PING resolves wrong IP address, DNS Cache entry is wrong on a multi-homed domain controller

Posted on 2007-04-08
Last Modified: 2013-12-06

I am having difficulty trying to get my head around something with regards to name resolution and PING.

In particular, I have an incorrect entry in the DNS Cache on the machine in question and ping seems to resolve the name to the wrong IP. This name resolution problem is causing some headaches on the domain.

I have I Series AS/400 with integrated Windows Server card. Windows 2003 R2 SP1 is installed and is a DC and holds the FSMO roles. There are 3 other DCs on the network although this is the PDC. For those not familiar with this setup, these boxes have an internal token ring network that allows OS/400 and Windows to communicate directly. The network topology of the box is as follows:

   I5 AS/400 Box:
|    OS/400                                  Windows        |
|                                                                         |
|     Int. NIC                                      Int.NIC         |
|><----------   |
|   host: I5                                   Host I5Win      |
|                                                                        |
|     Ext NIC                                    Ext NIC         |
|                |
|          |                                               |             |
|         V                                             V             |

Just for note, the external NICs are paired Gigabit adapters (INTEL Pro1000) if that makes any difference

The windows NIC DNS server entry is pointed to itself ( and everything works as expected if you try to resolve any names using the FQDN. "Append Suffix" is set and is set to the local domain.

However for some reason, if you dump the DNS Cache you get:

   Record Name . . . . . : I5WIN
   Record Type . . . . . : 1
   Time To Live  . . . . : 573152
   Data Length . . . . . : 4
   Section . . . . . . . : Answer
   A (Host) Record . . . :

   Record Name . . . . . : I5WIN
   Record Type . . . . . : 1
   Time To Live  . . . . : 573152
   Data Length . . . . . : 4
   Section . . . . . . . : Answer
   A (Host) Record . . . :

   Record Name . . . . . : QI5
   Record Type . . . . . : 1
   Time To Live  . . . . : 573152
   Data Length . . . . . : 4
   Section . . . . . . . : Answer
   A (Host) Record . . . :

It's not that I wouldn't expect two entries, and in fact, I need to clean up the DNS records on a reboot as typically the 3.12 address registers itself even though I have set *not* to. But why and how is 3.11 getting into this local machines cache as I5Win?

This is driving me insane. Is there any way to remove this entry from the cache? flushing has no effect. Using NSLookup retrieves the correct results.
Question by:SilentExpert
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 18872757
First off - Multihomed is not recommended (nor do I believe supported) for Domain controllers. Every time I have attempted to troubleshoot a multihomed issue on a DC with Microsoft they pretty much will not do any further testing until the secondary NIC is disabled.

When i have had no choice but to have a multihomed server I remove the  Microosft client and file and printer sharing from the nic. I also make sure there is no gateway. I also remove the DNS update (which sounds like you already did).

Does the Pinfing to the FQDN result in varying answers - or is one address consistenly being picked up?
Maybe attempt to put a PTR in DNS with the address you want to be resolved?

Author Comment

ID: 18876652
I agree re:multi-homed - unfortunately I have no choice. The box is setup to use that internal network to allow OS/400 and Windows to communicate, and naturally, they use some of the server services to comminicate. Yeah, there is no gateway or DNS registration on the NIC in question.

The weird thing is that 3.11 which is on the OS/400 side gets into the local machine DNS Cache as I5Win. The windows side (which is named I5Win) cannot even see this adapter as it is the AS/400. How it gets into the cache baffles me, particularly because it is wrong. Does that make sense? I could see the OS/400 side registering itself in DNS, but then I would expect it in DNS, not the cache. I am going to explore the 'green screen' side some more and see if I can post some information from that side that might help
LVL 27

Expert Comment

ID: 18877916

Hard to answer with more than a guess without some experience with your network and configuration. First thing I'd try is to flush that ARP (Address Resolution Protocol) cache to see if the request can be forced to go out to external DNS.

Here's a trivial example of calling the Clear ARP Table API using ILE CL:

------ Begin
/*  CRTBNDCL   PGM(your-lib/CLRARP)             +
              SRCFILE(your-lib/QCLSRC)         +
              SRCMBR(CLRARP)              */

pgm    ( &line )

   dcl   &line *char 10

   callprc    'QtocRmvARPTblE'      ( +
                                      &line          +
                                      x'00000000'    +
                                      '*ALL      '   +
                                      x'00000000'    +
------ End

Call the program with the parm for name of the line description that you use on the AS/400 for this TCP/IP access. (Use whatever you want for program name.) If it works, then you're done. Otherwise, we're into more guesses.


Author Comment

ID: 18907400
I discovered the problem. The iSeries integration softwave (which runs as a service on the windows OS side and facilitates commincation between the two OS's) was 'helping' me by placing the offending values into the DNS cache.

You would think IBM would document this 'feature'......

Thanks for your thoughts everyone.

Accepted Solution

Computer101 earned 0 total points
ID: 19204316
PAQed with points refunded (500)

EE Admin

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change BIOS legacy mode to UEFI without losing OS 12 71
exchange, IIS, Load balancer 11 55
DB2 9.7 Grant Execute SP 4 60
Promote Server 2012 R2 on Server 2003 domain 13 76
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question