DNS: I can ping any IP address including various DNS servers. Why can't I resolve IP addresses from hostnames?

I have a computer running Windows 2000 Professional. I can browse by IP and ping any IP address but I cannot use nslookup to resolve IP addresses from hostnames. I've tried using my own DNS server and several others. Any suggestions?
njcalugarAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PaulHiebCommented:
If you have 2000 pro only, (no 2000 server on the LAN) you don't have you're own DNS server. One other thing -- nslookup only looks for DNS host names, not netbios hostnames common to a workgroup.

You might try pinging to hostnames and see what happens. I'm assuming that you're trying to get to shared drives and printers in a workgroup?
0
njcalugarAuthor Commented:
As stated above, I tried using my own DNS Server on my LAN (running on Windows 2000 Advanced Server - but who cares what the DNS Server is running) and other DNS servers outside of the LAN to resolve IP addresses from Fully Qualified DNS hostnames.

I can ping any valid IP address (LAN or Internet) including the DNS Servers outside of the LAN.

If I issue the command "nslookup www.google.com" it responds with:
DNS request timed out.
       timeout was 2 seconds.
*** Can't find server name for address 192.168.1.2: Timed out
DNS request timed out.
       timeout was 2 seconds.
*** Can't find server name for address 68.6.16.30: Timed out
DNS request timed out.
       timeout was 2 seconds.
*** Can't find server name for address 68.2.16.30: Timed out
*** Default servers are not available

The first IP address is the DNS server on my LAN, the other two belong to COX Internet Services.

I've replicated the error with two different NICs.

Thanks,

Nick
0
Netman66Commented:
Is your firewall blocking DNS responses?

Does your router have a helper address so that DNS can pass?

Advise.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

njcalugarAuthor Commented:
I have other clients of various flavors on the LAN using the same DNS Servers.

Thanks,

Nick
0
mburdickCommented:
njcalugar,

Your last response didn't answer Netman66's question.

What do you have between you and the Internet, and is it blocking DNS requests from your machine?

Also, have you checked the setting in IE to make sure that no proxy is configured (assuming you don't need one)? Don't even use the "Auto detect".
0
Netman66Commented:
Try this:

ipconfig /flushdns

then

ipconfig /registerdns

Advise.
0
njcalugarAuthor Commented:
No firewall blocking on DNS portnumbers...

I am not sure what Netman66 means by a router having a helper address for DNS to pass...i haven't configured the router to do anything special with DNS.

The point of my previous comment was that other clients on the same network segment can resolve IP addresses from Hostnames using any DNS Server.

I'm not bringing IE into the picture yet...just using nslookup.

I will follow Netman66 suggestion in the morning and post the results.

Thanks,

Nick
0
PaulHiebCommented:
"The point of my previous comment was that other clients on the same network segment can resolve IP addresses from Hostnames using any DNS Server. "

You can do this on any client via nslookup, pointed at any DNS server? That shouldn't be possible unless all of your clients are registering themselves to an authoritative DNS zone/server on the internet, which is possible, just not that common. And it would be hard to accomplish without strictly configured client machines. (the've got to be pointed to that one, authoritative name server.)

Also, just to point out, the autodetect feature in IE is for proxy settings and yes, don't use it, just wastes time looking for a proxy server.

Also, I think what netman66 was trying to figure out is if your router (still don't know the model) is doing DNS forwarding/proxying, though this isn't a common feature on basic routers. Still for this to hold true as a problem the router would have to be sniffing for DNS traffic from the LAN to ANY server and redirecting it to the server it was configured for. (haven't ever seen this as a feature on any router, and I've worked on most all of them).

Now then, I think we should stop and see what the score here is. What's still working/not working as of all this tinkering and gossip?
0
ralonsoCommented:
If other machines in the network are able to get DNS responses, obviously there is no problem with your router.
Probably you will have a corrupted dll in your machine.

If you want the easy solution, reinstall the machine.

If you want the technical solution:
get hold of network monitor (or any simmilar software). Start a capture and analyze the traffic. You will see what is really happening.
Alternatively, get filemon and regmon from sysinternals.com. Capture file and registry access during your nslookup process. Try to find any possible problem and compare registry keys with those of a working machine. Copy files from a healthy computer.

good luck
0
njcalugarAuthor Commented:
ralonso,

I ran the regmon and filemon utilities as suggested but everything looks fairly close to doing the same on a working machine. is there anything in particular i should look for?

Is there anyway to completely remove the networking components on Windows 2000 and reinstall?

thanks
0
PaulHiebCommented:
you can reinitialize the TCP/IP stack using the netsh utility:

http://support.microsoft.com/default.aspx?kbid=299357
0
njcalugarAuthor Commented:
btw

I don't think I mentioned this before but I am able to get a valid IP address, Subnet Mask, Default Gateway, and DNS Servers via DHCP.

thanks
0
PaulHiebCommented:
You also might try setting a DNS domain name suffix so that a 'ping hostname' command defaults to hostname.domain.com
0
mburdickCommented:
Any chance your machine is not using the router as its *sole* default gateway entry? Check the routing on the machine to be sure there aren't multiple default gateways and such. Also, double-check to be sure that the IP Address places the machine on the proper subnet, and verify that the mask is correct also.

You should also check the Advanced setting of your TCP/IP stack to see if any packet filtering or IPSEC policies have been implemented that might prevent DNS packets from exiting/entering the machine.

Any chance you have any firewall software loaded on this machine? If so, try disabling it...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ralonsoCommented:
try the following command

nslookup <dns_name_of_a_machine_in_your_network> <ipaddress_of_your_dns_server>

If you are not able to connect even to your local dns to resolve names in its local zone just reinstall the protocol.

From network and dial-up connections, check the properties for your network card, remove the tcp/ip protocol from the list

restart the machine and add the protocol again from the same place.

(as mburdick said, make sure that you don't have any firewall software on your machine, and I would eventually scan it for viruses)

If you use regmon and filemon, the problems are usually "access denied", or you will be able to locate registry keys and dll's invoked by your nslookup command, so that you can copy them from a healthy computer.

0
mburdickCommented:
Speaking of viruses...

There is at least one known trojan that messes with your DNS settings, and will wreak havoc on your ability to browse many of the search sites. In addition, there are a few "helper" toolbars that folks tend to like to add to their systems that will mess up connectivity. Get yourself a copy of Search & Destroy ...


http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button

Install it and run it. You might find your problem with that. You may need to use a different machine to download the software if you can't browse correctly on this one.
0
mburdickCommented:
So, what was the fix?
0
njcalugarAuthor Commented:
I would like to thank everyone for their help on this issue...

As suggested by mburdick, I looked into the Advanced TCP/IP Settings under the options tab: IP security. Someone had moved the radio button to "Use this IP security policy: Client (Respond Only)". I changed this to "Do not use IPSEC", restarted, and everything seems to be working fine.

Would anyone like to further enlighten me to what this setting does? I looked in Control Panel->Administrative Tools->Local Security Settings and found the description of this security policy to be "Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that server is secured". Why would this affect DNS Requests?

-Thanks
0
ralonsoCommented:
maybe your server has an IPSec policy as well?

If it had a policy set as "server" (I can't remember the exact term but there is one setting to accept IPSec but not require it), if the client supports IPSec it would try to use it.

Getting the integrated IPSec to work properly has never been an easy task.


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.