Join Log in
Score:-5
Nick.McDermaid avatar Server

Troubleshooting corporate DNS

ck flag
Nick.McDermaid

I'm on a corporate network with various mysterious lockdowns including ZScaler

My current issue is that when I try to connect to xyz.databases.windows.net (Azure SQL database) I see these symptoms:

From SSMS I get

No such host is known

Trying nslookup

nslookup xyz.databases.windows.net

Server: abc.au.mydomain.com

Address: 10.x.x.x

Non-authoritative answer:

Name: xyz.database.windows.net

(note no IP address returned)

If I switch to a different non-corporate network I can connect fine.

I'm about to raise a ticket with the sausage factory to try and resolve but would appreciate some insight on what's going on here so I can discuss with a bit less ignorance. NSLookup doesn't return an IP address. Does that mean the DNS server is actively blocking this? Or something is misconfigured somewhere?

There is some info in server side setup here, but this seems like a client side issue.

https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture?view=azuresql

116
2 + 5
Nick.McDermaid avatar
ck flag
Nick.McDermaid
Just a flyby downvote. Surely the question has sufficient explanation for someone to pose an answer... why doesn't nslookup give me an IP address?
0
Reply
Paul avatar
cn flag
Paul
"I'm about to raise a ticket with the sausage factory" - what does this mean?
0
Reply
Nick.McDermaid avatar
ck flag
Nick.McDermaid
To me it's a slightly derogatory term for IT support. Because I put my ticket in one end, it goes through the factory and gets mashed up and mistreated and I might get a good result out the other side.
1
Reply
captainmish avatar
cn flag
captainmish
you still get correct answers for everything else right? Its not just this particular hostname thats not responding? If you know what your other resolvers are you could try setting nslookup to use those `nslookup xyz.database.windows.net 10.x.x.y`
0
Reply
setenforce 1 avatar
us flag
setenforce 1
Did you setup conditionnal forwarding to some Microsoft domains on your AD DS resolver? Is `database.windows.net` in the list?
0
Reply
Score:1
Michael Lindsay avatar Server
ph flag
Michael Lindsay

I had this issue a few months ago and while I don't remember the exact details I know had to add a forwarder to either Azure DNS or Google DNS as the first forwarder on a server running 2008 R2. I want to say we originally had CloudFlare DNS configured as our sole forwarder. I’ve since taken the on premise servers to the farm or I’d go validate that answer for you.

You could test this if you don't have access the make changes to the DNS server by setting your primary DNS server to Azure DNS\Google DNS and secondary to your DC and flush the DNS cache on the machine, or just update the host file temporarily to provide your resolution for internal resources that server needs.

+ 0
Score:1
captainmish avatar Server
cn flag
captainmish

Assuming its just xyz.database.windows.net thats not working, just show them what you've got with an identical, successful lookup on your other device. Here's one i made earlier:

Non-authoritative answer:
xyz.database.windows.net        canonical name = dataslice1.indiawest1-a.control.database.windows.net.
dataslice1.indiawest1-a.control.database.windows.net    canonical name = cr4.indiawest1-a.control.database.windows.net.
Name:   cr4.indiawest1-a.control.database.windows.net
Address: 104.211.144.4

Its a bit wierd that you get no response, usually you'd get a response that'll direct you to a block page if its actively blocked.

nslookup xyz.database.windows.net {{another reachable dns server}} might give you different results - if so, its a forwarder issue like @michael-lindsay says.

Its probably blocked but, try some external dns servers too (8.8.8.8, 1.1.1.1 are good for testing) if you can.

I dont reckon there's much more that you can do apart from telling them you already turned it off and back on again, and then being nice to them and waiting on your ticket :)

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.