Re: some external domains not resolving

Tech-Archive recommends: Speed Up your PC by fixing your registry

Thanks - I'm upgrading the firewall this week so hopefully that will clear
up the issue.

"Greg Lindsay [MSFT]" <greglin@xxxxxxxxxxxxx> wrote in message
news:%23EyjOgVHHHA.3616@xxxxxxxxxxxxxxxxxxxxxxx
The error message below just means that you haven't set up reverse DNS
(i.e. PTR records) for your web server yet. It does appear that you are
resolving the correct IP address.

I did notice a small problem with that web site address. Reverse DNS for
66.18.102.194 resolves to neo.digitalminds.net which has no corresponding
A record. This may not be significant, but if your firewall has a
security feature that requires a valid reverse DNS record in order to
connect, this could be causing the problem.

I noticed that www.digitalminds.net has the same IP address as
www.tnchamber.org which means they are both sites on the same web server.
That gives you an opportunity for another test. See if you can access
www.digitalminds.net ! If you can't, then you know the problem is not the
tnchamber.org domain, but the web server itself.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

"DavidH" <david_haskell@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ub4pEgUHHHA.4904@xxxxxxxxxxxxxxxxxxxxxxx

"Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx> wrote in message
news:us8B$EoGHHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
In news:OBinIkjGHHA.4688@xxxxxxxxxxxxxxxxxxxx,
Greg Lindsay [MSFT] <greglin@xxxxxxxxxxxxx> stated, which I commented on
below:
If tracert resolves it, then it isn't a DNS problem, but I would
double check that you are getting the correct IP address
(66.18.102.194). Here is something else to try:

Open a command prompt and type "telnet www.tnchamber.org 80" without
the quotes, and hit enter. This will tell you if the problem is
related to your web browser or something on the network. If telnet
connects, the command window will go blank. Type anything in the
window and hit enter again to disconnect. You'll see some HTML output
from the web server and be back at a command prompt. If you get
"Connect failed" then something is blocking this site, or you aren't
resolving it to the correct IP address locallly. If you are able to
connect with telnet, it's likely a browser configuration problem,
perhaps related to the proxy (if you use one).

Greg, there's also a possibility that it may be an EDNS0 issue. However
when I queried tnchamber.org using nslookup, the response does not
appear to be larger than 512 bytes (using UDP). However, if it is EDNS0
(which supports UDP to allow up to1280 bytes), then I would think the
query supporting EDNS0, may not be understood by the firewall and may
block the answer coming back in.

DavidH, the only way to test that is to see if nslookup will resolve it
at the first shot., If not, force it to use TCP (typing in the command
"set vc" without the qutoes). If that works then it's and EDNS0 issue.

DavidH, not to confuse you, but try Greg's suggested tests first. If the
problem is resolution (resolving the name to IP in telnet), it may be a
firewall issue. What type of firewall do you have? What type of
internet connection/provider do you have?

Not to confuse the matters more, but if using an ADSL line with PPPoE,
it could also be an MTU issue on the router.


--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer


I ran nslookup and received:

Can't find server name for address 192.168.0.105 "our dns server":
Non-existent domain
Server: UnKnown
address: 192.168.0.105

Non-authoritative answer:
Name: www.tnchamber.org
address: 66.18.102.194

I believe I have our DNS server configured correctly - forwarders are
pointed at our ISP DNS servers, but for DNS requests our DNS server is
listed.





.

Relevant Pages

  • Re: Moving webserver inside firewall
    ... current OS/Product Service Packs, security patches, security tools, virus ... | I think inside the firewall is the best place for most any server. ... | The only way to be 100% sure the web server is not compromised is to ...
    (microsoft.public.inetserver.iis.security)
  • Re: dns on firewall
    ... A firewall should be as safe from harm as possible. ... > use solely as a DNS server in a DMZ. ... > connection working as well, ...
    (comp.os.linux.security)
  • Re: when connected to a domain. takes forever to login
    ... >> configure the internal DNS server to handle that too. ... Will using it as DNS server make it vulnerable to hackers since ... Your router or firewall will be dropping ...
    (microsoft.public.windowsxp.network_web)
  • Re: messenger service pop ups
    ... Well, you're right, but I would argue that it's not the firewall but the ... be to host a web server on the home computer or a peer to peer file sharing ... Running a web server or file sharing software is a big security risk waiting ... but the downside to software firewalls is mysterious ...
    (microsoft.public.security)
  • Re: DMZ - Network topology
    ... > I was then planning on making rules in the firewall limiting how the web ... > server could talk to the database server on the LAN. ... > The imperative security issue is the LAN, the web server can be trashed ... I personally think it is a big mistake to put any computer on the internet ...
    (microsoft.public.inetserver.iis.security)