-2

We are trying to access a company website from within the local terminal server client.

The website is hosted elsewhere.

Previously they had DNS rules in a separate File/DNS server which I deleted and it began to work on that server afterwards.

Now all the users use the Terminal Server which cannot access the website. There is no DNS role on this server so I had nothing to change there. Its DNS server is set to the File/DNS role server.

When I run tracert or nslookup I get no info. I have tried ipconfig /flushdns /registerdns many times. Which is what seemed to get it working on the File/DNS server after deleting the DNS entry.

What can I try to figure out what is blocking this website request?

Something like a tracert, but internal to the server.

File/DNS server = companyserver.company.local

Terminal Server = companyterminal.company.local

nslookup results (client domain shielded for sensitivity)

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.PREMIER>nslookup
Default Server:  companyserver.company.local
Address:  192.168.100.10

> company.com
Server:  companyserver.company.local
Address:  192.168.100.10

*** companyserver.company.local can't find company.com: Query refused
>
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
BAR
  • 115
  • 8

1 Answers1

2

When starting nslookup, typically it will immediately display the default DNS server. I would confirm the output is what you expect it to be. If it is and you aren't able to do lookups (DNS timeout, etc), I would attempt a telnet connection to port 53 of your DNS server. If the connection isn't established, you know you have a network problem. If it is established, you may need to check your DNS server configuration. Unfortunately without some specifics on each server's configuration, it is hard to be more detailed than this.

EDIT: You added nslookup results as I posted this. "Query refused" seems to imply some type of security settings on the DNS server stopping the lookup.

Vile Brigandier
  • 418
  • 3
  • 8
  • Interesting.. Where would these security settings be set? – BAR Jan 30 '15 at 18:09
  • It depends on what DNS server you are running. In Windows Server, usually Adminstrative Tools > DNS, in the properties area for the server. If it is BIND based, you'll need to go through the conf files and configure by hand (/etc/BIND9/ I think). – Vile Brigandier Jan 30 '15 at 18:13
  • I had this same issue recently with a BIND setup, the first settings I would look for are settings related to what networks can query the server, and what networks the server will do external lookups for. – Vile Brigandier Jan 30 '15 at 18:15
  • I added Everyone to the DNS security settings as read only. Still no luck. – BAR Jan 30 '15 at 18:24
  • Do you have any Forwarders set in the server properties, and if so, have you performed an nslookup to those to ensure they return a proper result? – Vile Brigandier Jan 30 '15 at 18:26
  • No conditional forwarders setup. – BAR Jan 30 '15 at 18:45
  • So there is a conflict when the DNS server is named company.local and a remote website is company.com ? – BAR Jan 30 '15 at 18:51
  • What DNS server software is in use? What exactly did you do here: `I added Everyone to the DNS security settings as read only`? Also, if other sites resolve correctly then you shouldn't be making global changes to the DNS server. Thirdly, your DNS server doesn't need to have forwarders in order to resolve external names. In the absence of forwarders the root hint servers will/should be used. The fact that no other external domains exhibit this problem should be a clue that there isn't a `global` problem with your DNS server. – joeqwerty Jan 30 '15 at 19:37
  • @VileBrigandier Turned out it took some time for your suggestion to modify security settings to work out. Unfortunately there are some very unhappy people around who believe if they don't understand it at first go, its a bad question and no help can be given. Thank you for not being one of them. – BAR Jan 30 '15 at 20:39
  • @joeqwerty I did what Vile said to. Adminstrative Tools > DNS. Select server > (right click) properties. Securities tab. Add everyone as read-only. Added in ipconfig /flushdns /registerdns for good measure. – BAR Jan 30 '15 at 20:59
  • That doesn't have anything to do with clients querying the DNS server. The entries on the Security tab determine what entities may access the DNS server object and what access they have on that object. Additionally, the Security tab is only available when the DNS role is installed on Domain Controllers. – joeqwerty Jan 30 '15 at 21:47
  • @joeqwerty You seem to know what is was not. Do you know why this worked then? I am somewhat puzzled myself... Although it is one of those rare things I do not need to know why it worked. – BAR Feb 01 '15 at 19:15