My network admin and I have been scratching our heads about this problem, thought I might see if anybody has ever seen anything similar and have any suggestions.
If it was anybody else in the company, I'd say do this on your own time at home, but the owner of the company is trying to get to the Vikings website. I like my job, so I'm working on the problem. The symptom is that the page refuses to load. Using the developer tools in chrome, it looks like all of the NFL team websites reference lots of resources at many subdomains under nfl.com. All the resources from vikings.com are loading, but everything from nfl.com is timing out.
We keep digging, and it appears to be a DNS resolution problem, but only behind the firewall. Here's the basic setup:
LAN
|
Servers on core network, Windows domain controllers providing DNS
|
2 x SonicWall E5500 firewall setup for failover
|
Dumb switch to distribute DIA to firewalls
|
XO MPLS/DIA circuit into firewall
Comcast circuit into firewall
Plug a laptop into the dumb switch and bypass the firewall, nfl.com resolves just fine.
Behind the firewall, no resolution.
Log into the firewall's management interface and ping nfl.com, no problem.
That narrows the problem pretty well, it's the firewall obviously. Right?
Behind the firewall, use nslookup for random DNS queries and everything is normal for any site we try. Heck, even sites that are blocked by other services of the firewall such as content filtering (playboy.com, etc.) are working, because this is just a DNS lookup. DNS isn't being blocked.
So what kind of settings on a firewall could be blocking DNS requests for a specific domain? No other domain resolution is being blocked as far as we can tell, only nfl.com and its subdomains. Looking at nfl.com, it appears that there's some recursion and use of CDNs, load balancers, etc, but that should all be addressed by the remote DNS server and just return the address. It's almost like there's some kind of deep packet inspection going on and it's throwing out DNS requests for nfl.com, but nothing's even showing up in the logs.
I'm at a total loss.
Here's a normal nslookup resolution of nfl.com using Google's open DNS server 8.8.8.8 from my home machine:
And here's nslookup results for yahoo.com and nfl.com from behind the firewall
Here's the full detail result from nslookup:
If it was anybody else in the company, I'd say do this on your own time at home, but the owner of the company is trying to get to the Vikings website. I like my job, so I'm working on the problem. The symptom is that the page refuses to load. Using the developer tools in chrome, it looks like all of the NFL team websites reference lots of resources at many subdomains under nfl.com. All the resources from vikings.com are loading, but everything from nfl.com is timing out.
We keep digging, and it appears to be a DNS resolution problem, but only behind the firewall. Here's the basic setup:
LAN
|
Servers on core network, Windows domain controllers providing DNS
|
2 x SonicWall E5500 firewall setup for failover
|
Dumb switch to distribute DIA to firewalls
|
XO MPLS/DIA circuit into firewall
Comcast circuit into firewall
Plug a laptop into the dumb switch and bypass the firewall, nfl.com resolves just fine.
Behind the firewall, no resolution.
Log into the firewall's management interface and ping nfl.com, no problem.
That narrows the problem pretty well, it's the firewall obviously. Right?
Behind the firewall, use nslookup for random DNS queries and everything is normal for any site we try. Heck, even sites that are blocked by other services of the firewall such as content filtering (playboy.com, etc.) are working, because this is just a DNS lookup. DNS isn't being blocked.
So what kind of settings on a firewall could be blocking DNS requests for a specific domain? No other domain resolution is being blocked as far as we can tell, only nfl.com and its subdomains. Looking at nfl.com, it appears that there's some recursion and use of CDNs, load balancers, etc, but that should all be addressed by the remote DNS server and just return the address. It's almost like there's some kind of deep packet inspection going on and it's throwing out DNS requests for nfl.com, but nothing's even showing up in the logs.
I'm at a total loss.
Here's a normal nslookup resolution of nfl.com using Google's open DNS server 8.8.8.8 from my home machine:
Code:
> nfl.com 8.8.8.8
Server: [8.8.8.8]
Address: 8.8.8.8
Non-authoritative answer:
Name: nfl.com
Address: 23.213.196.69And here's nslookup results for yahoo.com and nfl.com from behind the firewall
Code:
> yahoo.com 8.8.8.8
Server: [8.8.8.8]
Address: 8.8.8.8
Non-authoritative answer:
Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:58:c02::a9
2001:4998:c:a06::2:4008
98.138.253.109
206.190.36.45
98.139.183.24
> nfl.com 8.8.8.8
Server: [8.8.8.8]
Address: 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to 8.8.8.8 timed-outHere's the full detail result from nslookup:
Code:
> nfl.com 8.8.8.8
Server: [8.8.8.8]
Address: 8.8.8.8
------------
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 58, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
nfl.com.[company].com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 59, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
nfl.com.[company].com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 25
HEADER:
opcode = QUERY, id = 60, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
nfl.com, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 25
HEADER:
opcode = QUERY, id = 61, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
nfl.com, type = AAAA, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to 8.8.8.8 timed-out
>
Last edited: