Using DNS Console cache to troubleshoot a geo-location block issue

Share this:

How to use DNS Manager to troubleshoot a geo-location restriction in the firewall.


I had this interesting situation in one of my customers, where he wasn’t able to resolve the name So my first step was to run nslookup against the DNS Server from my lab to get check if it was a domain issue or not. Well on my lab it worked like a charm.


When I tried the same thing from my customer side, I got the following error.


Well, DNS to the rescue, I went back to may lab, and selected Advanced on the DNS Console.


After that, I expanded Cached Lookups, .(root), and then I clicked on the pro.


Inside of the pro, I found the domain xtools, when I clicked on it I saw all the NS servers hosting that domain and for my surprise they were located in Russia.


So my first question to my customer was: are you guys performing geo-location blocking at your Firewall level, and the answer was yes. In order to close the case, I asked just to confirm if they are blocking Russia, and they said yes. So, case closed!

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).