Unable to Resolve Target System Name: an Example Investigation

If you are on a network that is unfamiliar and you are suddenly confronted by a cryptic message such as: unable to resolve target system name, then likely there is a major problem somewhere along the path between your machine and the Internet site that you are trying to reach. Sometimes this can be due to mis-configurations on the network, but sometimes this is intentional blocking of specific URLs that have been flagged by automated software.

The Problem

Let’s say you are trying to access a domain on the Internet using a standard URL such as:

myWebSite.com

but are suddenly getting an error message saying the site is unavailable… that’s not even a standard 404 error message, so what’s going on and how can you track down why the site you are trying to reach isn’t showing up?

The simplest way to start your investigation is to open up a DOS command prompt and to use some of the utilities included by default with your system.

For starters, check the availability of the URL using the Ping and Tracert commands. If the Ping command gives you a strange error message, then your best bet is to try pinging the IP address of the site directly. If you are on Android, then you can use your phone on 3G along with a network tool like Net Swiss Tool Free to ping the Web site and find out its IP address.

Now back on your PC, if you are able to ping the IP address directly, but when trying to Ping the Domain Name you get an error message along the lines of:

Unable to resolve target system name myWebSite.com

then it’s likely there is a problem with your DNS server… either an accidental problem due to a mis-configuration of the DNS Server, or a deliberate problem such as active blocking of the URL that you are trying to access.

Before trying anything new, make sure that you actually are communicating with a DNS Server. To confirm, run the command:

IPConfig /all

So how can you dig a bit deepter and find out why the URL is being blocked? The answer is another handy command line tool called NSLookup, which you will want to run in debug mode to find out what the DNS server is saying about your URL.

The simplest method is first to do a NSLookup in debug mode on a URL that is returning results, and then run the NSLookup on the URL that is not resolving and compare the two responses.

To do this, at the command prompt type:

nslookup
set debug
myWebSite.com

Here is an example of a non-blocked response from the DNS Server from looking up the popular Yahoo homepage

As you can see from this screen capture, an answer and a non-authoritative answer are returned from the DNS query, and both have a return code of NOERROR, meaning that the DNS server does not have any rules in place to block this URL

Here is an example of a blocked response from the DNS server from looking up a fictional Web site

In contrast to the happy response shown above, here is what a blocked response from the DNS server looks like. As you can see from the authoritative response, the return code (rcode) is NXDOMAIN (Non-Existent Domain). As you can imagine, this will result in the blocked response that we saw when trying to access our Web page:

Unable to resolve target system name myWebSite.com

Further Investigation

Also very interesting is to look at the primary name server and responsible mail address returned by the NSLookup query.

As you can see in the example above, the return message was sent from imaginary network security software called BlockingSoftware. If you want to find out more about what’s going on, I suggest running a quick Google search of the software to see why the site is unreachable. There could be a variety of reasons including malware prevention software.

Conclusion

From our investigation, we tracked down the blocked response from the DNS Server and the software that was blocking the request.

It is most likely that the Web site we wanted to access was automatically blocked by some form of Intrusion Prevention software that is so prevalent on the networks of any business today. Perhaps an administrator of the network had some say in the matter in putting the site on a blockage list, but most likely this was a decision that the software took by itself based on its own proprietary criteria.

It is good that we were able to determine why the site does not appear, and it is always interesting to be able to run a simple investigation of the matter oneself.