Re: Is it a DNS problem?

Hi Richard,

This is where the debug (set d2) can help you to figure out what's going on.
It may just be a latency problem, but it's hard to tell without being able
to troubleshoot the connection directly.

One thing I forgot to mention is that it's a good idea to terminate all
nslookup queries with a dot, or else sometimes your domain is appended.

c:\> nslookup <return>
set d2 <return>
www.y92.com. 207.230.144.18

Notice the dot after www.y92.com.

Change the DNS server that you query (the 207.230.144.18 address above) and
see if you begin to time out. Try your DNS server's IP address, and that of
your ISP. Change the timeout value and see if there is a threshold. These
are just some ideas. It would definitely be interesting to know why the
problem is isolated to Clearchannel. If it's possible for you to determine
what networks are between you and Clearchannel and what kind of latency they
have, it might provide a hint about the problem too.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:uiDL9rwaHHA.4180@xxxxxxxxxxxxxxxxxxxxxxx
Hi Greg,

I have a couple more questions. Why suddenly we need the forwarders to
resolve the sites Clearchannel is hosting, when we didn't need it for the
other sites? I thought that's what the root hints are there for. Also,
if there's no filtering on the firewall, what causes the timeout?

Any comments is appreciated. Thank you again Greg!




"Greg Lindsay [MSFT]" <greglin@xxxxxxxxxxxxx> wrote in message
news:uakv7$oaHHA.596@xxxxxxxxxxxxxxxxxxxxxxx
Hi Richard,

You're welcome. Glad it worked =)

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:%239oBcOkaHHA.1296@xxxxxxxxxxxxxxxxxxxxxxx
It's working now Greg! I populated the dns forwarders with our isp's ip
addresses and it worked. Thank you for all your help!!!




"Greg Lindsay [MSFT]" <greglin@xxxxxxxxxxxxx> wrote in message
news:eLotoWDaHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
That is an important result that you can get to their DNS servers using
telnet. Apparently there isn't a firewall blocking you as I suspected.

Try setting debug on nslookup and see what you get.

c:\> nslookup <return>
set d2 <return>
www.y92.com 207.230.144.18

This should give you some3 helpful debug information. You can also
increase the timeout with "set timeout=100" and see if this makes a
difference.

To see all the options, type a "?" at the > prompt. To disable debug,
you would type "set nod2" then "set nodebug", etc.

This might just be a timeout problem. Do you have forwarders set up?
Adding the authoritative servers as forwarders for these specific
domains might solve your problem.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:uz4tYGBaHHA.4520@xxxxxxxxxxxxxxxxxxxxxxx
Hi Greg,

I did the telnet command and can connect to all four of their dns
servers in an instant. We have a dsl line the we use for testing from
the same ISP and we can get to Clearchannel websites. So I'm assuming
that our ISP can get to their websites as well. Will probably give
them a call and ask anyway.

Back to the telnet command, since I can connect to their dns, is there
anything else I should try? Thanks for your assistance!


Richard




"Greg Lindsay [MSFT]" <greglin@xxxxxxxxxxxxx> wrote in message
news:OJk19$$ZHHA.5032@xxxxxxxxxxxxxxxxxxxxxxx
That is probably a result of the DNS timeout.

Try a telnet to port 53. If you just time out, then either there is a
firewall blocking you, or a routing problem. See below for an
example.

C:\>telnet dns1.clearchannel.com 53

-- or --

C:\>telnet 207.230.136.193 53

When I do this, it connects and then the screen clears. To
disconnect, hit return.

If it just sits trying to connect, this is usually a firewall or
access list blocking the source or destination. It could also be a
routing problem, but this is less probable. I tried to verify routing
to this DNS server, but ICMP is blocked along the path. I would at
least check routing with tracert to make sure you can get off your
LAN when you try to traceroute to clearchannel.

It may still be a blacklist, but one that is used by an ISP between
you and clearchannel. It might be a good idea to call your ISP's
support and ask if they can get to clearchannel. If they don't have a
problem, this would narrow it down quite a bit.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:OQf5PV$ZHHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Hi Greg,

I called Clearchannel and they said our ip address is not on their
blacklist. So the ball is back on our end. One thing I noticed on
our dns servers is that eventhough there are entries in the cached
lookups for their sites, they only show dns info....nothing for
host(A). Other cached lookups show both dns and host info.

Any idea? Thanks!


Richard




"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:eLVHYQ1ZHHA.4396@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Greg. Yes, we can browse and do nslookup from a different
ip. I have Clearchannel's contact info so I'll give them a call.
Thank again!





"Greg Lindsay [MSFT]" <greglin@xxxxxxxxxxxxx> wrote in message
news:ex$LzpzZHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
Hi Richard,

The most likely problem is that your IP address range is on a
blacklist that Clearchannel is using. A way to test this would be
to try to nslookup or browse to those web sites from a different
IP address.

--
Greg Lindsay [MSFT]

Disclaimer: This posting is provided "AS IS" with no warranties,
and confers no rights.

"Richard" <rdumag@xxxxxxxxxxx> wrote in message
news:uLHHCDyZHHA.4000@xxxxxxxxxxxxxxxxxxxxxxx
We have internal and external dns servers (2003). We can browse
and do nslookup on any sites except for sites that are hosted by
"clearchannel.com".

Clearchannel has the following dns and web servers and they host
many radio and tv stations on the same web servers:

dns servers:
dns1.clearchannel.com
dns2.clearchannel.com
ns1.clearchannel.com
ns2.clearchannel.com

web servers:
207.230.150.254
207.230.154.254
207.230.156.254

Here are some of their sites that we cannot get to:
www.kbig104.com
www.foxsports610.com
www.y92.com
www.talk960.com


When we do an nslookup we get the following:
DNS request timed out.
timeout was 2 seconds.

We can get to their sites using our separate dsl line that we use
for testing.

We have no filtering set in our firewall for their ip addresses.
Could this be an issue with our dns? Any help is appreciated.
Thanks!

Richard
























.