sale functions -- all depending on your chosen Sellful Plan. Sellful is the only platform in the world that is truly all in one, combining all aspects of your business in one place no matter the industry.

      Build amazing websites & landing pages in minutes Keep track of customers w/ external CRM Manage all aspects of your business in one place Have your clients book appointments for services & meetings quickly Basic Plan: Lifetime (there are multiple plans available to choose from)

      1 Website Included 300+ Free Website Templates Appointment Scheduler Advanced Forms Advanced SEO Tools Live Chat & Callback Requests Class & Event Calendar Instant Mobile App Generator External CRM Connect Good to know
      Length of access: lifetime Redemption deadline: redeem your code within 30 days of purchase Updates included For terms, specs and license info, click here.

      What's the benefit?
      Sellful: All-in-One Business Software for Freelancers & Entrepreneurs normally costs $840 but it can be yours for only $49, that's a saving of $791 (94%) off!

      Please note that there are 8 different plans to choose from with discounted offers.

      >> Get this deal, or learn more about it <<
      See all Apps + Software on offer. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:

      The Nintendo Gaming Bundle Giveaway 20% off Ivacy VPN subscription with coupon code IVACY20 NordVPN subscription at up to 70% off Private Internet Access VPN subscription at up to 71% off Unlocator VPN or SmartDNS unblock Geoblock with 7-day free trial Disable Sponsored posts · Other recent deals · Preferred partner software

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By zikalify
      Comcast becomes the first ISP to join Mozilla's TRR program
      by Paul Hill



      Mozilla has announced that Comcast has joined its Trusted Recursive Resolver program which aims to make DNS (domain name system) more trusted and secure. Cloudflare and NextDNS are already part of the TRR program and provide their DNS services to Firefox users who opt to use DNS over HTTPS (DoH).

      Commenting on the move, Firefox CTO Eric Rescorla, said:

      With its TRR program, Mozilla said that encrypting DNS data with DoH is just the first step in securing DNS. It said that the second step requires companies handling the data to have appropriate rules in place for handling it. Mozilla believes these rules include limiting data collection and retention, ensuring transparency about any retained data, and limiting the use of the resolver to block access or modify content.

      Commenting for Comcast, its Vice President of Technology Policy and Standards, Jason Livingood, said:

      DNS is an important part of the online infrastructure as it functions like a phone book; when you type in a website like Firefox.com, the DNS will translate this URL into an internet address that the computer understands, your browser can then connect you to the right place. By introducing things like DNS over HTTPS, users will benefit from more security and privacy.

    • By Usman Khan Lodhi
      Apple releases mobility data to assist COVID-19 efforts
      by Usman Khan Lodhi



      With nearly two million coronavirus cases worldwide, governments across the world have put restrictions upon the movement of people to curb the spread of the respiratory infection. Earlier this month, Google released data on how the pandemic changed movement in 131 countries. Similarly, Apple has launched a site, comprising of data that would assist authorities concerned in determining how effective the lockdowns have been (via Reuters).

      To generate the data, Apple took into account the number of requests made to Apple Maps for directions and compared it with previous data to find the changes in the volume of people commuting, walking or driving. The Cupertino firm said that the information is being updated on a daily basis, and compared to a date in mid-January.

      The information received from users' phones is being "associated with random, rotating identifiers" so individual users cannot be tracked through the service. The website details the changes for major cities and 63 countries or regions, the firm stated. The firm is not revealing the exact number of requests or people moving, but instead, the data is expressed as a percentage of numbers to the mid-January baseline.

    • By zikalify
      Firefox DNS over HTTPS rollout begins in the U.S.
      by Paul Hill



      Mozilla has begun rolling out DNS over HTTPS (DoH) by default for Firefox users in the United States. The plan is to continue pushing the new setting to Firefox installs over the coming weeks to confirm that there are no major issues. DoH by default will only affect U.S. installs but the company is exploring the possibility of rolling the setting out in other regions too.

      DNS over HTTPS has been available for quite a while in Firefox and can be enabled by anyone, to do so, head over to Preferences > General > scroll down to Network Settings > Settings… > Enable DNS over HTTPS. You'll then have to choose a provider, right now you can pick Cloudflare, NextDNS, or add a custom provider. Mozilla said that it’s looking to expand the list of trusted resolvers in the future.

      DNS works in a similar way to a phone book, for example, if you type neowin.net into your URL bar, DNS is used to find the corresponding IP address which is what’s used to find websites. Unfortunately, DNS lookups tend not to be encrypted which means that third-parties can intercept them, this is essentially how most web filtering software works at the moment.

      While DoH is great for security and privacy, those interested in restricting children’s access to adult websites may have to figure out a new way to implement bans or learn how to disable DoH.