tricky dns issue

  • Thread starter Thread starter J
  • Start date Start date
J

J

Browsing most all web pages works fine. If I go to www.google.com, it works
fine. mail.google.com works fine. But, if I try groups.google.com, after a
period of time I get the "DNS error" web page. If I do a nslookup on
groups.google.com I get an ip address. If I use that ip address in my
browser, it will work. (Other machines on our network do not experience
this same problem.)

Since nslookup works, why can't the browser resolve these problem web pages?
Any why does 99% of all web pages work fine?

Any help is greatly appreciated,
-j
 
J said:
Browsing most all web pages works fine. If I go to www.google.com,
it works fine. mail.google.com works fine. But, if I try
groups.google.com, after a period of time I get the "DNS error" web
page. If I do a nslookup on groups.google.com I get an ip address.
If I use that ip address in my browser, it will work. (Other
machines on our network do not experience this same problem.)

Since nslookup works, why can't the browser resolve these problem web
pages? Any why does 99% of all web pages work fine?
Click to expand...

Did you check your hosts file?
groups.google.com resolves to four IP addresses, which one is "that ip
address in my browser, it will work" ?
Because I can't connect using an IP address.

The "DNS error" web page is a generic error and is displayed whenever the
web site cannot be connected to at the IP address. This is the same error
you recieve if you have an MTU problem try this ping -f groups.google.com -l
1500 if you get "Packet needs to be fragmented but DF set" reduce the packet
size until the ping is returned or it timesout, If it time out first,
continue reducing the packet size until the ping returns. Once the ping
returns that is your MTU (+28 bytes) you need to set you adapter to that MTU
in the registry.

MTU problems are common if you have a PPPoE connection to the internet (Most
DSL connections use PPPoE) I had a client a few days ago the had the same
problem with a lot of sites, It turned out the PPPoE connection was 878
bytes, which was causing problems with NAT.

I increased the PPPoE to 1480 bytes (Max for PPPoE) and reduced the MTU on
the client's NICs to 1480 bytes, problem solved!
 
There is nothing in the hosts file.
In order to use the ip address to get to google groups, you need to also
pass the parameters. This will work:
http://216.239.57.104/grphp?hl=en&tab=wg
Thanks for the tip on the ping. Although our corporate firewall doesn't
allow pinging, that's some good info I might use in the future.
 
J said:
There is nothing in the hosts file.
In order to use the ip address to get to google groups, you need to
also pass the parameters. This will work:
http://216.239.57.104/grphp?hl=en&tab=wg
Thanks for the tip on the ping. Although our corporate firewall
doesn't allow pinging, that's some good info I might use in the
future.
Click to expand...

Go to groups.google.com in your browser, if the site doesn't open, run
ipconfig /displaydns in a command prompt look to see if groups.google.com
cname is cached and the A records it points to.
groups.google.com. 254 IN CNAME groups.l.google.com.
groups.l.google.com. 113 IN A 64.233.167.104
groups.l.google.com. 113 IN A 64.233.167.147
groups.l.google.com. 113 IN A 64.233.167.99
 
In
J said:
There is nothing in the hosts file.
In order to use the ip address to get to google groups, you need to
also pass the parameters. This will work:
http://216.239.57.104/grphp?hl=en&tab=wg
Thanks for the tip on the ping. Although our corporate firewall
doesn't allow pinging, that's some good info I might use in the
future.
Click to expand...

What DNS is this? If Win2003, maybe it;s an EDNS0 issue and your firewall
cannot handle it. This allows wuery responses greater than 512 bytes to
remain as UDP, which is a new industry standard implemented a couple of
years ago that Win2003 uses.

828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/?id=828263

Otherwise, if WIn2000, the firewall may not be allowing TCP 53 because the
response is greater than 512 and will revert to TCP instead of UDP.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
Back
Top