• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 652
  • Last Modified:

Pings always come back with same IP address?

I have a customer with an AIX 4.3 server.  Yes I know it's old - we approached them about upgrading it but their app vendor is actually moving the app over to Windows, so it's moot to them right now.

Anyway, when I ping names from a command prompt, I get the same IP address back, but it's a non-answering IP.  For instance, if I ping "image1", I get the following response -

PING image1.domainname.com: (192.168.5.5): 56 data bytes
^C
----image1.domainname.com PING Statistics----
3 packets transmitted, 0 packets received, 100% packet loss

Now here's the kicker.  I have no idea where 192.168.5.5 is coming from.  The IP of this box is 192.168.5.2.  It's default gateway is 192.168.5.253.  It's DNS server is 192.168.5.41, and there is no image.domainname.com record on that particular DNS server.  There is a /etc/hosts file entry for image1, pointing it to the correct address - 192.168.5.8.  But still pings go out to 192.168.5.5.

So I thought I would try adding a new record to the hosts file and see what happened.  I added image2, address 192.168.5.8.  I ping, I get the same thing -

# ping image2
PING image2.domainname.com: (192.168.5.5): 56 data bytes
^C
----image2.domainname.com PING Statistics----
7 packets transmitted, 0 packets received, 100% packet loss
# ping maersk (I tried another host)
PING maersk.domainname.com: (192.168.5.5): 56 data bytes
^C
----maersk.domainname.com PING Statistics----
11 packets transmitted, 0 packets received, 100% packet loss

Here's what my hosts file looks like -

----------------Beginning of file (some IP's hidden to protect the innocent...
# more hosts
# @(#)47        1.1  com/cmd/net/netstart/hosts, bos, bos320 7/24/91 10:00:46
#
# The format of this file is:
# Internet Address      Hostname        # Comments
# Items are separated by any number of blanks and/or tabs.  A '#'
# indicates the beginning of a comment; characters up to the end of the
# line are not interpreted by routines which search this file.  Blank
# lines are allowed.
# Internet Address      Hostname        # Comments
# 192.9.200.1           net0sample      # ethernet name/address
# 128.100.0.1           token0sample    # token ring name/address
# 10.2.0.2              x25sample       # x.25 name/address
127.0.0.1               loopback localhost      # loopback (lo0) name/address
# 192.168.5.2   192.168.5.2
# 68.5.2
192.168.5.253   gateway
192.168.5.25    elite
192.168.5.27    hpsvr   IMAGE   HP8000
192.168.5.27    IMAGE
192.168.5.8     image1
192.168.5.60    tammy
192.168.5.61    lynn
192.168.5.62    kathy
192.168.5.71    jackie
192.168.5.63    carol
192.168.5.64    betty
192.168.5.2     wyatt  192.168.5.2
192.168.5.81    robinhold
192.168.5.74    robin
xxx.xxx.xxx.xxx    maersk
xxx.xxx.xxx.xxx   kleinpc
192.168.5.8     image1.domainname.com
192.168.5.8     image2
------------------------End of file

Thanks in advance for any advice you can give me.
0
mcrowley
Asked:
mcrowley
  • 6
  • 5
  • 4
  • +2
1 Solution
 
SysExpertCommented:
Very weird.

What happens with other servers ( windows )

Is there a proxy or DNS cache ?

Is here a Firewall or router between you and the server ?

I hope this helps !
0
 
bluetabCommented:
what happens when you "ping -a 192.168.5.5" and "ping -a 192.168.5.2"?  The -a asks for a name resolution.
0
 
mcrowleyAuthor Commented:
SysExpert - Windows servers work fine, and no firewalls or routers in play.

Bluetab - ping -a doesn't work from the AIX box.  From a Windows server, ping -a 192.168.5.5 comes back with nothing (no name, no ping), ping -a 192.168.5.2 comes back with no name, but pings fine.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SysExpertCommented:
1) Did this work in the past ?

2) maybe these are somehow virtualized on the server, so only 1 IP is actually used .

I hope this helps !
0
 
ezatonCommented:
Are you sure that 192.168.5.2  is the server's IP?
Also, please change the line to show
192.168.5.2  wyatt
instead of showing the IP twice. This is incorrect, and would serve no purpose.
Also - does the computer use NIS? What do you get if you try to run 'ypcat hosts'?

It seems to me that the server "thinks" its IP is 192.168.5.5. What happens if you try to change (or add virtual IP) to 192.168.5.5?

What is the output of netstat -r? netstat -i?
0
 
mcrowleyAuthor Commented:
SysExpert - Yes it did work in the past.  Up until about a week ago as a matter of fact.  Unsure what changed, if anything.  I don't believe there are any virtualized IP's.

ezaton - Yes, 192.168.5.2 is the server's IP.  That's what I use when I telnet to it, it's what shows up in SMIT, etc.  I did remove the redundant hosts file entry.

I'm a little confused about the thinking its IP is 192.168.5.5 part.  I only see references to 192.168.5.5 when I ping other hosts by name (by the way, it seems to be ANY name in the domainname.com domain), so it seems to me to be related to name-resolution.  Is there any command to show any cached names, or show where it's getting its name resolution from?  For instance, on a WinXP machine, I can do an "ipconfig /displaydns".

Output as requested -

# netstat -r
Routing tables
Destination      Gateway           Flags   Refs     Use  If   PMTU  Exp  Groups

Route Tree for Protocol Family 2 (Internet):
default          gateway           UG        1      754  en0     -   -
127/8            localhost         U         4      217  lo0     -   -
192.168.5/24     wyatt             U        22   279237  en0     -   -

Route Tree for Protocol Family 24 (Internet v6):
::1              ::1               UH        0        0  lo0 16896   -
# netstat -i
Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
lo0   16896 link#1                            3342     0    15032     0     0
lo0   16896 127         localhost             3342     0    15032     0     0
lo0   16896 ::1                               3342     0    15032     0     0
en0   1500  link#2      0.4.ac.49.75.23     454121     0   245115     0     0
en0   1500  192.168.5   wyatt               454121     0   245115     0     0
en1   1500  link#3      0.20.35.12.ff.ed         0     0      971   971     0
en1   1500  0           0.0.0.0                  0     0      971   971     0
et0   1492  link#4      0.4.ac.49.75.23          0     0      972     0     0
et0   1492  192.168.5   wyatt                    0     0      972     0     0
et1   1492  link#5      0.20.35.12.ff.ed         0     0        2     2     0
et1   1492  192.168.5   wyatt                    0     0        2     2     0
#
0
 
mcrowleyAuthor Commented:
One more thing - ypcat hosts errors out - no such command.
0
 
SysExpertCommented:
SOunds like DNS issues at a minimum.

Are there any windows or Linux Servers acting as a DNS server ?

If in an AD domain, I would run the DNS tools in the Window resource kit to se what it shows.

I hope this helps !
0
 
mcrowleyAuthor Commented:
That's what's confusing.  SMIT clearly says that the DNS server is 192.168.5.41, which is a Windows server I can look at.  But when I look at it, I don't see anything that suggests what is going on.
0
 
ezatonCommented:
/usr/bin/ypcat - this is the command you might want to run (could it not be in your PATH?)
Also, use nslookup to resolve names:
nslookup my.server.com
and see what is the output.

Also - run the command
lsnamsv
to view what is the naming order (you can compare this command to 'cat /etc/nsswitch.conf' in other *nix systems)
0
 
SysExpertCommented:
Like I said, run the DNS tools from the Windows server resource kit


http://support.microsoft.com/kb/927229 win 2000 Server resource kit tools
--------------------------------
2003 Server resource kit tools start here  http://www.microsoft.com/windowsserver2003/default.mspx
0
 
ezatonCommented:
Unlike I have said. Concentrate on the AIX system. Check if it even bothers to query DNS, or if it bothers checking the /etc/hosts file.
0
 
mcrowleyAuthor Commented:
Ok, I think I got it fixed.  It looks like this is what was going on -

UNIX server was configured to go to 192.168.5.41 for DNS.  When it pinged "anynamehere", it went to the DNS server, appending a domainname.com as a default domain.  So all of the pings said "pinging image1.domainname.com (192.168.5.5)" even when I just typed "ping image1" etc etc etc...

192.168.5.41 does not have a forward lookup zone for domainname.com, because the AD domain name is ad.domainname.com.  So just for grins, I changed SMIT to change the local domain name of the UNIX server to ad.domainname.com.  Suddenly, when I ping "image1", I get "pinging image1 (192.168.5.8)", which is correct.  I think that because 192.168.5.41 did not host domainname.com, it was sending it out to the Internet, and somehow returning back 192.168.5.5, somewhere along the line.  Now, the UNIX box will query DNS for image1.ad.domainname.com, which will return a negative answer, causing the UNIX box to look at the hosts file.

Once I'm sure this is permanently resolved, I'll award points.  Thank you both for your help.
0
 
ezatonCommented:
So it could be that actually, the change from -when-it-worked- to now was in the server 192.168.5.41, right?
0
 
mcrowleyAuthor Commented:
It's possible.  I know that the change I made was on the UNIX platform, but what you're saying is possible.  I wasn't the only one controlling either system, so I'm not sure.
0
 
ezatonCommented:
Well - good luck with it!
0
 
Computer101Commented:
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now