NSLOOKUP normal, but certain machines not resolving anyway
Posted on 2006-04-24
I am in the process of migrating my users from an NT network to a Win2003 Network. Those users who are still on the NT network point to three corporate DNS's outside our facility and system, and all of them have private IP's. Recently, users on the NT network started calling me to report they were offline. When I sit down at their machines, I can see they are online, but not resolving. I can ping by number but not by name, and can browse by number but not name. If I do NSLOOKUP, I get responses from the DNS servers, but I still cannot ping by name or load web pages by name. Rebooting does not change anything. The DNS folks seem to think it is at my end, but I am having trouble finding what is unique to the particular users having the problem (about 8 out of 75), and why it started when it did, as nothing had changed. The rest of my users are not having this problem even though they all point to the same DNS's.
No events are pointing to any DNS problems on the computers. How often it happens varies. A couple are off nearly all the time, others do it every week or two. Each is unique and frequency varies. They pop online at odd times, no discernible time or activity causes them to start resolving.
I installed ethereal on one machine and ran pings and NSLOOKUPs while it was resolving and again while it was not, here is the result:
Resolving: I see queries go out and responses come back for pings (Standard query A and Standard response from the DNS with the IP), then the four ICMP ping request and responses, and I see NSLOOKUPs that look normal (Standard query A, Standard Response with the IP). I also see a tons of Standard query PTR for internal private IPs, which appears to go on all the time, and responses of "no such name".
Not resolving: When I ping, I see the queries go out (Standard query A), but nothing comes back. It tries each DNS in the list and gets no response, then no ICMPs. NSLOOKUPs look as though everything is peachy. I see Standard query A go out and Standard Responses come back with the correct IP. I also still see the Standard query PTR for internal private IP's and Standard responses "No such Name".
It turns out that locations all over the country are having the exact experience I am having, just a few users at each, and their descriptions are identical to my problem. NSLOOKUPS always work, even when there is clearly no resolving going on for pings or web browsing. I added a registry setting to increase the DNS query timeout and an adapter timeout, but it has made no difference. If I migrate one of these users to the Win2003 network, where they point to our local DNS that uses the corporate DNS's as forwarders, the clients no longer have a problem. However, some of these machines have to stay on the NT network for now and I am getting nowhere. All the clients are Windows XP, all patched and with current virus definitions. The DNS folks seem to be hanging us out to dry - not their problem. I am plumb out of ideas. I have tried IPCONFIG to renew their DHCP numbers, set fixed IPs on them, flushed their DNS caches and reinstalled networking on them. I have found nothing that sets these machines apart from the 60+ that are working normally.