DNS can't resolve some names

[atari37]

I have one AD integrated DNS server running on my network. It resolves internet names by using root hints however, I've recently discovered that it doesn't resolve some URL's.

For example, when I visit hmmausa.com, nothing happens but I can ping that websites IP address. I have double checked my DNS configuration but I can't seem to find anything wrong. Can someone help me figure out what's going on here and why some websites resolve and others don't?

Edited June 23, 2008 by atari37

[Tripredacus]

Where does your DNS get its updates from? Have you checked if that source has the records for those urls? You could always add those records yourself, or get a secondary DNS source.

[eyeball]

What happens if you use the monitoring tab in DNS? Does it pass recursive queries ok?

[atari37]

Where does your DNS get its updates from? Have you checked if that source has the records for those urls? You could always add those records yourself, or get a secondary DNS source.

I believe root hints supply the updates. I could add it myself but I rather know why root hints can't resolve the names since I don't want to add every single website that doesn't resolve.

[atari37]

What happens if you use the monitoring tab in DNS? Does it pass recursive queries ok?

It passes both simple and recursive query.

[eyeball]

You will probably have to use DNSDiag.exe to track this down, sounds really strange though..

If you plug a laptop onto the DMZ and give it a forwarder as its DNS can it get to it?

[adamt]

Try running nslookup against the external DNS server.

It might have cached an NXDOMAIN response for longer than it was supposed to. I'm not sure how long you can cache an NXDOMAIN response, as you can't very easily assign a TTL to something that doesn't exist.

If the external DNS server resolves it fine, but your internal one doesn't - take a look at your internal server's DNS cache. Perhaps there's something lurking in there.

For caching of negative responses, take a look at: http://www.faqs.org/rfcs/rfc2308.html

[atari37]

Try running nslookup against the external DNS server.

It might have cached an NXDOMAIN response for longer than it was supposed to. I'm not sure how long you can cache an NXDOMAIN response, as you can't very easily assign a TTL to something that doesn't exist.

If the external DNS server resolves it fine, but your internal one doesn't - take a look at your internal server's DNS cache. Perhaps there's something lurking in there.

For caching of negative responses, take a look at: http://www.faqs.org/rfcs/rfc2308.html

How do I determine which root hint is being used as my external DNS server when I contact hmmausa.com? Do I run nslookup on all of them?

I'm not using any forwarders.

I run nslookup on hmmausa.com's DNS server and it returned without any issues.

Server: DNS.server

Address: 172.xx.xxx.xx

Non-authoritative answer:

Name: ns1.hyundai-motor.com

Address: 58.87.35.12

Interesting enough, I cleared the DNS cache and typed hmmausa.com in the address bar and it created a new cache record for hmmausa.comhowever, the site did not show up in the browser. I got "server not found" message in firefox. The cached record shows...

(Same as parent folder) Name Server(NS) ns.hyundai-motor.com

(Same as parent folder) Name Server(NS) ns1.hyundai-motor.com

Also, when I run nslookup hmmausa.com it times out.

Server: dns.server

Address: 172.xx.xxx.xxx

DNS request timed out.

timeout was 2 seconds.

*** Request to dns.server timed-out

Edited June 24, 2008 by atari37

[touchstone_81]

The problem that you have is related to one client, the server itself or all clients in the domain?

you said you could ping the IP address. so if you type the ip into the browser instead of name can you get to the URL?

Plus what about host files have you checked them for static entries.?

you could also add Internet domain mapping to iP in the host file of a client and see if that works.

If your dns server supports insecure dynamic updates from clients try the name from a system thats in workgroup.