Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Resolving a .gov website

0 views
Skip to first unread message

Todd J Heron

unread,
Mar 15, 2005, 4:32:22 PM3/15/05
to
Perhaps everyone has a hosts file with this entry which is wrongly
configured. Perhaps a cache pollution problem at your ISP DNS if you are
you using a Forwarder or an outdated Root Hints file if you are using Root
Hints.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights.

Message has been deleted

Herb Martin

unread,
Mar 15, 2005, 5:26:02 PM3/15/05
to
"1xnyer" <1xn...@discussions.microsoft.com> wrote in message
news:5C4E6BEC-131F-48E0...@microsoft.com...
> I have a unique problem My desktop machines can not resolve the following
> address www.ftc.gov.

So what happens if you type:

nslookup www.ftc.gov

How about running through each of your internal DNS server
IP and comparing that to your ISP DNS IP:

nslookup www.ftc.gov DNS.Server.IP.Address


> They can type the IP address and then get the page. If
> I go to my DNS (DC) server I can open explorer and type www.ftc.gov and
> resolve the site. I've tried clearing the DNS cache at the server level
and
> at the client level no luck.

Let's simplify and use NSlookup direct.

> Can someone tell me what this is about? I can resolve other .gov sites
just
> not FTC.gov.

So, I went and tried it and guess what?

That is NOT a public zone -- it isn't "your"
problem but rather the zone doesn't exist in
the Public Internet Namespace (or is not
properly configured or perhaps doesn't have
reliable DNS servers).

If it doesn't exist you cannot resolve it <grin>


1xnyer

unread,
Mar 16, 2005, 8:01:02 AM3/16/05
to
It times out.

Herb Martin

unread,
Mar 16, 2005, 8:25:39 AM3/16/05
to
"1xnyer" <1xn...@discussions.microsoft.com> wrote in message
news:E3321D60-1A70-4C3C...@microsoft.com...
> It times out.


Well, I went to 20 seconds multiple times and if
that doesn't get a resolution then it is effectively
not available -- that site is not available OR the
servers are unreliable.

Ace Fekay [MVP]

unread,
Mar 16, 2005, 11:33:09 PM3/16/05
to

It worked for me. The zone exists. Look at my results below. It's telling me
whatever forwarders being used is/are not resolving it for some reason.
Choose a different forwarder.

> server 4.2.2.2
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

> ftc.gov
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Non-authoritative answer:
Name: ftc.gov
Address: 164.62.4.30

> www.ftc.gov
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Non-authoritative answer:
Name: ftc.gov
Address: 164.62.4.30
Aliases: www.ftc.gov

>

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infinite Diversities in Infinite Combinations.
=================================


Herb Martin

unread,
Mar 17, 2005, 7:49:22 AM3/17/05
to
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
message news:ebKHxpq...@TK2MSFTNGP10.phx.gbl...

> Herb Martin wrote:
> > "1xnyer" <1xn...@discussions.microsoft.com> wrote in message
> > news:E3321D60-1A70-4C3C...@microsoft.com...
> >> It times out.
> >
> >
> > Well, I went to 20 seconds multiple times and if
> > that doesn't get a resolution then it is effectively
> > not available -- that site is not available OR the
> > servers are unreliable.
>
> It worked for me. The zone exists. Look at my results below. It's telling
me
> whatever forwarders being used is/are not resolving it for some reason.
> Choose a different forwarder.

I tried asking for SOA, NS, and the name records and got no
success even with long timeouts.

It is likely the problem is AT the parent (.gov) zone.

Ace Fekay [MVP]

unread,
Mar 22, 2005, 10:28:12 PM3/22/05
to
Herb Martin wrote:
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNa...@hotmail.com> wrote in
> message news:ebKHxpq...@TK2MSFTNGP10.phx.gbl...
>> Herb Martin wrote:
>>> "1xnyer" <1xn...@discussions.microsoft.com> wrote in message
>>> news:E3321D60-1A70-4C3C...@microsoft.com...
>>>> It times out.
>>>
>>>
>>> Well, I went to 20 seconds multiple times and if
>>> that doesn't get a resolution then it is effectively
>>> not available -- that site is not available OR the
>>> servers are unreliable.
>>
>> It worked for me. The zone exists. Look at my results below. It's
>> telling me whatever forwarders being used is/are not resolving it
>> for some reason. Choose a different forwarder.
>
> I tried asking for SOA, NS, and the name records and got no
> success even with long timeouts.
>
> It is likely the problem is AT the parent (.gov) zone.
>


You may be right. The server I am using is 4.2.2.2 to test it and it seems
to come back ok. Here is a query for NS, which returned an answer. But since
I am responding a bit late, they may have changed something since then. SOA
came back ok as well.

> server 4.2.2.2
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

> ftc.gov
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Non-authoritative answer:
ftc.gov nameserver = alsatian.ftc.gov
ftc.gov nameserver = doberman.ftc.gov
>


Herb Martin

unread,
Mar 23, 2005, 1:59:28 AM3/23/05
to
> > It is likely the problem is AT the parent (.gov) zone.
> >
>
>
> You may be right. The server I am using is 4.2.2.2 to test it and it seems
> to come back ok. Here is a query for NS, which returned an answer. But
since
> I am responding a bit late, they may have changed something since then.
SOA
> came back ok as well.
>
> > server 4.2.2.2
> Default Server: vnsc-bak.sys.gtei.net
> Address: 4.2.2.2

I received a timeout and then a non-authoritative
answer when I tried 4.2.2.2 -- I receive nothing
but a failure when I asked my own DNS server to
do it with a timout or 20 seconds.

Same for the NS records EXCEPT the 4.2.2.2 server
also gave up even with 20 seconds.


So, I decided to ask the gov. DNS servers direct:
a.gov.zoneedit.com internet address = 216.55.155.29 YES, but SLOW
b.gov.zoneedit.com internet address = 206.51.224.229 Yes, quick
c.gov.zoneedit.com internet address = 69.72.142.35 YES, but SLOW
d.gov.zoneedit.com internet address = 209.97.207.48 Yes, quick
e.gov.zoneedit.com internet address = 82.165.40.134 YES, but SLOW
f.gov.zoneedit.com internet address = 66.197.185.229 Yes, quick
g.gov.zoneedit.com internet address = 66.135.32.100 Yes, but SLOW

Likely it depends on whether the DNS server doing the
recusion uses one of the "SLOW" servers or not.


And then it turns out that the two ftc.gov DNS servers
are even sicker (timing out even with 30 seconds) when
looking for www.ftc.gov:

ftc.gov nameserver = ALSATIAN.ftc.gov
ftc.gov nameserver = DOBERMAN.ftc.gov
ALSATIAN.ftc.gov internet address = 164.62.7.22
DOBERMAN.ftc.gov internet address = 164.62.7.21

(I even went back and made sure the 7 gov servers gave the
same pair for ftc.gov -- and they ALL do.)


Of course, at 1:00 AM, I am asking myself "Self: Why do I care?" <grin>

Night.


Ace Fekay [MVP]

unread,
Mar 27, 2005, 11:25:09 PM3/27/05
to

Well, thanks for trying!

Ace

0 new messages