Solved

Ping to FQDN resolves ok, but replies are from 127.0.0.1 (localhost)

Posted on 2004-07-30
8
864 Views
Last Modified: 2012-08-13
We had to renumber our Windows 2003 domain.  Exchange server was reregistered with new address in DNS.  All caches were flushed, no local HOSTS files anywhere.  DNS resolves OK, ping initially resolves OK, but echo replies are from localhost.  Eventually resolved by manually recreating the DNS entry, but I'd like to know what happened.  Here are some entries from the command prompt logs; these commands were run on the DNS server, but identical results were obtained from all clients (XP Pro) tested.

C:\>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\>nslookup exchange.crec.ifas.ufl.edu
Server:  tangelo.lal.ufl.edu
Address:  10.230.48.200

Name:    exchange.crec.ifas.ufl.edu
Address:  127.227.177.78

C:\>ping exchange.crec.ifas.ufl.edu.

Pinging exchange.crec.ifas.ufl.edu [127.227.177.78] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.227.177.78:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping 128.227.177.78

Pinging 128.227.177.78 with 32 bytes of data:

Reply from 128.227.177.78: bytes=32 time<1ms TTL=128
Reply from 128.227.177.78: bytes=32 time<1ms TTL=128
Reply from 128.227.177.78: bytes=32 time<1ms TTL=128
Reply from 128.227.177.78: bytes=32 time<1ms TTL=128

Ping statistics for 128.227.177.78:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Needless to say, anyone trying to access Exchange failed.  My question is obvious, I guess -- Why, when DNS appears to resolve properly, does the echo reply come from localhost, rather than the echo target?  If I clear the cache, execute the ping, and immediately look at the DNS cache, I see:

C:\>ipconfig /displaydns

Windows IP Configuration

    1.0.0.127.in-addr.arpa
    ----------------------------------------
    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live  . . . . : 0
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    PTR Record  . . . . . : localhost


    exchange.crec.ifas.ufl.edu
    ----------------------------------------
    Record Name . . . . . : exchange.crec.ifas.ufl.edu
    Record Type . . . . . : 1
    Time To Live  . . . . : 3563
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.227.177.78


    localhost
    ----------------------------------------
    Record Name . . . . . : localhost
    Record Type . . . . . : 1
    Time To Live  . . . . : 0
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1

As I said earlier, we made the problem go away by manually deleting and recreating the A record in DNS for Exchange, but making the problem go away isn't really the same as solving it; it's worth 250 points to me to understand what happened.
0
Comment
Question by:mfa073198
  • 2
  • 2
8 Comments
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
ID: 11687938
why are you using the loopback address as the ip address? 127.x.x.x is reserverd for loopback
use one of the reservered private ip schemes
Three range of private IP addresses has been selected for the three network class.

For Class A network, 10.0.0.0 - 10.255.255.255 (10/8 prefix) range (For big network that requires a huge pool of 16 million private IP addresses)

For Class B network, 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) range (For medium-sized network that requires 65000 private IP addresses)

For Class C network, 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) range (Commonly used IP range on smaller network for easier addressing of 254 IP addresses. May not necessarily be smaller network but network managed in smaller blocks.)

Beside these, there is Microsoft’s 169.254.0.0 range of default IP addresses that are allocated to systems when they are unable to obtain address from a DHCP server.
0
 
LVL 1

Author Comment

by:mfa073198
ID: 13334210
This question has not been answered by any stretch of the imagination.  I would ask that it be abandoned and no points awarded.
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 13334416
Personally, I don't care, but
let see here
my first post
08/01/2004 09:48AM EST
result
no feedback from questioner

first admin comment
Date: 01/25/2005 06:07PM EST
result
no feedback from questioner

second admin comment
02/13/2005 10:23AM EST
result
no feedback from questioner

force accept
02/17/2005 07:31AM EST
now we here from questioner
0
 
LVL 1

Author Comment

by:mfa073198
ID: 13335899
What's missing in the answer is an answer.  On 2/13, TheLearnedOne said I had 4 days (that works out to today) to post an objection, which I did.  At this point it's not worth my time to pursue it, so do whatever you want.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now