Link to home
Create AccountLog in
Avatar of pbhcpa
pbhcpaFlag for United States of America

asked on

DNS not resolving correctly on LAN

I have 2 AD Controllers running server 2003. One provides DNS on the LAN and one provides DHCP. I noticed that when pinging machine names the IPs were not matching up. I tried to connect via mstsc using the machine name but actually connected to another that had a current lease. I get into the DC that provides DHCP and ping the machine name in question and it resolves correctly. I get into the DC that is our DNS server and it has another machine that is responding. So I did this.

1. Opened dnsmgmt. Checked the entries in the fwd & rev lookup zones. They were correct.
2. Cleared the cache. Machine name ping was incorrect.
3. ran ipconfig /flushdns. Still incorrect.
4. ran netsh interface ip delete arpcache. Still incorrect.
5. rebooted. Still incorrect.
6. ran nbtstat -a [ip]. Shows the correct machine name but the machine name ping is still incorrect.

I can go to other machines and ping this machine name and it is correct. Just not on my DNS server. Weird. I can edit the hosts file on the server and it works but I would prefer to find the underlying cause.
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image


There's no duplicate entry in DNS for the name? Just wondering if you're getting a Round Robin response, sometimes right, sometimes not.

Chris
Avatar of pbhcpa

ASKER

There is only one (A) record and one PTR. Is that what you mean?

Yeah, it is what I mean :)

Does "nslookup <name>" show the correct IP then?

Chris
Avatar of pbhcpa

ASKER

No. It says it can't find it. (I first commented out the hosts file entry and it went back to resolving to the wrong ip).
Avatar of pbhcpa

ASKER

Even when I have the hosts file entry active, nslookup for that host does not work.

But it exists as an entry in every DNS Server listed in TCP/IP configuration? And when you pop in nslookup and return it gives you the correct DNS server?

Chris
Avatar of pbhcpa

ASKER

Yes and Yes.

Well that's annoying...

I can't shake the belief that it's querying the wrong DNS server, hence the bad response.

You don't have any additional network cards in there with different DNS Servers?

"ipconfig /displaydns" presumably shows the incorrect entry in the cache?

A manually directed query like this returns the correct value?

nslookup -q=a <Name> <DNSServer>

Chris
Avatar of pbhcpa

ASKER

There is only one NIC.

When I run ipconfig /displaydns the hostname in question does not even show up. For the nslookup I get this:

C:\>nslookup -q=a dt00026 192.168.0.17
*** Can't find server name for address 192.168.0.17: Non-existent domain
Server:  UnKnown
Address:  192.168.0.17

Name:    dt00026.pbhcpa.local
Address:  192.168.0.230

192.168.0.17 is the address of my DNS server - the machine from which I am trying to correctly resolve my machine dt00026.

This IP address is correct for dt00026. This machine was configured for DHCP at one time and apparently the dynamic IP was 192.168.0.36. From this server only when I ping dt00026 I get a reply from whatever machine currently has 192.168.0.36 instead of my machine replying with 192.168.0.230. Weird.

I can ping 192.168.0.230 fine. I can run nbtstat -a 192.168.0.230 and I get

C:\nbtstat -a 192.168.0.230

LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    DT00026        <00>  UNIQUE      Registered
    PBHCPA         <00>  GROUP       Registered
    DT00026        <20>  UNIQUE      Registered
    PBHCPA         <1E>  GROUP       Registered
    DT00026        <01>  UNIQUE      Registered

    MAC Address = 00-1D-09-7D-19-A7

What does "nbtstat -A dt00026" show?

Chris
Avatar of pbhcpa

ASKER

I included it at the bottom of my last post.

That shows IP resolution rather than name. Just curious if it shows a different IP from netbios for the name.

Chris
Avatar of pbhcpa

ASKER

Oh I missed the capital A.

C:\>nbtstat -A 192.168.0.230

LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    DT00026        <00>  UNIQUE      Registered
    PBHCPA         <00>  GROUP       Registered
    DT00026        <20>  UNIQUE      Registered
    PBHCPA         <1E>  GROUP       Registered
    DT00026        <01>  UNIQUE      Registered

    MAC Address = 00-1D-09-7D-19-A7
Avatar of pbhcpa

ASKER

Is there another command you would have me run?

Use the name instead because the IP will never link to more than the correct entry. Either that or:

nbtstat -a 192.168.0.36

It can't be making up the name so it's either coming from DNS or WINS or Broadcast.

You've checked DNS, and Broadcast is out because we know it has a different name really. So perhaps WINS...

It shouldn't make a bit of difference, but I do wonder if adding a Reverse Lookup Zone will help it. The timeout it's get from that could be causing it to slip and give you a name from a different source.

Chris
Avatar of pbhcpa

ASKER

I ran the following:

C:\>nbtstat -a dt00026

LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []

    Host not found.

C:\>nbtstat -a 192.168.0.36

LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    AUDIT2106      <00>  UNIQUE      Registered
    PBHCPA         <00>  GROUP       Registered
    PBHCPA         <1E>  GROUP       Registered
    AUDIT2106      <20>  UNIQUE      Registered

    MAC Address = 00-01-4A-C3-67-48

C:\>nbtstat -a audit2106

LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    AUDIT2106      <00>  UNIQUE      Registered
    PBHCPA         <00>  GROUP       Registered
    PBHCPA         <1E>  GROUP       Registered
    AUDIT2106      <20>  UNIQUE      Registered

    MAC Address = 00-01-4A-C3-67-48

There are entries in both the forward and reverse lookup zones.
FLZ.jpg
RLZ.jpg
Avatar of pbhcpa

ASKER

I wonder why pinging the hostname dt00026 from any other computer is fine EXCEPT from my DNS server. If anything that should be the one machine that is correct.

I'm surprised you get this one if you already have a reverse lookup zone:

*** Can't find server name for address 192.168.0.17: Non-existent domain
Server:  UnKnown
Address:  192.168.0.17

Does .17 exist in that?

This is a very odd one though, it should give the response from DNS first unless it's in the Hosts file (which isn't likely).

Chris
Avatar of pbhcpa

ASKER

Yes there is an A record. The PTR just says Same as Parent. 17 is the DNS server.

Does it say "Non-existent domain" because it is a private ip? Also, what does Server: unknown mean?

Thanks
Avatar of pbhcpa

ASKER

I even removed the fwd and rev entries, flushed, rebooted, cleared the arp cache, anything I could think of. It puts them back correctly and yet the server itself seems to ignore its own entries.
Avatar of pbhcpa

ASKER

So I checked the DNS entries on my DC. Our ISP (Grande Communications) stated that their IPs should be the only ones listed in my TCP/IP config on my DNS server. For grins I put 192.198.0.17 first, then their two. It seems to work. I am not seeing negative effects yet but you know how DNS is. Thoughts?
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of pbhcpa

ASKER

> What about WINS servers, do you have any configured?

Yes. This machine (17)

> Theirs shouldn't be listed at all. Only DNS servers that can answer for your local domain should be listed.

I removed theirs. Flushed the cache and still had access to LAN and WAN.

nslookup began to work when I put 17 first in the DNS list and still reads correctly now that only 17 is listed.

As I recall when we first switched to Grande, I had only 17 listed as a DNS server and we were dead. Of course we could have been in that transitional period during DNS updates. I'll watch it for a little while.

Fair enough :)

Your server should be capable of resolving public names using the entries in Root Hints. The most common cause of failure on a local DNS seems to be Forwarders. That is, where the Forwarders stop responding properly.

Chris
Avatar of pbhcpa

ASKER

Well solution worked well until I rebooted my server then we lost all connectivity to the outside. I currently have my .17 internal server listed first, then the 2 public DNS IPs given me by our provider. That seems to be working - even after a reboot.