dns problem (page cannot be displayed)

[FST231]

Lately I'm unable to browse www.comcast.net. I always got
page cannot be displayed error messages. This is the only
web site that I have problem with..

I'm running Windows 2000 Server with NAT and DNS on the
same computer. I'm using cable modem and comcast is my
ISP. I have 1 public address on Win2k server.

If I dissconnect the win2k server and plug any client
straight to the cable modem, wwww.comast.net work just fine

It used to work..

Any help

 

[Kevin D. Goodknecht [MVP]]

In

Lately I'm unable to browse www.comcast.net. I always got
page cannot be displayed error messages. This is the only
web site that I have problem with..

I'm running Windows 2000 Server with NAT and DNS on the
same computer. I'm using cable modem and comcast is my
ISP. I have 1 public address on Win2k server.

If I dissconnect the win2k server and plug any client
straight to the cable modem, wwww.comast.net work just fine

It used to work..

Any help

Are there any Forward lookup zones in your DNS server?

 

[FST231]

YES..

-----Original Message-----
In

Are there any Forward lookup zones in your DNS server?




.

 

[FST231]

YES

-----Original Message-----
In

Are there any Forward lookup zones in your DNS server?




.

 

[Kevin D. Goodknecht [MVP]]

In

Are there any Forward lookup zones in your DNS server?
YES

And they are?

 

[FST231]

my domain which is xxxxonline.com and a second domain name
tonline.net

 

[Kevin D. Goodknecht [MVP]]

In

my domain which is xxxxonline.com and a second domain name
tonline.net

Hmm, it doesn't sound like there is a conflicting name in DNS have you tried
nslookup to see if the name resolves?
It could very well be an MTU issue, this happens sometimes with NAT if there
is a bad cable or NIC.
In RRAS expand the server, expand IP Routing, then select General, Right
click on your external Interface name and choose properties. Check the box
"Enable fragmentation checking"

The MTU should be 1500 - 28 bytes overhead = 1472
Try this:
W:\>ping -f -l 1472 www.comcast.net
It should return:
Pinging www.comcast.net [63.240.76.72] with 1472 bytes of data:

Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46

Ping statistics for 63.240.76.72:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 170ms, Maximum = 180ms, Average = 175ms

If it returns: Packet needs to be fragmented but DF set.
Reduce the 1472 until it you find the MTU that does not need to be
fragmented

If your MTU is less than 1472 you need to find the bottleneck, whether it is
your machine, router or ISP's gateway.

 

[Ace Fekay [MVP]]

In

In

my domain which is xxxxonline.com and a second domain name
tonline.net

Hmm, it doesn't sound like there is a conflicting name in DNS have
you tried nslookup to see if the name resolves?
It could very well be an MTU issue, this happens sometimes with NAT
if there is a bad cable or NIC.
In RRAS expand the server, expand IP Routing, then select General,
Right click on your external Interface name and choose properties.
Check the box "Enable fragmentation checking"

The MTU should be 1500 - 28 bytes overhead = 1472
Try this:
W:\>ping -f -l 1472 www.comcast.net
It should return:
Pinging www.comcast.net [63.240.76.72] with 1472 bytes of data:

Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46

Ping statistics for 63.240.76.72:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 170ms, Maximum = 180ms, Average = 175ms

If it returns: Packet needs to be fragmented but DF set.
Reduce the 1472 until it you find the MTU that does not need to be
fragmented

If your MTU is less than 1472 you need to find the bottleneck,
whether it is your machine, router or ISP's gateway.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================

It may also be as simple as forcing both interfaces on this NAT box to use
the internal DNS server (which it should be set that way anyway, even all
clients only using the internal DNS) and set a forwarder. Also make sure the
internal NIC is set to the top of the binding order (Network & Dialup
Connections, Adv/Adv Settings) and set to only listen on the internal
interface in DNS properties).

But if hosting external public records, by the looks of those two domain
names being hosted, you'll want to allow to listen on both interfaces. Maybe
Comcast has blocked it if they found you are hosting a service to the
outside world.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[fst231]

Kevin-

I replaced the cable and the NIC. The fragmentation is
checked also on the NAT. Ran the ping command and came up
with this result.

c:\ping -f -l 1472 www.comcast.net

Pinging www.comcast.net [63.240.76.72] with 1472 bytes of
data:
Reply from 63.240.76.72: bytes=1472 time=20ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=40ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52

Ping statistics for 63.240.76.72:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 40ms, Average = 30ms

Ace-
Yah, the NAT is set to listen on both interfaces and the
both interfaces are using my internal DNS.


Still don't work. Not sure about comcast blocking. I don't
think they care about what services are running on my
computer!

thanks fst231

-----Original Message-----
In Kevin D. Goodknecht [MVP] <[email protected]> posted their thoughts,
then I offered mine

In FST231 <[email protected]> posted a question
Then Kevin replied below:

my domain which is xxxxonline.com and a second domain name
tonline.net

Hmm, it doesn't sound like there is a conflicting name in DNS have
you tried nslookup to see if the name resolves?
It could very well be an MTU issue, this happens sometimes with NAT
if there is a bad cable or NIC.
In RRAS expand the server, expand IP Routing, then select General,
Right click on your external Interface name and choose properties.
Check the box "Enable fragmentation checking"

The MTU should be 1500 - 28 bytes overhead = 1472
Try this:
W:\>ping -f -l 1472 www.comcast.net
It should return:
Pinging www.comcast.net [63.240.76.72] with 1472 bytes of data:

Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=180ms TTL=46
Reply from 63.240.76.72: bytes=1472 time=170ms TTL=46

Ping statistics for 63.240.76.72:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 170ms, Maximum = 180ms, Average = 175ms

If it returns: Packet needs to be fragmented but DF set.
Reduce the 1472 until it you find the MTU that does not need to be
fragmented

If your MTU is less than 1472 you need to find the bottleneck,
whether it is your machine, router or ISP's gateway.




--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================

It may also be as simple as forcing both interfaces on this NAT box to use
the internal DNS server (which it should be set that way anyway, even all
clients only using the internal DNS) and set a forwarder. Also make sure the
internal NIC is set to the top of the binding order (Network & Dialup
Connections, Adv/Adv Settings) and set to only listen on the internal
interface in DNS properties).

But if hosting external public records, by the looks of those two domain
names being hosted, you'll want to allow to listen on both interfaces. Maybe
Comcast has blocked it if they found you are hosting a service to the
outside world.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.

 

[Ace Fekay [MVP]]

In

Kevin-

I replaced the cable and the NIC. The fragmentation is
checked also on the NAT. Ran the ping command and came up
with this result.

c:\ping -f -l 1472 www.comcast.net

Pinging www.comcast.net [63.240.76.72] with 1472 bytes of
data:
Reply from 63.240.76.72: bytes=1472 time=20ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=40ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52

Ping statistics for 63.240.76.72:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 40ms, Average = 30ms

Ace-
Yah, the NAT is set to listen on both interfaces and the
both interfaces are using my internal DNS.


Still don't work. Not sure about comcast blocking. I don't
think they care about what services are running on my
computer!

thanks fst231

Well, they do stop certain inbound ports to their subscribers' network. I
think if they sniff you running a service, they may stop allowing that port
outbound.

Rereading your original message, you can't get to comcast.net in a browser.
Can you ping www.comcast.net or comcast.net? When you do an nslookup on
comcast.net, what are the results? Also, try this:

nsloolup
set type=all
comcast.net

and post the response please.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[FST231]

I tried pinging both www.comcast.net and comcast.net got
this..

Unknown host www.comcast.net.

I also ran the nslookup command and came up with this
result
nsloolup

set type=all
comcast.net

Server: (MY COMPUTER NAME).(MY DOMAIN).com
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds
*** Request to MY COMPUTER NAME.MY DOMAIN.COM timed out

thanks fst231

-----Original Message-----
In fst231 <[email protected]> posted their thoughts, then I
offered mine

Kevin-

I replaced the cable and the NIC. The fragmentation is
checked also on the NAT. Ran the ping command and came up
with this result.

c:\ping -f -l 1472 www.comcast.net

Pinging www.comcast.net [63.240.76.72] with 1472 bytes of
data:
Reply from 63.240.76.72: bytes=1472 time=20ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=40ms TTL=52
Reply from 63.240.76.72: bytes=1472 time=30ms TTL=52

Ping statistics for 63.240.76.72:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 40ms, Average = 30ms

Ace-
Yah, the NAT is set to listen on both interfaces and the
both interfaces are using my internal DNS.


Still don't work. Not sure about comcast blocking. I don't
think they care about what services are running on my
computer!

thanks fst231

Well, they do stop certain inbound ports to their subscribers' network. I
think if they sniff you running a service, they may stop allowing that port
outbound.

Rereading your original message, you can't get to comcast.net in a browser.
Can you ping www.comcast.net or comcast.net? When you do an nslookup on
comcast.net, what are the results? Also, try this:

nsloolup
set type=all
comcast.net

and post the response please.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.

 

[Ace Fekay [MVP]]

In

I tried pinging both www.comcast.net and comcast.net got
this..

Unknown host www.comcast.net.

I also ran the nslookup command and came up with this
result
nsloolup
Server: (MY COMPUTER NAME).(MY DOMAIN).com
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds
*** Request to MY COMPUTER NAME.MY DOMAIN.COM timed out

thanks fst231

Well that pretty much says it's timing out. As for your computer name not
showing up properly, that just means you don't have a reverse zone
configured. That's all.

Assuming that all machines are only using your internal DNS and you have a
forwarder configured, try changing the forwarder to 4.2.2.2 and see if that
helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[FST231]

Ace, You're God. Changing the forwarder to 4.2.2.2 did the
magic...This DNS problem has been given me headache.
What is 4.2.2.2?

Thanks So Much

 

[Ace Fekay [MVP]]

In

Ace, You're God. Changing the forwarder to 4.2.2.2 did the
magic...This DNS problem has been given me headache.
What is 4.2.2.2?

Thanks So Much

I forget..LOL, some DNS that works!
Here's an nslookup on it:

Name: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory