On Tue, Oct 27, 2009 at 6:44 PM, Didtel, Larry <[email protected]> wrote: >>What OS and version for the client PC and for the DNS cache server? > > My OS is Win7 but this is a company wide problem and everyone else is either > on XP or a Citrix desktop from Win2k03 servers. Our DNS server is Win2k03. > >>Explain what happens when you are "no longer able to get to the > IE says "IE cannot display the web page".
IE says that for almost every possible problem. DNS lookup failed, DNS didn't return any A records, TCP connection refused, TCP connection timed out, etc. You may want to try a different web browser to get better diagnostics. That said, your ping test is telling. If ping can't find the name, you have trouble. :) > Have not tried telnet but I know that will not work > because it won't find the name. Correct! :) >>How are you checking the DNS cache on the local PC? > > Ipconfig /displaydns I asked because you remarked that it shows "site does not exist" but on my Win XP computer, "IPCONFIG /DISPLAYDNS" does not take any parameters, and never displays "site does not exist". I do see "Name does not exist" for negative caching, though. Is that what you're seeing? If so, some name server in your query chain has said "NXDOMAIN" (non-existent domain) for one of the domain names involved, and the client has cached the negative answer. By doing "IPCONFIG /FLUSHDNS", you're forcing it to discard that negative answer and query again. The /REGISTERDNS thing is probabbly a red herring; I bet if you just did the flush it would give you the same behavior. Oh, *weird*: > dig +nocmd +noques +nostats A stemilt.gousa1.com. @ns1.apcap.net. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61530 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; ANSWER SECTION: stemilt.gousa1.com. 1200 IN CNAME 5qods.wrfe2.servertrust.com. ;; AUTHORITY SECTION: com. 1200 IN SOA ns1.apcap.net. webadmin.computerworksnet.com. 1242421483 1200 1200 604800 1200 > In the above, I just noticed the "status:" field in the header. NXDOMAIN. Yet it is still including an answer! I'm pretty sure that's highly broken. Also note the SOA (Start Of Authority) record claiming all of <com.>. I *know* that's broken. Contact the operator of the site; their DNS is all fscked up. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
