question

PrzemyslawWawrzyczny-8008 avatar image
0 Votes"
PrzemyslawWawrzyczny-8008 asked CandyLuo-MSFT commented

External Website is not loading when inside the organization.

Hello Guys,

I would like to ask for your opinion regarding below issue:


I have following issue:

Website https://hw.ac.uk is not opening from inside of the organization,

The same website works fine from outside.


Nslookup shows different output:

if DNS is set as internal 172.20.12.5 it fails to display the website

f DNS is set as external 8.8.8.8 it works fine


C:\WINDOWS\system32>nslookup hw.ac.uk

Server: SBC-DC01.myorganization.ac.uk

Address: 172.20.12.5

Non-authoritative answer:

Name: hw.ac.uk

Addresses: 2002:89c3:971e::89c3:971e

       2002:89c3:6050::89c3:6050 

       2002:89c3:ab28::89c3:ab28 

       2002:89c3:c20b::89c3:c20b 

       2002:89c3:ab12::89c3:ab12 

       2002:89c3:e231::89c3:e231 

       2002:89c3:e222::89c3:e222 

       2002:89c3:f843::89c3:f843 

       137.195.96.80 

       137.195.150.31 

       10.6.67.16 

       10.6.67.15 

       137.195.171.40 

       137.195.171.18 

       137.195.226.34 

       137.195.248.67 

       137.195.226.49 

       137.195.194.11 

       137.195.151.30


C:\Users\adminpw>nslookup hw.ac.uk
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: hw.ac.uk
Address: 137.195.101.213


If I change the DNS servers to 8.8.8.8 for a client machine inside my organization the website loads fine.


I am not server guy, so I have no idea what is causing it.
As a network person I have checked basic connectivity and everything is ok,
I have checked and disabled firewall filters,
I have done tests with local firewall disabled.

Regards,
Przemek



windows-serverwindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered CandyLuo-MSFT commented

Hi Przemek,

Root Hints is the last resort for name resolution. DNS Server will contact Root Hints only when it no Forwarders available or when Forwarders cannot resolve the query. This makes the process of name resolution using Root Hints to be longer.

The recommend way is configure DNS forwarders. DNS forwarder can improve DNS performance.

If you have anything unclear, please feel free to let me know.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Candy,

We have implemented your solution and the website is now displaying properly,
nslookup shows correct information now.

Thanks very much for you help and for explanation how it supposed to be configured.

Regards,
Przemek

0 Votes 0 ·
CandyLuo-MSFT avatar image CandyLuo-MSFT PrzemyslawWawrzyczny-8008 ·

You are welcome! :)

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered PrzemyslawWawrzyczny-8008 commented

Hi ,

Did you configure DNS forwarder to forward DNS queries for external DNS names to DNS servers outside that network?

If you want to resolve external domain name, please put public DNS server like 8.8.8.8 in DNS forwarder. As picture below:

114836-1.png

Then check whether nslookup can works for external website.

The following article talking about DNS Forwarders, you could have a look:

Understanding DNS Forwarders and Root Hints in Windows DNS Server

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1.png (115.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Candy,

Thank you for a quick reply, I appreciate it.

We don't have any forwarders configured,... we are using root hints instead.
We have had an internal discussion and decided to try your solution at the beginning of next week.
I will update you with the result once done.

Can you advise if using Forwarders can decrease DNS performance?
Should servers has both root hints and forwarders configured?

Regards,
Przemek

0 Votes 0 ·