mcrowley
asked on
Pings always come back with same IP address?
I have a customer with an AIX 4.3 server. Yes I know it's old - we approached them about upgrading it but their app vendor is actually moving the app over to Windows, so it's moot to them right now.
Anyway, when I ping names from a command prompt, I get the same IP address back, but it's a non-answering IP. For instance, if I ping "image1", I get the following response -
PING image1.domainname.com: (192.168.5.5): 56 data bytes
^C
----image1.domainname.com PING Statistics----
3 packets transmitted, 0 packets received, 100% packet loss
Now here's the kicker. I have no idea where 192.168.5.5 is coming from. The IP of this box is 192.168.5.2. It's default gateway is 192.168.5.253. It's DNS server is 192.168.5.41, and there is no image.domainname.com record on that particular DNS server. There is a /etc/hosts file entry for image1, pointing it to the correct address - 192.168.5.8. But still pings go out to 192.168.5.5.
So I thought I would try adding a new record to the hosts file and see what happened. I added image2, address 192.168.5.8. I ping, I get the same thing -
# ping image2
PING image2.domainname.com: (192.168.5.5): 56 data bytes
^C
----image2.domainname.com PING Statistics----
7 packets transmitted, 0 packets received, 100% packet loss
# ping maersk (I tried another host)
PING maersk.domainname.com: (192.168.5.5): 56 data bytes
^C
----maersk.domainname.com PING Statistics----
11 packets transmitted, 0 packets received, 100% packet loss
Here's what my hosts file looks like -
----------------Beginning of file (some IP's hidden to protect the innocent...
# more hosts
# @(#)47 1.1 com/cmd/net/netstart/hosts
#
# The format of this file is:
# Internet Address Hostname # Comments
# Items are separated by any number of blanks and/or tabs. A '#'
# indicates the beginning of a comment; characters up to the end of the
# line are not interpreted by routines which search this file. Blank
# lines are allowed.
# Internet Address Hostname # Comments
# 192.9.200.1 net0sample # ethernet name/address
# 128.100.0.1 token0sample # token ring name/address
# 10.2.0.2 x25sample # x.25 name/address
127.0.0.1 loopback localhost # loopback (lo0) name/address
# 192.168.5.2 192.168.5.2
# 68.5.2
192.168.5.253 gateway
192.168.5.25 elite
192.168.5.27 hpsvr IMAGE HP8000
192.168.5.27 IMAGE
192.168.5.8 image1
192.168.5.60 tammy
192.168.5.61 lynn
192.168.5.62 kathy
192.168.5.71 jackie
192.168.5.63 carol
192.168.5.64 betty
192.168.5.2 wyatt 192.168.5.2
192.168.5.81 robinhold
192.168.5.74 robin
xxx.xxx.xxx.xxx maersk
xxx.xxx.xxx.xxx kleinpc
192.168.5.8 image1.domainname.com
192.168.5.8 image2
------------------------En
Thanks in advance for any advice you can give me.
Anyway, when I ping names from a command prompt, I get the same IP address back, but it's a non-answering IP. For instance, if I ping "image1", I get the following response -
PING image1.domainname.com: (192.168.5.5): 56 data bytes
^C
----image1.domainname.com PING Statistics----
3 packets transmitted, 0 packets received, 100% packet loss
Now here's the kicker. I have no idea where 192.168.5.5 is coming from. The IP of this box is 192.168.5.2. It's default gateway is 192.168.5.253. It's DNS server is 192.168.5.41, and there is no image.domainname.com record on that particular DNS server. There is a /etc/hosts file entry for image1, pointing it to the correct address - 192.168.5.8. But still pings go out to 192.168.5.5.
So I thought I would try adding a new record to the hosts file and see what happened. I added image2, address 192.168.5.8. I ping, I get the same thing -
# ping image2
PING image2.domainname.com: (192.168.5.5): 56 data bytes
^C
----image2.domainname.com PING Statistics----
7 packets transmitted, 0 packets received, 100% packet loss
# ping maersk (I tried another host)
PING maersk.domainname.com: (192.168.5.5): 56 data bytes
^C
----maersk.domainname.com PING Statistics----
11 packets transmitted, 0 packets received, 100% packet loss
Here's what my hosts file looks like -
----------------Beginning of file (some IP's hidden to protect the innocent...
# more hosts
# @(#)47 1.1 com/cmd/net/netstart/hosts
#
# The format of this file is:
# Internet Address Hostname # Comments
# Items are separated by any number of blanks and/or tabs. A '#'
# indicates the beginning of a comment; characters up to the end of the
# line are not interpreted by routines which search this file. Blank
# lines are allowed.
# Internet Address Hostname # Comments
# 192.9.200.1 net0sample # ethernet name/address
# 128.100.0.1 token0sample # token ring name/address
# 10.2.0.2 x25sample # x.25 name/address
127.0.0.1 loopback localhost # loopback (lo0) name/address
# 192.168.5.2 192.168.5.2
# 68.5.2
192.168.5.253 gateway
192.168.5.25 elite
192.168.5.27 hpsvr IMAGE HP8000
192.168.5.27 IMAGE
192.168.5.8 image1
192.168.5.60 tammy
192.168.5.61 lynn
192.168.5.62 kathy
192.168.5.71 jackie
192.168.5.63 carol
192.168.5.64 betty
192.168.5.2 wyatt 192.168.5.2
192.168.5.81 robinhold
192.168.5.74 robin
xxx.xxx.xxx.xxx maersk
xxx.xxx.xxx.xxx kleinpc
192.168.5.8 image1.domainname.com
192.168.5.8 image2
------------------------En
Thanks in advance for any advice you can give me.
what happens when you "ping -a 192.168.5.5" and "ping -a 192.168.5.2"? The -a asks for a name resolution.
ASKER
SysExpert - Windows servers work fine, and no firewalls or routers in play.
Bluetab - ping -a doesn't work from the AIX box. From a Windows server, ping -a 192.168.5.5 comes back with nothing (no name, no ping), ping -a 192.168.5.2 comes back with no name, but pings fine.
Bluetab - ping -a doesn't work from the AIX box. From a Windows server, ping -a 192.168.5.5 comes back with nothing (no name, no ping), ping -a 192.168.5.2 comes back with no name, but pings fine.
1) Did this work in the past ?
2) maybe these are somehow virtualized on the server, so only 1 IP is actually used .
I hope this helps !
2) maybe these are somehow virtualized on the server, so only 1 IP is actually used .
I hope this helps !
Are you sure that 192.168.5.2 is the server's IP?
Also, please change the line to show
192.168.5.2 wyatt
instead of showing the IP twice. This is incorrect, and would serve no purpose.
Also - does the computer use NIS? What do you get if you try to run 'ypcat hosts'?
It seems to me that the server "thinks" its IP is 192.168.5.5. What happens if you try to change (or add virtual IP) to 192.168.5.5?
What is the output of netstat -r? netstat -i?
Also, please change the line to show
192.168.5.2 wyatt
instead of showing the IP twice. This is incorrect, and would serve no purpose.
Also - does the computer use NIS? What do you get if you try to run 'ypcat hosts'?
It seems to me that the server "thinks" its IP is 192.168.5.5. What happens if you try to change (or add virtual IP) to 192.168.5.5?
What is the output of netstat -r? netstat -i?
ASKER
SysExpert - Yes it did work in the past. Up until about a week ago as a matter of fact. Unsure what changed, if anything. I don't believe there are any virtualized IP's.
ezaton - Yes, 192.168.5.2 is the server's IP. That's what I use when I telnet to it, it's what shows up in SMIT, etc. I did remove the redundant hosts file entry.
I'm a little confused about the thinking its IP is 192.168.5.5 part. I only see references to 192.168.5.5 when I ping other hosts by name (by the way, it seems to be ANY name in the domainname.com domain), so it seems to me to be related to name-resolution. Is there any command to show any cached names, or show where it's getting its name resolution from? For instance, on a WinXP machine, I can do an "ipconfig /displaydns".
Output as requested -
# netstat -r
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups
Route Tree for Protocol Family 2 (Internet):
default gateway UG 1 754 en0 - -
127/8 localhost U 4 217 lo0 - -
192.168.5/24 wyatt U 22 279237 en0 - -
Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 0 lo0 16896 -
# netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16896 link#1 3342 0 15032 0 0
lo0 16896 127 localhost 3342 0 15032 0 0
lo0 16896 ::1 3342 0 15032 0 0
en0 1500 link#2 0.4.ac.49.75.23 454121 0 245115 0 0
en0 1500 192.168.5 wyatt 454121 0 245115 0 0
en1 1500 link#3 0.20.35.12.ff.ed 0 0 971 971 0
en1 1500 0 0.0.0.0 0 0 971 971 0
et0 1492 link#4 0.4.ac.49.75.23 0 0 972 0 0
et0 1492 192.168.5 wyatt 0 0 972 0 0
et1 1492 link#5 0.20.35.12.ff.ed 0 0 2 2 0
et1 1492 192.168.5 wyatt 0 0 2 2 0
#
ezaton - Yes, 192.168.5.2 is the server's IP. That's what I use when I telnet to it, it's what shows up in SMIT, etc. I did remove the redundant hosts file entry.
I'm a little confused about the thinking its IP is 192.168.5.5 part. I only see references to 192.168.5.5 when I ping other hosts by name (by the way, it seems to be ANY name in the domainname.com domain), so it seems to me to be related to name-resolution. Is there any command to show any cached names, or show where it's getting its name resolution from? For instance, on a WinXP machine, I can do an "ipconfig /displaydns".
Output as requested -
# netstat -r
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups
Route Tree for Protocol Family 2 (Internet):
default gateway UG 1 754 en0 - -
127/8 localhost U 4 217 lo0 - -
192.168.5/24 wyatt U 22 279237 en0 - -
Route Tree for Protocol Family 24 (Internet v6):
::1 ::1 UH 0 0 lo0 16896 -
# netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16896 link#1 3342 0 15032 0 0
lo0 16896 127 localhost 3342 0 15032 0 0
lo0 16896 ::1 3342 0 15032 0 0
en0 1500 link#2 0.4.ac.49.75.23 454121 0 245115 0 0
en0 1500 192.168.5 wyatt 454121 0 245115 0 0
en1 1500 link#3 0.20.35.12.ff.ed 0 0 971 971 0
en1 1500 0 0.0.0.0 0 0 971 971 0
et0 1492 link#4 0.4.ac.49.75.23 0 0 972 0 0
et0 1492 192.168.5 wyatt 0 0 972 0 0
et1 1492 link#5 0.20.35.12.ff.ed 0 0 2 2 0
et1 1492 192.168.5 wyatt 0 0 2 2 0
#
ASKER
One more thing - ypcat hosts errors out - no such command.
SOunds like DNS issues at a minimum.
Are there any windows or Linux Servers acting as a DNS server ?
If in an AD domain, I would run the DNS tools in the Window resource kit to se what it shows.
I hope this helps !
Are there any windows or Linux Servers acting as a DNS server ?
If in an AD domain, I would run the DNS tools in the Window resource kit to se what it shows.
I hope this helps !
ASKER
That's what's confusing. SMIT clearly says that the DNS server is 192.168.5.41, which is a Windows server I can look at. But when I look at it, I don't see anything that suggests what is going on.
/usr/bin/ypcat - this is the command you might want to run (could it not be in your PATH?)
Also, use nslookup to resolve names:
nslookup my.server.com
and see what is the output.
Also - run the command
lsnamsv
to view what is the naming order (you can compare this command to 'cat /etc/nsswitch.conf' in other *nix systems)
Also, use nslookup to resolve names:
nslookup my.server.com
and see what is the output.
Also - run the command
lsnamsv
to view what is the naming order (you can compare this command to 'cat /etc/nsswitch.conf' in other *nix systems)
Like I said, run the DNS tools from the Windows server resource kit
http://support.microsoft.com/kb/927229 win 2000 Server resource kit tools
--------------------------
2003 Server resource kit tools start here http://www.microsoft.com/windowsserver2003/default.mspx
http://support.microsoft.com/kb/927229 win 2000 Server resource kit tools
--------------------------
2003 Server resource kit tools start here http://www.microsoft.com/windowsserver2003/default.mspx
Unlike I have said. Concentrate on the AIX system. Check if it even bothers to query DNS, or if it bothers checking the /etc/hosts file.
ASKER
Ok, I think I got it fixed. It looks like this is what was going on -
UNIX server was configured to go to 192.168.5.41 for DNS. When it pinged "anynamehere", it went to the DNS server, appending a domainname.com as a default domain. So all of the pings said "pinging image1.domainname.com (192.168.5.5)" even when I just typed "ping image1" etc etc etc...
192.168.5.41 does not have a forward lookup zone for domainname.com, because the AD domain name is ad.domainname.com. So just for grins, I changed SMIT to change the local domain name of the UNIX server to ad.domainname.com. Suddenly, when I ping "image1", I get "pinging image1 (192.168.5.8)", which is correct. I think that because 192.168.5.41 did not host domainname.com, it was sending it out to the Internet, and somehow returning back 192.168.5.5, somewhere along the line. Now, the UNIX box will query DNS for image1.ad.domainname.com, which will return a negative answer, causing the UNIX box to look at the hosts file.
Once I'm sure this is permanently resolved, I'll award points. Thank you both for your help.
UNIX server was configured to go to 192.168.5.41 for DNS. When it pinged "anynamehere", it went to the DNS server, appending a domainname.com as a default domain. So all of the pings said "pinging image1.domainname.com (192.168.5.5)" even when I just typed "ping image1" etc etc etc...
192.168.5.41 does not have a forward lookup zone for domainname.com, because the AD domain name is ad.domainname.com. So just for grins, I changed SMIT to change the local domain name of the UNIX server to ad.domainname.com. Suddenly, when I ping "image1", I get "pinging image1 (192.168.5.8)", which is correct. I think that because 192.168.5.41 did not host domainname.com, it was sending it out to the Internet, and somehow returning back 192.168.5.5, somewhere along the line. Now, the UNIX box will query DNS for image1.ad.domainname.com, which will return a negative answer, causing the UNIX box to look at the hosts file.
Once I'm sure this is permanently resolved, I'll award points. Thank you both for your help.
So it could be that actually, the change from -when-it-worked- to now was in the server 192.168.5.41, right?
ASKER
It's possible. I know that the change I made was on the UNIX platform, but what you're saying is possible. I wasn't the only one controlling either system, so I'm not sure.
Well - good luck with it!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What happens with other servers ( windows )
Is there a proxy or DNS cache ?
Is here a Firewall or router between you and the server ?
I hope this helps !