Problem with Google Page from within LAN

[EGR]

Hi,

I've got quite a big Problem in a LAN:

- about 30 workstations, W2k Pro, SP4; Win XP Pro, SP1 (Realtek 100Mbit /Broadcom 1000Mbit)
- 3 Windows Server (2x W2k3, 1x W2k Server)
- 3 HP switches gbit, 24 port
- default gateway is a Watchguard Firebox 2500
- and then there is a small Cisco DSL Router (don't know which one, but it is about haf a year old)

The problem is, that sporadically some internet pages cannot be viewed. Mots of the time

http://www.google.de

is one of the affected pages.
Unfortunately there is a Norton Internet Security 2004 instaleld on the client, but the problem also occurs when the personal firewall is switched off.

I've read about tht MTU problem with DSL on standalone home PCs. Does that problem also occur in LANs with a router?
What do I have to change?

Any help would be really appreciated.

Thanks
/EGR

 

[123tech]

Hi. Are you also having problems with Yahoo.com, and resolving some of it's subdomains, like mail or finance? The problem you are referring to sounds like it might have to do with DNS query. Is your DNS server on the W3K server? If so it has to do with the EDNS0 query, and the packet size being 1280 my default, and your firewall only allowing a dns query packet size of 512. Before I just keep writing, is this the case?

 

[EGR]

Hi,

thanks for the answer.
Yes, the DNS is on the w2k3 server.
The DNS-Server forwards other domain queries to the DNS servers from the DSL provider.

Could we verify that if we enter the provider DNS server in the network configuration of a client?

Thanks
/egr

 

[123tech]

Hi,
Well if you are using forwarders, then this shouldn't be a problem. If you're not using forwarders, then you are using the root-hint servers, then you would be having problems resolving some webpages. Yes you can put in the DSL Providers DNS server in one of the clients to test(or put the DSL providers DNS ip address as a forwarder in your DNS server), or you can have a client bypass the firewall and see if that works. Also if you can edit the firewall to pass DNS query packets of 1280, then that would work. If not, you can just changed the packet size for the ENDS0 query on your DNS server, here's how.

In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Add the following DWORD entry:
MaximumUdpPacketSize

Type a maximum UDP packet size value in bytes.
The default value is 1280 bytes. The value must be between 512 and 16384 in decimal format (200 and 4000 in hexadecimal format).

Restart DNS server.

OK, this should help you out.

 

[EGR]

Hi 123tech,

thank you very much for your hints.
It took a while but we solved the problem.

It had to do with DNS but in a different way.
On the Watchgurad Firebox there was a DNS Proxy configured. When we switched from the DNS Proxy to the DNS filter of the Watchguard everything worked fine.

It was very strange, just Google didn't work ever yother page did.

Thanks again.
/egr