The weirdest DNS issue, I can't even ...

[thecomputerguy]

Client calls me and says he can't goto a specific website anymore...

greensky.com

I check it ... I can go there. So I login.

Sure enough ... he can't access it on his computer.

1.) I login to their onsite Server which is their primary DNS server, the server is able to access it fine.
2.) I check a W7 computer thinking it might be a W10 thing. Nope, no computers on the domain can get to it.
3.) Phones connected wirelessly to the network using the server as DNS can access it fine.
4.) I find out he can access it BUT only by using Edge (WTF?)
5.) W7 Computers don't have Edge so they can't access it.
6.) Is it up says it's up.
7.) DNS lookup shows valid A Records
8.) Changed local DNS from onsite DNS server to Google's 8.8.8.8 and then 1.1.1.1, same result, no access.
9.) Wiped all history on browser, same result
10.) ipconfig /flushdns
12.) Winsock reset

The error changes depending on what browser you are using but basically it's a DNS can't find the IP sort of deal.

Any ideas?

 

[Archon Prime]

bypass router. see if you can get to it directly from that?

 

[YeOldeStonecat]

The error changes depending on what browser you are using but basically it's a DNS can't find the IP sort of deal.

I'm not sure it's a DNS issue yet...if you run a ping to that domain from a workstation, does it reply with the correct IP?
If it does..it's not a DNS issue. If Edge browser can reach the site...I'd say DNS should be working fine since Edge lands on the correct website. If DNS was not working properly, Edge wouldn't know where to go.

I am stumped as to why other browsers won't land on it...what is in place for a firewall/router? What antivirus..does it have a content filter?

For some reason in the history of this network was there a proxy service running?

 

[thecomputerguy]

When pinging even on the computer that is able to reach it through Edge it immediately comes back with "Ping request could not find host greensky.com. Please check the name and try again."

Also tried for www.greensky.com

What is also strange about it is the response when using ping or a browser is so immediate ... it's like it's not even trying to find the IP. Like the moment you press Enter it fails.

 

[Archon Prime]

Sounds like possible software blocking it or something. I would def try a direct connect and bypass their hardware just to check if it continues.

 

[Markverhyden]

Did you ping the IP of the target domain?

 

[thecomputerguy]

Did you ping the IP of the target domain?

Yes it is able to ping both of the A records for the mentioned domain ... greensky.com

 

[thecomputerguy]

I'm not sure it's a DNS issue yet...if you run a ping to that domain from a workstation, does it reply with the correct IP?
If it does..it's not a DNS issue. If Edge browser can reach the site...I'd say DNS should be working fine since Edge lands on the correct website. If DNS was not working properly, Edge wouldn't know where to go.

I am stumped as to why other browsers won't land on it...what is in place for a firewall/router? What antivirus..does it have a content filter?

For some reason in the history of this network was there a proxy service running?

Antivirus is Kabuto + Emsisoft ... Their firewall is just a basic firewall from a cheapy router.

 

[Markverhyden]

Yes it is able to ping both of the A records for the mentioned domain ... greensky.com

Then it's got to have something to do with DNS and AD/GPO. I'm guessing that the phones are not bound to the domain, even if they were the GPO stuff would be very limited, and I'd also guess that if you dropped an OS X or Linux machine on they'd work as well.

 

[ComputerRepairTech]

wait a minute, didnt i read a while back that edge ignores host file? did you check host file?

edit: this is the thread i was thinking about https://social.technet.microsoft.co...ge-browser-hosts-file?forum=win10itprogeneral so i guess not ignore but some sort of loopback issue with edge when pointing to local host using host file? anyway its the first thing that came to mind as to why edge would work and others would not.

 

[YeOldeStonecat]

Their firewall is just a basic firewall from a cheapy router.

Wonder if the router is compromised ...so many of the cheapy ones are on the frequently hacked list....

Very curious about....if you ping that domain and get nothing, cannot find, how the heck is Edge browser opening it?!?!?!?!?!

 

[thecomputerguy]

Then it's got to have something to do with DNS and AD/GPO. I'm guessing that the phones are not bound to the domain, even if they were the GPO stuff would be very limited, and I'd also guess that if you dropped an OS X or Linux machine on they'd work as well.

Whats weird is the server which acts as a DC/DNS/DHCP/File Server connected just fine. As far as GPO stuff goes all they have is Drive maps, and maybe folder redirection on a couple machines. I wouldn't even begin to know where to look for the GPO stuff.

I checked the hosts file on one of the computers and its blank, just default. The router they are using was on the list of the recently hackable devices ... maybe I'll give that a reboot/replacement.

 

[thecomputerguy]

Wonder if the router is compromised ...so many of the cheapy ones are on the frequently hacked list....

Very curious about....if you ping that domain and get nothing, cannot find, how the heck is Edge browser opening it?!?!?!?!?!

They are using an ASUS router that has the ability to ping in it's tools and it is also able to ping the domain and the IP of the domain ...

This issue just popped up in the last few days without any changes being done at all.

 

[YeOldeStonecat]

Can you take your own laptop, plug it into the network..and get to the site or not? Just trying to eliminate if it's the router/centralized network issue, or something within active directory being pushed to workstations.

 

[Slaters Kustum Machines]

They are using an ASUS router that has the ability to ping in it's tools and it is also able to ping the domain and the IP of the domain ...

This issue just popped up in the last few days without any changes being done at all.

Do you have a router you could swap in for a few days? An Edgerouter X is great for this and cheap.

 

[sapphirescales]

Can you take your own laptop, plug it into the network..and get to the site or not? Just trying to eliminate if it's the router/centralized network issue, or something within active directory being pushed to workstations.

Yup. This is the FIRST thing I would've tried. Seeing as they can access it via smartphones connected to WiFi, it's most likely a Windows configuration issue on their computers.

 

[Markverhyden]

Whats weird is the server which acts as a DC/DNS/DHCP/File Server connected just fine. As far as GPO stuff goes all they have is Drive maps, and maybe folder redirection on a couple machines. I wouldn't even begin to know where to look for the GPO stuff.

I checked the hosts file on one of the computers and its blank, just default. The router they are using was on the list of the recently hackable devices ... maybe I'll give that a reboot/replacement.

If there is a Domain there is GPO, but just the defaults plus whatever bad bits that happen to fall in. It's a great thing but far from being immune to problems. When you tested on the server how were you logged in? Admin or regular user? Did you try logging in as admin on a workstation to test? O the W10 with Edge. Did you try IE was well as it's still in there for now.

 

[HCHTech]

Something is rotten in Denmark, here.

What happens if you put a manual entry for that site in the hosts file?

Maybe check the registry entry that shows the hosts file location - is it pointing to the right place?

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

Plus, why just one site? Is this a mission critical site for them? Maybe they ****** off some former IT person?

Just for fun, do a registry search for that site name on the workstation and the server. Comb through the DNS settings on the server.


Edit: Thanks for the bleep, mod. My bad.

 

[ComputerRepairTech]

Yes this is quite an interesting case, it has to be something weird since Edge is working.

 

[LordIntruder]

are there any proxy settings in the client browser that might confuse the whole thing?