How to diagnose end user DNS problems with my domain?

Question

I work for a small part of a large organization that has been on the internet since dinosaur days (pre-CIDR). I'm confident our DNS is properly configured, but a tiny fraction (<1%) of our remote clients have chronic problems (either continuous or sporadic) resolving our host names (e.g. anything at *.foobar.org). EDIT: these are long-standing A records, not recent changes.

I ask them to switch to Google DNS, which usually solves the problem. However, some clients are skeptical, since they can reach our competitors (e.g. bizzbuzz.org or qux.com) without any trouble. Honestly, I wonder the same thing. Why does it happen?

What are some troubleshooting steps we can do (other than flying to Albuquerque or wherever to test their cable company's local loop) to definitively determine why their DNS fails and how to fix it?

... Another DNS question that doesn't include the actual domain name. At best you're going to get answers that are hypothetical, rough estimations, or total guesses. — joeqwerty, Oct 11 '17 at 23:13
did you ever tried this? might be a good start? https://www.whatsmydns.net/ — Marco, Oct 12 '17 at 14:09
Also you might find one of the many public dns lists and write a simple bash script to check how you're resolved around the world.. — Marco, Oct 12 '17 at 14:10
First and only troubleshooting tip: give the names involved and the exact error messages you get. Otherwise everything is pure guess... — Patrick Mevzek, Oct 15 '17 at 01:31
To echo the others, please just provide the domain name. It is impossible to provide you a comprehensive list of failure scenarios and edge cases, but with the domain we can usually narrow down the possibilities. — Andrew B, Oct 17 '17 at 17:23

hydrian · Answer 1 · 2017-10-18T15:48:35.087

2

Ask them to use nslookup to test.

#> nslookup
#> server <DNS SERVER IP>
#> <HOST NAME TO TEST>

Possible issues:

Machines has a local dns cache/caching namserver that is messing up. (Ubuntu and derivatives are good for this)
Corporate DNS servers cache bad entries too long
ISPs DNS servers are take very long to refresh
Corporate firewall is blocking your domain's HTTP or DNS requests because of a blacklist.

edited Oct 18 '17 at 15:48

answered Oct 12 '17 at 18:05

hydrian

47
5

1

`nslookup` should be replaced by `dig` for troubleshooting – Patrick Mevzek Oct 15 '17 at 01:32
1

Nslookup is stock or easily installed in most OSes, MS Windows included. The dig binaries, not so much. – hydrian Oct 16 '17 at 03:26
1

Which is never a good reason to settle for an inferior tool. At least if you are serious about wanting to troubleshoot problems – Patrick Mevzek Oct 16 '17 at 04:26

How to diagnose end user DNS problems with my domain?

1 Answers1