Unable to resolve

William Stacey · Dec 10, 2003

Could be their site or dns. I get their A records ok. Try again. If same
thing, look at your forward zones for dell.com zone. Also try using "dig"
or nslookup and post the results of the output for us. I would NetMon the
DNS server while trying this nslookup to see what request it is sending and
what it is receiving.

--
William Stacey, MVP

Todd Yelland said:
I have an active directory integrated dns server. The problem I am having

is that I can not go to www.dell.com. Nslookup times out trying to resolve
this address. I have not run into any other web sites that I am unable to
resolve. How come just this one site??? Any ideas?

Guest · Dec 10, 2003

I have an active directory integrated dns server. The problem I am having is that I can not go to www.dell.com. Nslookup times out trying to resolve this address. I have not run into any other web sites that I am unable to resolve. How come just this one site??? Any ideas?

Ace Fekay [MVP] · Dec 13, 2003

In

William Stacey said:
Could be their site or dns. I get their A records ok. Try again.
If same thing, look at your forward zones for dell.com zone. Also
try using "dig" or nslookup and post the results of the output for
us. I would NetMon the DNS server while trying this nslookup to see
what request it is sending and what it is receiving.

is that I can not go to www.dell.com. Nslookup times out trying to
resolve this address. I have not run into any other web sites that I
am unable to resolve. How come just this one site??? Any ideas?

Hi William,

If the OS is W2k3, it maybe an EDNS0 issue (allowing UDP greater than 512
bytes). This article explains it for the poster and how to disable it...

EDNS0:
http://www.microsoft.com/technet/tr...roddocs/entserver/sag_DNS_imp_EDNSsupport.asp

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Guest · Dec 16, 2003

I turned on dns logging and tried to open www.dell.com in internet explorer. I found three RCODE 2 (SERVFAIL) errors. This is on a Windows 2000 Server SP4. What does this mean? How do I correct it? Does this suggest that I should increase the maximum udp packet size? If so to what? Thanks for your help

Tod

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0
UDP response info at 010C900
Socket = 40
Remote addr 192.168.10.1, port 191
Time Query=524512, Queued=524524, Expire=52452
Buf length = 0x0200 (512
Msg length = 0x001e (30
Message
XID 0x283
Flags 0x818
QR 1 (response
OPCODE 0 (QUERY
AA
TC
RD
RA
Z
RCODE 2 (SERVFAIL
QCOUNT 0x
ACOUNT 0x
NSCOUNT 0x
ARCOUNT 0x
Offset = 0x000c, RR count =
Name "(3)www(4)dell(3)com(0)
QTYPE A (1
QCLASS
ANSWER SECTION
AUTHORITY SECTION
ADDITIONAL SECTION

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0
UDP response info at 010C475
Socket = 40
Remote addr 192.168.10.1, port 191
Time Query=524517, Queued=524529, Expire=52453
Buf length = 0x0200 (512
Msg length = 0x001e (30
Message
XID 0x283
Flags 0x818
QR 1 (response
OPCODE 0 (QUERY
AA
TC
RD
RA
Z
RCODE 2 (SERVFAIL
QCOUNT 0x
ACOUNT 0x
NSCOUNT 0x
ARCOUNT 0x
Offset = 0x000c, RR count =
Name "(3)www(4)dell(3)com(0)
QTYPE A (1
QCLASS
ANSWER SECTION
AUTHORITY SECTION
ADDITIONAL SECTION

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0
UDP response info at 010C145
Socket = 40
Remote addr 192.168.10.1, port 191
Time Query=524521, Queued=524533, Expire=52453
Buf length = 0x0200 (512
Msg length = 0x001e (30
Message
XID 0x283
Flags 0x818
QR 1 (response
OPCODE 0 (QUERY
AA
TC
RD
RA
Z
RCODE 2 (SERVFAIL
QCOUNT 0x
ACOUNT 0x
NSCOUNT 0x
ARCOUNT 0x
Offset = 0x000c, RR count =
Name "(3)www(4)dell(3)com(0)
QTYPE A (1
QCLASS
ANSWER SECTION
AUTHORITY SECTION
ADDITIONAL SECTION:

Ace Fekay [MVP] · Dec 17, 2003

What forwarder are you using? Use 4.2.2.2 and try it again.

The RCODE error could be due to the fact that Dell's www record is a CNAME.
I've seen that before. But try the change in the forwarder and see what
happens.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Todd Yelland said:
I turned on dns logging and tried to open www.dell.com in internet

explorer. I found three RCODE 2 (SERVFAIL) errors. This is on a
Windows 2000 Server SP4. What does this mean? How do I correct it? Does
this suggest that I should increase the maximum udp packet size? If so to
what? Thanks for your help!

Todd

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0)
UDP response info at 010C900C
Socket = 408
Remote addr 192.168.10.1, port 1919
Time Query=524512, Queued=524524, Expire=524527
Buf length = 0x0200 (512)
Msg length = 0x001e (30)
Message:
XID 0x283a
Flags 0x8182
QR 1 (response)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(3)www(4)dell(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0)
UDP response info at 010C475C
Socket = 408
Remote addr 192.168.10.1, port 1919
Time Query=524517, Queued=524529, Expire=524532
Buf length = 0x0200 (512)
Msg length = 0x001e (30)
Message:
XID 0x283a
Flags 0x8182
QR 1 (response)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(3)www(4)dell(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:

Snd 192.168.10.1 283a R Q [8281 DR SERVFAIL] (3)www(4)dell(3)com(0)
UDP response info at 010C145C
Socket = 408
Remote addr 192.168.10.1, port 1919
Time Query=524521, Queued=524533, Expire=524536
Buf length = 0x0200 (512)
Msg length = 0x001e (30)
Message:
XID 0x283a
Flags 0x8182
QR 1 (response)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
RCODE 2 (SERVFAIL)
QCOUNT 0x1
ACOUNT 0x0
NSCOUNT 0x0
ARCOUNT 0x0
Offset = 0x000c, RR count = 0
Name "(3)www(4)dell(3)com(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
AUTHORITY SECTION:
ADDITIONAL SECTION:

Guest · Dec 17, 2003

I was not using a forwarder. I changed it to 4.2.2.2 and restarted the dns service. It still will not open dell's web page. Any more ideas???

Guest · Dec 17, 2003

I was not using any forwarders. I changed the forwarder to 4.2.2.2 and restarted dns. I still am unable to open dell's web site. Any more ideas???

Ace Fekay [MVP] · Dec 18, 2003

In

Todd Yelland said:
I was not using any forwarders. I changed the forwarder to 4.2.2.2
and restarted dns. I still am unable to open dell's web site. Any
more ideas???

Hmm, not sure at this point. I think it may have something to do with the
CNAME. Try to disable recursion (under the forwarder tab) and see if that
helps.

Workaround: If you create a dell.com zone in your DNS, then create a www
record, then give it their IP address, that may help.

Look at the bottom of this report about their CNAME:
http://www.dnsreport.com/tools/dnsreport.ch?domain=dell.com

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Guest · Dec 18, 2003

Making progress... I am still not able to open thier web page, but now I am getting some results from nslookup and tracert..

Microsoft Windows 2000 [Version 5.00.2195
(C) Copyright 1985-2000 Microsoft Corp

Z:\>nslooku
Default Server: hercules.meccaia.co
Address: 192.168.10.

www.dell.co

Server: hercules.meccaia.co
Address: 192.168.10.

Non-authoritative answer
Name: www.ins.dell.co
Address: 143.166.224.23
Aliases: www.dell.co

exi

Z:\>tracert www.dell.co

Tracing route to www.ins.dell.com [143.166.224.230
over a maximum of 30 hops

1 <10 ms <10 ms <10 ms 192.168.10.25
2 16 ms <10 ms 16 ms 205.216.121.12
3 <10 ms 16 ms <10 ms 204.71.106.
4 15 ms <10 ms 16 ms 66.133.88.10
5 16 ms 15 ms 16 ms 66.133.88.10
6 31 ms 32 ms 47 ms 500.Serial7-6.GW4.MSP1.ALTER.NET [157.130.100.6

7 31 ms 31 ms 16 ms 110.at-1-1-0.cl2.msp1.alter.net [152.63.67.102

8 47 ms 16 ms 47 ms 0.so-0-0-0.tl2.chi2.alter.net [152.63.68.89
9 47 ms 46 ms 63 ms 0.so-5-2-0.tl2.dfw9.alter.net [152.63.1.149
10 47 ms 63 ms 47 ms 0.so-4-0-0.cl2.aus4.alter.net [152.63.96.110
11 62 ms 47 ms 63 ms pos7-0.gw2.aus4.alter.net [152.63.97.53
12 63 ms 62 ms 47 ms dell-gw.customer.alter.net [157.130.11.122
13 * * * Request timed out
14 * * * Request timed out
15 * * * Request timed out
16 * * * Request timed out
17 * * * Request timed out
18 * * * Request timed out
19 * * * Request timed out
20 * * * Request timed out
21 * * * Request timed out
22 * * * Request timed out
23 * * * Request timed out
24 * * * Request timed out
25 * * * Request timed out
26 * * * Request timed out
27 * * * Request timed out
28 * * * Request timed out
29 * * * Request timed out
30 * * * Request timed out

Trace complete

Z:\>

Ace Fekay [MVP] · Dec 18, 2003

In

Todd Yelland said:
Making progress... I am still not able to open thier web page, but
now I am getting some results from nslookup and tracert...

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

Z:\>nslookup
Default Server: hercules.meccaia.com
Address: 192.168.10.1

www.dell.com

Click to expand...

Server: hercules.meccaia.com
Address: 192.168.10.1

Non-authoritative answer:
Name: www.ins.dell.com
Address: 143.166.224.230
Aliases: www.dell.com

exit

Click to expand...

Z:\>tracert www.dell.com

Tracing route to www.ins.dell.com [143.166.224.230]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 192.168.10.254
2 16 ms <10 ms 16 ms 205.216.121.129
3 <10 ms 16 ms <10 ms 204.71.106.1
4 15 ms <10 ms 16 ms 66.133.88.102
5 16 ms 15 ms 16 ms 66.133.88.105
6 31 ms 32 ms 47 ms 500.Serial7-6.GW4.MSP1.ALTER.NET
[157.130.100.61 ]
7 31 ms 31 ms 16 ms 110.at-1-1-0.cl2.msp1.alter.net
[152.63.67.102]

8 47 ms 16 ms 47 ms 0.so-0-0-0.tl2.chi2.alter.net
[152.63.68.89] 9 47 ms 46 ms 63 ms
0.so-5-2-0.tl2.dfw9.alter.net [152.63.1.149] 10 47 ms 63 ms
47 ms 0.so-4-0-0.cl2.aus4.alter.net [152.63.96.110] 11 62 ms
47 ms 63 ms pos7-0.gw2.aus4.alter.net [152.63.97.53] 12 63 ms
62 ms 47 ms dell-gw.customer.alter.net [157.130.11.122] 13 *
* * Request timed out. 14 * * *
Request timed out. 15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

Z:\>

Well, we're getting closer. So are there any IE restrictions, such as zones,
etc?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Guest · Dec 19, 2003

I set everything to LOW and it didn't make a difference.

Ace Fekay [MVP] · Dec 19, 2003

In

Todd Yelland said:
I set everything to LOW and it didn't make a difference.

Do you have Secure Cache Against Pollution checked? If not, please do so.
(DNS properties, Adv Tab).

Is there a firewall present?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Guest · Dec 22, 2003

The Secure Cache Against Pollution was already checked. I am using a snapgear sme550 http://www.snapgear.com/sme550.html. I also have a netgear setup so I changed my default gateway to it and it worked. So something on the snapgear firewall is blocking that site, but I don't know what that is???

Ace Fekay [MVP] · Dec 22, 2003

In

Todd Yelland said:
The Secure Cache Against Pollution was already checked. I am using
a snapgear sme550 http://www.snapgear.com/sme550.html. I also have a
netgear setup so I changed my default gateway to it and it worked.
So something on the snapgear firewall is blocking that site, but I
don't know what that is???

Then possibly restrictions in your firewall. You'll have to review the rules
and settings on it.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Guest · Jan 7, 2004

FYI... The fix for this was to disable traffic shaping on the firewall.

Ace Fekay [MVP] · Jan 7, 2004

In

Todd Yelland said:
FYI... The fix for this was to disable traffic shaping on the
firewall.

There you go...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Unable to resolve

William Stacey

Guest

Ace Fekay [MVP]

Guest

Ace Fekay [MVP]

Guest

Guest

Ace Fekay [MVP]

Guest

Ace Fekay [MVP]

Guest

Ace Fekay [MVP]

Guest

Ace Fekay [MVP]

Guest

Ace Fekay [MVP]