SilentExpert
asked on
PING resolves wrong IP address, DNS Cache entry is wrong on a multi-homed domain controller
Hello,
I am having difficulty trying to get my head around something with regards to name resolution and PING.
In particular, I have an incorrect entry in the DNS Cache on the machine in question and ping seems to resolve the name to the wrong IP. This name resolution problem is causing some headaches on the domain.
I have I Series AS/400 with integrated Windows Server card. Windows 2003 R2 SP1 is installed and is a DC and holds the FSMO roles. There are 3 other DCs on the network although this is the PDC. For those not familiar with this setup, these boxes have an internal token ring network that allows OS/400 and Windows to communicate directly. The network topology of the box is as follows:
I5 AS/400 Box:
__________________________
| OS/400 Windows |
| |
| Int. NIC Int.NIC |
| 192.168.3.11------><------
| host: I5 Host I5Win |
| |
| Ext NIC Ext NIC |
| 192.168.1.12 192.168.1.11 |
| | | |
| V V |
-----------------Lan------
Just for note, the external NICs are paired Gigabit adapters (INTEL Pro1000) if that makes any difference
The windows NIC DNS server entry is pointed to itself (192.168.1.11) and everything works as expected if you try to resolve any names using the FQDN. "Append Suffix" is set and is set to the local domain.
However for some reason, if you dump the DNS Cache you get:
i5win
--------------------------
Record Name . . . . . : I5WIN
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.3.11
Record Name . . . . . : I5WIN
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.1.11
qi5
--------------------------
Record Name . . . . . : QI5
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.3.11
It's not that I wouldn't expect two entries, and in fact, I need to clean up the DNS records on a reboot as typically the 3.12 address registers itself even though I have set *not* to. But why and how is 3.11 getting into this local machines cache as I5Win?
This is driving me insane. Is there any way to remove this entry from the cache? flushing has no effect. Using NSLookup retrieves the correct results.
I am having difficulty trying to get my head around something with regards to name resolution and PING.
In particular, I have an incorrect entry in the DNS Cache on the machine in question and ping seems to resolve the name to the wrong IP. This name resolution problem is causing some headaches on the domain.
I have I Series AS/400 with integrated Windows Server card. Windows 2003 R2 SP1 is installed and is a DC and holds the FSMO roles. There are 3 other DCs on the network although this is the PDC. For those not familiar with this setup, these boxes have an internal token ring network that allows OS/400 and Windows to communicate directly. The network topology of the box is as follows:
I5 AS/400 Box:
__________________________
| OS/400 Windows |
| |
| Int. NIC Int.NIC |
| 192.168.3.11------><------
| host: I5 Host I5Win |
| |
| Ext NIC Ext NIC |
| 192.168.1.12 192.168.1.11 |
| | | |
| V V |
-----------------Lan------
Just for note, the external NICs are paired Gigabit adapters (INTEL Pro1000) if that makes any difference
The windows NIC DNS server entry is pointed to itself (192.168.1.11) and everything works as expected if you try to resolve any names using the FQDN. "Append Suffix" is set and is set to the local domain.
However for some reason, if you dump the DNS Cache you get:
i5win
--------------------------
Record Name . . . . . : I5WIN
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.3.11
Record Name . . . . . : I5WIN
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.1.11
qi5
--------------------------
Record Name . . . . . : QI5
Record Type . . . . . : 1
Time To Live . . . . : 573152
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.3.11
It's not that I wouldn't expect two entries, and in fact, I need to clean up the DNS records on a reboot as typically the 3.12 address registers itself even though I have set *not* to. But why and how is 3.11 getting into this local machines cache as I5Win?
This is driving me insane. Is there any way to remove this entry from the cache? flushing has no effect. Using NSLookup retrieves the correct results.
ASKER
I agree re:multi-homed - unfortunately I have no choice. The box is setup to use that internal network to allow OS/400 and Windows to communicate, and naturally, they use some of the server services to comminicate. Yeah, there is no gateway or DNS registration on the NIC in question.
The weird thing is that 3.11 which is on the OS/400 side gets into the local machine DNS Cache as I5Win. The windows side (which is named I5Win) cannot even see this adapter as it is the AS/400. How it gets into the cache baffles me, particularly because it is wrong. Does that make sense? I could see the OS/400 side registering itself in DNS, but then I would expect it in DNS, not the cache. I am going to explore the 'green screen' side some more and see if I can post some information from that side that might help
The weird thing is that 3.11 which is on the OS/400 side gets into the local machine DNS Cache as I5Win. The windows side (which is named I5Win) cannot even see this adapter as it is the AS/400. How it gets into the cache baffles me, particularly because it is wrong. Does that make sense? I could see the OS/400 side registering itself in DNS, but then I would expect it in DNS, not the cache. I am going to explore the 'green screen' side some more and see if I can post some information from that side that might help
SilentExpert:
Hard to answer with more than a guess without some experience with your network and configuration. First thing I'd try is to flush that ARP (Address Resolution Protocol) cache to see if the request can be forced to go out to external DNS.
Here's a trivial example of calling the Clear ARP Table API using ILE CL:
------ Begin
/* CRTBNDCL PGM(your-lib/CLRARP) +
SRCFILE(your-lib/QCLSRC) +
SRCMBR(CLRARP) */
pgm ( &line )
dcl &line *char 10
callprc 'QtocRmvARPTblE' ( +
&line +
x'00000000' +
'*ALL ' +
x'00000000' +
)
endpgm
------ End
Call the program with the parm for name of the line description that you use on the AS/400 for this TCP/IP access. (Use whatever you want for program name.) If it works, then you're done. Otherwise, we're into more guesses.
Tom
Hard to answer with more than a guess without some experience with your network and configuration. First thing I'd try is to flush that ARP (Address Resolution Protocol) cache to see if the request can be forced to go out to external DNS.
Here's a trivial example of calling the Clear ARP Table API using ILE CL:
------ Begin
/* CRTBNDCL PGM(your-lib/CLRARP) +
SRCFILE(your-lib/QCLSRC) +
SRCMBR(CLRARP) */
pgm ( &line )
dcl &line *char 10
callprc 'QtocRmvARPTblE' ( +
&line +
x'00000000' +
'*ALL ' +
x'00000000' +
)
endpgm
------ End
Call the program with the parm for name of the line description that you use on the AS/400 for this TCP/IP access. (Use whatever you want for program name.) If it works, then you're done. Otherwise, we're into more guesses.
Tom
ASKER
I discovered the problem. The iSeries integration softwave (which runs as a service on the windows OS side and facilitates commincation between the two OS's) was 'helping' me by placing the offending values into the DNS cache.
You would think IBM would document this 'feature'......
Thanks for your thoughts everyone.
You would think IBM would document this 'feature'......
Thanks for your thoughts everyone.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When i have had no choice but to have a multihomed server I remove the Microosft client and file and printer sharing from the nic. I also make sure there is no gateway. I also remove the DNS update (which sounds like you already did).
Does the Pinfing to the FQDN result in varying answers - or is one address consistenly being picked up?
Maybe attempt to put a PTR in DNS with the address you want to be resolved?