pbhcpa
asked on
DNS not resolving correctly on LAN
I have 2 AD Controllers running server 2003. One provides DNS on the LAN and one provides DHCP. I noticed that when pinging machine names the IPs were not matching up. I tried to connect via mstsc using the machine name but actually connected to another that had a current lease. I get into the DC that provides DHCP and ping the machine name in question and it resolves correctly. I get into the DC that is our DNS server and it has another machine that is responding. So I did this.
1. Opened dnsmgmt. Checked the entries in the fwd & rev lookup zones. They were correct.
2. Cleared the cache. Machine name ping was incorrect.
3. ran ipconfig /flushdns. Still incorrect.
4. ran netsh interface ip delete arpcache. Still incorrect.
5. rebooted. Still incorrect.
6. ran nbtstat -a [ip]. Shows the correct machine name but the machine name ping is still incorrect.
I can go to other machines and ping this machine name and it is correct. Just not on my DNS server. Weird. I can edit the hosts file on the server and it works but I would prefer to find the underlying cause.
1. Opened dnsmgmt. Checked the entries in the fwd & rev lookup zones. They were correct.
2. Cleared the cache. Machine name ping was incorrect.
3. ran ipconfig /flushdns. Still incorrect.
4. ran netsh interface ip delete arpcache. Still incorrect.
5. rebooted. Still incorrect.
6. ran nbtstat -a [ip]. Shows the correct machine name but the machine name ping is still incorrect.
I can go to other machines and ping this machine name and it is correct. Just not on my DNS server. Weird. I can edit the hosts file on the server and it works but I would prefer to find the underlying cause.
ASKER
There is only one (A) record and one PTR. Is that what you mean?
Yeah, it is what I mean :)
Does "nslookup <name>" show the correct IP then?
Chris
ASKER
No. It says it can't find it. (I first commented out the hosts file entry and it went back to resolving to the wrong ip).
ASKER
Even when I have the hosts file entry active, nslookup for that host does not work.
But it exists as an entry in every DNS Server listed in TCP/IP configuration? And when you pop in nslookup and return it gives you the correct DNS server?
Chris
ASKER
Yes and Yes.
Well that's annoying...
I can't shake the belief that it's querying the wrong DNS server, hence the bad response.
You don't have any additional network cards in there with different DNS Servers?
"ipconfig /displaydns" presumably shows the incorrect entry in the cache?
A manually directed query like this returns the correct value?
nslookup -q=a <Name> <DNSServer>
Chris
ASKER
There is only one NIC.
When I run ipconfig /displaydns the hostname in question does not even show up. For the nslookup I get this:
C:\>nslookup -q=a dt00026 192.168.0.17
*** Can't find server name for address 192.168.0.17: Non-existent domain
Server: UnKnown
Address: 192.168.0.17
Name: dt00026.pbhcpa.local
Address: 192.168.0.230
192.168.0.17 is the address of my DNS server - the machine from which I am trying to correctly resolve my machine dt00026.
This IP address is correct for dt00026. This machine was configured for DHCP at one time and apparently the dynamic IP was 192.168.0.36. From this server only when I ping dt00026 I get a reply from whatever machine currently has 192.168.0.36 instead of my machine replying with 192.168.0.230. Weird.
I can ping 192.168.0.230 fine. I can run nbtstat -a 192.168.0.230 and I get
C:\nbtstat -a 192.168.0.230
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
DT00026 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
DT00026 <20> UNIQUE Registered
PBHCPA <1E> GROUP Registered
DT00026 <01> UNIQUE Registered
MAC Address = 00-1D-09-7D-19-A7
When I run ipconfig /displaydns the hostname in question does not even show up. For the nslookup I get this:
C:\>nslookup -q=a dt00026 192.168.0.17
*** Can't find server name for address 192.168.0.17: Non-existent domain
Server: UnKnown
Address: 192.168.0.17
Name: dt00026.pbhcpa.local
Address: 192.168.0.230
192.168.0.17 is the address of my DNS server - the machine from which I am trying to correctly resolve my machine dt00026.
This IP address is correct for dt00026. This machine was configured for DHCP at one time and apparently the dynamic IP was 192.168.0.36. From this server only when I ping dt00026 I get a reply from whatever machine currently has 192.168.0.36 instead of my machine replying with 192.168.0.230. Weird.
I can ping 192.168.0.230 fine. I can run nbtstat -a 192.168.0.230 and I get
C:\nbtstat -a 192.168.0.230
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
DT00026 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
DT00026 <20> UNIQUE Registered
PBHCPA <1E> GROUP Registered
DT00026 <01> UNIQUE Registered
MAC Address = 00-1D-09-7D-19-A7
What does "nbtstat -A dt00026" show?
Chris
ASKER
I included it at the bottom of my last post.
That shows IP resolution rather than name. Just curious if it shows a different IP from netbios for the name.
Chris
ASKER
Oh I missed the capital A.
C:\>nbtstat -A 192.168.0.230
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
DT00026 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
DT00026 <20> UNIQUE Registered
PBHCPA <1E> GROUP Registered
DT00026 <01> UNIQUE Registered
MAC Address = 00-1D-09-7D-19-A7
C:\>nbtstat -A 192.168.0.230
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
DT00026 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
DT00026 <20> UNIQUE Registered
PBHCPA <1E> GROUP Registered
DT00026 <01> UNIQUE Registered
MAC Address = 00-1D-09-7D-19-A7
ASKER
Is there another command you would have me run?
Use the name instead because the IP will never link to more than the correct entry. Either that or:
nbtstat -a 192.168.0.36
It can't be making up the name so it's either coming from DNS or WINS or Broadcast.
You've checked DNS, and Broadcast is out because we know it has a different name really. So perhaps WINS...
It shouldn't make a bit of difference, but I do wonder if adding a Reverse Lookup Zone will help it. The timeout it's get from that could be causing it to slip and give you a name from a different source.
Chris
ASKER
I ran the following:
C:\>nbtstat -a dt00026
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
Host not found.
C:\>nbtstat -a 192.168.0.36
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
AUDIT2106 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
PBHCPA <1E> GROUP Registered
AUDIT2106 <20> UNIQUE Registered
MAC Address = 00-01-4A-C3-67-48
C:\>nbtstat -a audit2106
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
-------------------------- ---------- ---------
AUDIT2106 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
PBHCPA <1E> GROUP Registered
AUDIT2106 <20> UNIQUE Registered
MAC Address = 00-01-4A-C3-67-48
There are entries in both the forward and reverse lookup zones.
FLZ.jpg
RLZ.jpg
C:\>nbtstat -a dt00026
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
Host not found.
C:\>nbtstat -a 192.168.0.36
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
AUDIT2106 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
PBHCPA <1E> GROUP Registered
AUDIT2106 <20> UNIQUE Registered
MAC Address = 00-01-4A-C3-67-48
C:\>nbtstat -a audit2106
LAN 1:
Node IpAddress: [192.168.0.17] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
--------------------------
AUDIT2106 <00> UNIQUE Registered
PBHCPA <00> GROUP Registered
PBHCPA <1E> GROUP Registered
AUDIT2106 <20> UNIQUE Registered
MAC Address = 00-01-4A-C3-67-48
There are entries in both the forward and reverse lookup zones.
FLZ.jpg
RLZ.jpg
ASKER
I wonder why pinging the hostname dt00026 from any other computer is fine EXCEPT from my DNS server. If anything that should be the one machine that is correct.
I'm surprised you get this one if you already have a reverse lookup zone:
*** Can't find server name for address 192.168.0.17: Non-existent domain
Server: UnKnown
Address: 192.168.0.17
Does .17 exist in that?
This is a very odd one though, it should give the response from DNS first unless it's in the Hosts file (which isn't likely).
Chris
ASKER
Yes there is an A record. The PTR just says Same as Parent. 17 is the DNS server.
Does it say "Non-existent domain" because it is a private ip? Also, what does Server: unknown mean?
Thanks
Does it say "Non-existent domain" because it is a private ip? Also, what does Server: unknown mean?
Thanks
ASKER
I even removed the fwd and rev entries, flushed, rebooted, cleared the arp cache, anything I could think of. It puts them back correctly and yet the server itself seems to ignore its own entries.
ASKER
So I checked the DNS entries on my DC. Our ISP (Grande Communications) stated that their IPs should be the only ones listed in my TCP/IP config on my DNS server. For grins I put 192.198.0.17 first, then their two. It seems to work. I am not seeing negative effects yet but you know how DNS is. Thoughts?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
> What about WINS servers, do you have any configured?
Yes. This machine (17)
> Theirs shouldn't be listed at all. Only DNS servers that can answer for your local domain should be listed.
I removed theirs. Flushed the cache and still had access to LAN and WAN.
nslookup began to work when I put 17 first in the DNS list and still reads correctly now that only 17 is listed.
As I recall when we first switched to Grande, I had only 17 listed as a DNS server and we were dead. Of course we could have been in that transitional period during DNS updates. I'll watch it for a little while.
Yes. This machine (17)
> Theirs shouldn't be listed at all. Only DNS servers that can answer for your local domain should be listed.
I removed theirs. Flushed the cache and still had access to LAN and WAN.
nslookup began to work when I put 17 first in the DNS list and still reads correctly now that only 17 is listed.
As I recall when we first switched to Grande, I had only 17 listed as a DNS server and we were dead. Of course we could have been in that transitional period during DNS updates. I'll watch it for a little while.
Fair enough :)
Your server should be capable of resolving public names using the entries in Root Hints. The most common cause of failure on a local DNS seems to be Forwarders. That is, where the Forwarders stop responding properly.
Chris
ASKER
Well solution worked well until I rebooted my server then we lost all connectivity to the outside. I currently have my .17 internal server listed first, then the 2 public DNS IPs given me by our provider. That seems to be working - even after a reboot.
There's no duplicate entry in DNS for the name? Just wondering if you're getting a Round Robin response, sometimes right, sometimes not.
Chris