Long Post : Be prepared. Thank you
Ok, I have a decent understanding of DNS, but I'm new to all of the complex issues involved with it. I suppose they are not complex to those in the know, but I need some help deciphering this problem. To set the stage, we just recently inherited a client from one of our competitors who tried to sell the client a $500 switch to fix this issue that we are about to dive into. The problem doesn't seem to be HW related to me.
I have a Windows 2000 server station and probably 10-15 clients running, I believe windows 2000 clients. I have not done a complete inventory yet. Everything on their network was working great until the last week of August. All clients are acting the same so when I refer to the client from here on, I mean all clients, not one specific one.
When the user logs in on the client in the mornings it takes a very long time. We're talking about 15 mins. If we unplug it from the wall, it logs in fine using the local cached network credentials. We then reconnect the network cable to the network which gives the client pc access to network resources, and it works fine when accessing network resources. The clients take exceptionally long when loading any web page now. Also, they have a time keeping system in the back for their drivers that is connected to a time clock. Each day, then download the time clock info from the back client to one of the payroll computers in the front office. Since the problem started, they cannot transfer that data either. We assume that the program must use local network resolution and host names, not ip addresses to send data between machines. The server acts the same way (from a usage perspective).
If I try to ping a local network client pc or server from any other pc or the server using the IP address, everything works great. If I use the hostname, it breaks down. I recieve the reply back that it's trying to contact resalehost.networksolution
s.com [205.178.189.128], and the ping requests time out.
Now, if I unplug the router from the ISP Modem and clear the DNS cache on the Server, then do a ping request from any machine on the network to any other machine on the network, things work as they are suppose to. The correct name is resolved, and the ping request completes correctly.
I have done a WHOIS on the ip and on the host (resalehost.networksolutio
ns.com), and they are owned by network solutions, so my first thought was that maybe they made some changes last week, and the email they sent to my customer just got discarded. I called to check on this, and network solutions says they have not made wholesale server changes since early this year.
My customer does have a website hosted by Velocity.net, and the domain name registration is with Network Solutions. I found an article that stated the issue with the redirection to resalehost.networksolution
s.com could be caused by the need to update the registration of the domain name with Network Solutions. I checked, and my customer's account is paid up through 2008 or 2009, so we're good there.
Again, I am a novice at advanced DNS, so please bear with me as I describe what I've found about the DNS setup on the server. The domain name for the internet website at Velocity.net is
www.econsteel.com. The local domain name for their internal network is eriesteel.com. I thought I read somewhere that it is not advised to use .com as the designator for local domain unless you are using it for external use. Is this true? Not that it can be changed now, but I was just wondering.
I found a couple of things that stuck out to me. In the DNS Manager, I found that there is a Name server entry in the Forward Lookup Zones under the Zone eriesteel.com (local domain). The name server entry is erieconcrete.eriesteel.com
and the ip associated with it is 205.178.189.128 --- look familiar? Erieconcrete is the machine name of the server on the local network.
I set the view for the DNS manager to Advanced, cleared the cache and ran a ping. It generated four entries in the "Cached Lookups". One i cannot remember (i'm going from memory here), the second was "eriesteel.com" which I thought was good. The third was "netsol" and the fourth was "networksolutions". In "networksolutions" the first NS entry was for "a.root-servers.net." and the responsible person was ".com". Does that seem right?
I checked the host file as directed by other troubleshooting articles, nothing there. I did try changing the NS entry for erieconcrete.eriesteel.com
to the local internal address ip of the server which is how the SBS 2003 set mine up in my office. I cleared the resolver and dns caches on the server, but this did not effect the outcome. I also deleted that Name Server entry at one point, and tried again, with no effect.
The last thing I can provide is that I downloaded and ran the product called "Ethereal" to check network activity. It does show something different than a normal setup, but I'm not sure how to take it. In my network that is working right, Ethereal shows 2 DNS Protocol items (one from my pc to the server for the name of a pc on the network, and one back from the server with the response. Then 8 ICMP entries for the ping request and reply. On the customer network, After this initial DNS request entry, but before the DNS response, there is a TCP entry with info (1203 > netbios-ssn [ack...). Sorry the rest got cut off on my printout. If you need more of the line, please let me know. Then there is another TCP entry after the first ICMP ping request with info (netbios - ssn > 1278 [rst...).
These last items lead me to believe that a program is intercepting the DNS requests, then redirecting them, but the TCP entries could also simply be the when the request for DNS resolution is being sent out over the internet to what the server believes is a DNS server at resalehost.networksolution
s.com. So if that is the case, it is settings or a text file of ip data that I'm not aware of.
I know this is long, and I truely appreciate the effort in reading my post. I wanted to make sure to get all pieces that I could provide so that you have a comprehensive view of what I've found so far. Please advise on steps to resolve the issue or just things to check on. Thank you in advance.
Start Free Trial
