DNS not resolving some websites

  • Thread starter Thread starter 2Sweet
  • Start date Start date
2

2Sweet

My company hosting our own DNS server which resolving all internet websites
for internal users. Lately some users feedback to me that they cannot access
some of the websites. I performed a nslookup on those "problem" websites and
it fails. I tried to access at home and it works fine.
What could be problem on the DNS server?
 
It's quite possible that these external websites use a "round robin DNS",
where the query is sent to one server but a different one provides the
reply. This is used for load-sharing on busy sites.

The problem is when your DNS server is behind a stateful firewall, as it
should be. Your server will request DNS info from server "A" but server "B"
will reply. Your firewall is expecting the reply to come from "A", so it
drops the reply from "B".

The fix is to get some DNS servers on the Internet, usually from your ISP,
and configure them as Forwarders on your internal DNS servers. When your
server cannot resolve a name, it will "forward" the request to the ISP and
get the response that way.

Ray
 
Back
Top