Using DNS Console cache to troubleshoot a geo-location block issue

Share this:

How to use DNS Manager to troubleshoot a geo-location restriction in the firewall.

Solution


I had this interesting situation in one of my customers, where he wasn’t able to resolve the name xtools.pro. So my first step was to run nslookup against the DNS Server from my lab to get check if it was a domain issue or not. Well on my lab it worked like a charm.

image

When I tried the same thing from my customer side, I got the following error.

image

Well, DNS to the rescue, I went back to may lab, and selected Advanced on the DNS Console.

image

After that, I expanded Cached Lookups, .(root), and then I clicked on the pro.

image

Inside of the pro, I found the domain xtools, when I clicked on it I saw all the NS servers hosting that domain and for my surprise they were located in Russia.

image

So my first question to my customer was: are you guys performing geo-location blocking at your Firewall level, and the answer was yes. In order to close the case, I asked just to confirm if they are blocking Russia, and they said yes. So, case closed!

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at MSExchange.org, ITPROCentral.com and AndersonPatricio.org (Portuguese).