Solved

Search DNS Manager for an entry (Windows 2003 SBS)

Posted on 2009-07-06
13
404 Views
Last Modified: 2012-05-07
I have an entry of ip 10.0.1.28 which is an outdated entry that previously lead to the main WIndows 2003 server. The ip still shows up and gives an error on reverse lookup check. My understanding is this entry is within DNS Manager somwhere (WIndows 2003 SBS) yet after browsing all the folders and sub folders I just cant find. Is there a tool or a script that will let me search DNS entries for a specific entry. I wasnt able that find that option.
0
Comment
Question by:Anti-Mhz
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787468
Have you cleared the DNS cache on both Server and workstation?

Other idea is that there is a host file that has this DNS setup...check:

C:\Windows\System32\drivers\etc\hosts
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787480
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 24787524
Both Server and workstation had their cache cleared via ipconfig /flushdns as well as "Clear Cache" in DNS manager for the server. The hosts file on the server does not contain an entry for 10.0.1.28
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Author Comment

by:Anti-Mhz
ID: 24787542
thanks. il start going through these
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787560
On the server if you ping itself does it come back with 10.0.1.28 or is this on the workstations or both?   If on the workstations only check the host file there.   If not the scripts should be able to help you hunt it down.
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 24787660
i checked the hosts file on 2 workstations and it doesnt have an try for 10.0.1.28.
 What do you mean by ping itself? cmd> ping localhost or something similar?
0
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787672
From the workstation I'm wondering if you ping the server if it comes back with the bad IP
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 24787756
nah pinging server by it's name comes back with proper ip. It just we installed this system for IT's called Spiceworks and it runs like a DNS checkup on a system . The Checkup comes back with errors for 10.0.1.28
like this:

  10.0.1.28 ’ does not resolve ’ no reverse lookup

    IP Address does not resolve to a hostname

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24787790

When you ping the name, do you get this:

> Pinging server.domain.com [192.168.1.1] with 32 bytes of data:

Or this:

> Pinging server [192.168.1.1] with 32 bytes of data:

The format here is revealing. The first tells us the answer is from the Hosts file or for DNS (no where else), the latter tells us it is from Hosts, WINS or Broadcast.

If you run "nslookup server" and get a response then Hosts and Broadcast are out, as is WINS except in special circumstances. That is, where DNS is forwarding unresolved requests to WINS.

If you get a response with that there's no need to dig through all the folders. DNS has a logical structure, "server" will be in the main "domain.com" forward lookup zone. It won't be in any sub-folder, it would need a longer name for that (like server.sub-folder.domain.com).

Chris
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 24788057
C:\Documents and Settings\drudnev>ping server

Pinging server.ARC.local [10.0.1.100] with 32 bytes of data:

Reply from 10.0.1.100: bytes=32 time=16ms TTL=128
Reply from 10.0.1.100: bytes=32 time=12ms TTL=128
Reply from 10.0.1.100: bytes=32 time=1ms TTL=128
Reply from 10.0.1.100: bytes=32 time=13ms TTL=128

Ping statistics for 10.0.1.100:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 16ms, Average = 10ms

C:\Documents and Settings\drudnev> nslookup server
Server:  server.arc.local
Address:  10.0.1.100

Name:    server.ARC.local
Address:  10.0.1.100


Our server is conviently (maybe not too secure) named SERVER btw

Judgin from this response the answer is from HOsts or DNS

The problem is with the name 10.0.1.28 which is our old ip for the server and still has a record somewhere. Here it goes

C:\Documents and Settings\drudnev>ping 10.0.1.28

Pinging 10.0.1.28 with 32 bytes of data:

Reply from 10.0.1.28: bytes=32 time=56ms TTL=128
Reply from 10.0.1.28: bytes=32 time=31ms TTL=128
Reply from 10.0.1.28: bytes=32 time=29ms TTL=128
Reply from 10.0.1.28: bytes=32 time=30ms TTL=128

Ping statistics for 10.0.1.28:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 56ms, Average = 36ms

C:\Documents and Settings\drudnev>nslookup 10.0.1.28
Server:  server.arc.local
Address:  10.0.1.100

*** server.arc.local can't find 10.0.1.28: Non-existent domain
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24788098

That's the same thing Spiceworks told you, in essence. To get from the IP to a name you need to have a record in the Reverse Lookup Zone.

Head back to the DNS console and order records by the Data column?

If all your sub-folders are for AD, so _msdcs, _tcp, etc they won't have any record in that references that IP address.

Chris
0
 
LVL 6

Accepted Solution

by:
Citacomp earned 125 total points
ID: 24799812
Another way you might want to try connecting the IP to the device is using the DHCP console.  Open up the address leases and see if you can find one for 10.0.1.28.

I can get the same ping and nslookup results for some switches for which I don't have DNS entries.  So your resolution might be to create the DNS entries rather than finding one to delete.

I don't know what Spiceworks is checking but it might be scanning for active IP addresses and then checking those it finds against your DNS records, and then reporting any inconsistencies.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question