In our last episode, we discussed how DNS weirdness can make your life miserable. I advocate everyone getting to know DNS at least on a basic level, so you know what to look at or who to call when things are going awry. Just as before, remember that behavior of your Internet experience depends on who is providing it. They have their own DHCP servers, DNS, firewalls, switches, etc. Since they have their own DNS servers and you're using them, problems with those servers will pretty much take you out at the knees. You're working on a very complex telephone that suddenly lost it's own telephone book. If your system is configured, or can be configured, to look to alternate DNS servers, this wouldn't affect you, but most internal computers are forced to use whatever DNS servers exist on that network. Still, there's light at the end of the tunnel. Let's start the process by discussing several common DNS-related issues and what they look like:
Everyone Can Get to Your Website Except For You - Your corporate website may be hosted by someone like GoDaddy; this is becoming increasingly common. What might end up happening is that you stop seeing your corporate website and in a panic, you think the server is out. Then you find out from a friend who works/lives elsewhere that he can see your website just fine. What gives? The answer is to do an NSLOOKUP (see below) and see what IP address your website returns. Then use the NSLOOKUP tool below to see if they agree. If not, chances are your webhosting company made a change to your IP address without telling you. Update your Internal DNS server to point to the correct IP and check it again; chances are, you'll be fine.
You Can Get to Your Website, but No One Else Can (outside of your network) - Another panic-inducer. The server is obviously not down, you're browsing your web site, but no one is able to. Here, we quickly ping the server and discover that it's alive. If you can see the server but no one else can, chances are the server is no longer responding to the IP address that is assigned it in External DNS. Confirm this by running the web-based NSLOOKUP tool below. If someone has changed this IP address and pointed it somewhere the server is not listening, guess what? No content. Fix this and get back on the road to up-time.
E-mail Randomly Disappears or Gets Rejected from Your Mail Server - Ran into this last week, a client's mail server was not delivering mail to Comcast or SBC. We arrived at the conclusion pretty quickly, so here it is: your mail domain needs to have a reserve-lookup PTR record. Large mail domains will regularly perform a reverse-lookup on your mail to confirm that you are, in fact, not a spammer. Spammers usually do not have a reverse-lookup PTR record, it makes them easier to track down. Put 2 and 2 together and the mail domains started to refuse mail that didn't have a reverse-PTR record for their mail domain. If you have a mail domain, make sure a PTR record is created for your mail.domain.com address to point back to the IP address of mail.domain.com.
My Website is Slow! - Surprisingly, DNS doesn't directly solve this but can put you on the right path. Running a TRACERT command helps show how your Internet traffic is routed and can help identify places where traffic slows down.
C:\> TRACERT 10.11.95.1
1 1 ms 1 ms <1>
2 <1>
3 3 ms 3 ms 3 ms 10.11.96.254
4 6 ms 14 ms 6 ms 10.11.95.1
As you can see from the example above, the time between hops was in the 3-6ms range. If you see hops that suddenly jump from 10-15ms up to 100-150ms, this can help identify a point where your network traffic is slowing down and therefore affecting the performance of your website.
Those are four common problems and some great Internet websites have saved my bacon from time to time. Here's a few of them to get you started:
Great DNS and Network Troubleshooting Tools
NSLOOKUP - Imagine this tool like directory assistance. It'll tell you what an IP address belongs to, or what IP a domain name directs to. The beginning of every successful DNS troubleshooting is knowing where stuff is located. NSLOOKUP helps make that happen.
PING - This tool is the virtual ping-pong ball of the Internet. It sends packets of data at an IP or domain name and listens for replies. This confirms that a server or IP or domain name is alive and responding - something else that you need to troubleshoot successfully.
TRACERT - See how your Internet traffic gets routed; the time it takes to run from one hop to the next can help you understand where things slow down if you're troubleshooting Internet slowness.
Is it Down For Everyone or Just Me - This is a great tool because I got tired of IM'ing my friends to ask if a corporate website was visible for them. We were hosting on Earthlink and Earthlink Hosting, the $99 version, died about 4 times in 12 months for a variety of reasons. The point is, this site will tell you rather quickly if it's a problem with the site, with your internal DNS or something else entirely. It's a great first stop on the road to DNS wellness.
Kloth.Net - Dig / NSLookup / WHOIS / DNSBL-Check - This is a great grab-bag of stuff; look up your IP, do a ping, see if your IP address has put on an Internet no-fly list for some reason.
Internet Ping is Here and Here - Sometimes you want to ping your external IP from the outside and verify that it is alive. Use these tools to make that happen.
About Me
- Tim Woolery
- My job title is 'IT Manager' for a Financial Services Company in the Silicon Valley. I've been doing IT for 13 years and I've learned a lot both technically and professionally. This blog is about sharing what I have learned.
The Blogs I Read
Profiles
0 comments:
Post a Comment