DNS issues, resolved IP is wrong resulting in 403 error.
Here is the deal. When associates try to go into carrier websites or any secure website for that matter, they are met with:
403 : Forbidden
With a little research this is what I found.
Nslookup for 53.com (Fifth Third's website, it's another one that wasn't working) returned an IP address different then when I pinged 53.com
Ok, so I cleared the cache on both DNS Servers and restarted the DNS. This resolved the issue. But... it happened the next day. Same thing, same solution to fix.
Here is the layout of our PC's accessing a website:
PC>DNS cache on local machine>Primary DNS>Secondary DNS>2 Forwarders (Iserv DNS)
I am thinking one of two things:
1. A forwarder DNS issue resolving hostname to bogus IP's. But... further testing makes me think
2. Every website that didn't work I did a nslookup on and it returns the same bogus IP.
Is there such thing as a 403 Virus?
Any thoughts are appreciated!
Cache poisoning? Damn it another DNS issue!
https://www.askmehelpdesk.com/networ...or-526690.html
THe above link is a thread I started earlier this month about the same issues.
I have figured out that we are the victims of cache poisoning and I was wondering if anyone had any input on how to go about fixing this? There are 130 employees so keep in mind simple 1 PC fixes may or maynot be out of the question.
The above link will explain my problem and what we've been experiencing! As of right now we have to go in and clear the cache for each DNS Server and restart the service and flush the local cache for the PC's to work. Ughhh this is annoying and time consuming!
Thanks!