DNS addresses not working, IP pointing works

M

mrsugar

n00b
Joined
Jul 11, 2006
Messages
5
Hello All,

I am having a problem with several laptops that can not access DNS internet sites but can access them directly with the IP. Here is the background of the situation. The company I work for just recently moved a branch and switched over to a new Domain Controller server shortly before that, there have been no problems until now. There are 3 at home users that come into the branch occasionally but mainly work from home via VPN, these users are able to connect to the internet and resolve addresses with no problem at our branch. However, once arriving to the home or any other external net connection, websites do not load, and VPN does not work.

Of note, we use automatic obtain DHCP for both DNS and IP always. I have tried everything under the sun to fix this problem.

- I have flushed the DNS
- Released and Renewed the IPs
- I have verified the laptop through the cable modem directly without a router in place
- I have removed the computer from the domain all together
- I have also used multiple public DNS servers such as 4.2.2.1 etc., none of these respond any differently
- I am able to ping any IP without problem, but not actual names, ex. www.google.com
- Other computers hooked up the same connection have no problems accessing sites of any kind

It seems to me like some sort of setting is keeping DNS servers from giving proper addresses. Does anyone know what I can do to fix this problem, any help you have is great. Thanks so much!!

Bruce
 
Is it possible that there is a Firebox or some other piece of hardware that has reached its limits on liscenses or that is awaiting authorization?
 
I don't believe so, but I am not familiar with firebox's.

Really all I am concered about is allowing them to access the internet in any way. It's no different than any regular cable user trying to get online. It's just that in this case I think some network setting our work network applied is stopping DNS from working.

Thanks for the input, other ideas?
 
What kind of router do you have? Or what is supplying IP addresses and DNS to each of the machines?
 
Your 'new domain controller' (assuming Active Directory here) should be doing DNS, with forwarders out to external (ie the ISP's) DNS servers.
The domain controller should probably be doing DHCP as well, giving the IP for the gateway (the router), IP for DNS (the domain controller) and the IP/Subnet for the machine.
 
Yes this new domain controller is an active directlry setup doing DNS and using complete DHCP. As I said before this is only for the company computers when they are connected locally at the branch. I am not sure what type of setting it could be adding that makes them not work from other connections. It is interesting because other work from home users have had no problems. Just these few cases.

The places where these users have experienced the problems are completely away from the branch. Although, they can always connect to our network if they are at any of our branches.
 
Ok, well let me get your 1000ft view. Were you localizing the problem to the workstations or the DNS server?

I'm curious. Do your home users run a firewall app of any sort? Symantec Client Security suite? Maybe ZA or something of the sort? If so, look at this first. Firewalls, if tightened down, will block DNS requests to and from unknown IPs. And if it's been customized to work at home, well you get my drift there. Just as a test, turn off the firewall app/service, ipconfig /release/renew and see what happens.

It doesn't make sense that the DNS server wouldn't register a DHCP client, unless some program is blocking that. On that note: Does anything else (besides DNS) work? Can you trust the box to your domain? Can you map home dirs (if any) via IP?
 
Rocco123 said:
Ok, well let me get your 1000ft view. Were you localizing the problem to the workstations or the DNS server?

I'm curious. Do your home users run a firewall app of any sort? Symantec Client Security suite? Maybe ZA or something of the sort? If so, look at this first. Firewalls, if tightened down, will block DNS requests to and from unknown IPs. And if it's been customized to work at home, well you get my drift there. Just as a test, turn off the firewall app/service, ipconfig /release/renew and see what happens.

It doesn't make sense that the DNS server wouldn't register a DHCP client, unless some program is blocking that. On that note: Does anything else (besides DNS) work? Can you trust the box to your domain? Can you map home dirs (if any) via IP?
Click to expand...

You have described some good ideas here. I have checked for any programs that could be stopping DNS, zone alarm, etc, nothing of the sort is in place. Also, the problem has been localized to the work stations. I can't VPN in to check if I can connect to local servers, although I suppose I could try VPN via IP, my feeling is that will work.

Anything that is based on IP and not DNS has been working.
 
You should probably see what happens when you do an NSLookup. The error message that should generate might help you determine if your are not reaching a DNS server, or if the computer doesn’t know who is supposed to be giving him DNS services.

If VPN client is using DNS to connect that would explain it not working as a symptom of the problem, but if it uses hard coded IP addresses (more common) then it could be a cause or complicating factor. If you have a firewall on the computer, even some AV software will block specific ports and services differently when they determine that they are on their home network versus in the wild. You could have something like that configured wrong.
 
-(Xyphox)- said:
You should probably see what happens when you do an NSLookup. The error message that should generate might help you determine if your are not reaching a DNS server, or if the computer doesn’t know who is supposed to be giving him DNS services.

If VPN client is using DNS to connect that would explain it not working as a symptom of the problem, but if it uses hard coded IP addresses (more common) then it could be a cause or complicating factor. If you have a firewall on the computer, even some AV software will block specific ports and services differently when they determine that they are on their home network versus in the wild. You could have something like that configured wrong.
Click to expand...

DNS lookup is my next step. I just found out about this yesterday, don't know how I didn't realize it existed before. In any case, I am waiting for the users to return from out of town meetings to their home internet connections. Also, the VPN is dns based, not IP, so I will try an IP and make sure it works.

Thanks
 
You could try disabling the DNS client service then restart the computer.
 
You must log in or register to reply here.
Back
Top