Solved

Unable to resolve correct external IP address

Posted on 2011-02-19
10
654 Views
Last Modified: 2012-05-11
I have a server that is unable to resolve the correct IP address for a specific host. Instead it is returning an erroneous internal IP that isn't correct. I cannot find any entries in DNS referring to the host, nor are there any hosts defined in the host record in system32\drivers\etc...

I've flushed DNS cache multiple times...

Ultimately the site is unable to send any emails to this specific domain because of this.

I don't know where else to look.

Any assistance would be appreciated.
0
Comment
Question by:IAmDH
  • 6
  • 3
10 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34933058
A quick solution is to create a new record with the correct ip on hosts file until you resolve the problem.

try nslookup server_name 8.8.8.8 to get the correct ip.

8.8.8.8 is a global DNS server for google.
0
 

Author Comment

by:IAmDH
ID: 34933068
I know what the correct IP should be, but doing the nslookup you just recommended still returns the same incorrect IP.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34933079
Then the FQDN is registered on the internet with invalid ip address.

you should change the FQDN from the domain hosting control panel. if they dont have control panel then email/call them.
0
 
LVL 16

Assisted Solution

by:Viral Rathod
Viral Rathod earned 30 total points
ID: 34933094
1) If it is returning incorrect IP Address then make sure server Primary DNS IP Address is pointing to correct IP Address
2) Check the Forward Look up & Reverse Look up zone deleted the record if you found it is incorrect
3) Open Hosts file and make sure there are no records present
4) Add Google Public DNS ip address 8.8.8.8 8.8.4.4 in the DNS forwarder list
5) Restart the DNS services and again run the nslookup

Letus know the results.
0
 

Author Comment

by:IAmDH
ID: 34933097
That's not the case. I can look up the same server from my personal network and get the correct IP. You do a lookup for outlook.wrcbermuda.com and you'll get a 199.172.x.x address, which is what is correct. I think it's something within my local network, if not the server, then something else throwing back the incorrect address.From my server on the site, I'm getting a 10.10.x.x no matter what.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:IAmDH
ID: 34933130
@viralrathod

I stated in my original question that I:

1. Checked DNS for entries (NOT THERE)
2. Checked Host records (NOTHING THERE)
3. Flushed DNS cach (NO DIFFERENCE)

I just added google's 8.8.8.8 to forwarders & restarted DNS services. (NO DIFFERENCE)

My server's DNS entry in the NIC is itself.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34933131
does your internal DNS server host wrcbermuda.com dns zone ? if so check your records.

to get more details about name how name was resolved, use:

nslokup
set d=1
outlook.wrcbermuda.com

0
 

Author Comment

by:IAmDH
ID: 34933155
@sulimanw
Here's the response I received. No my local DNS server does not host that domain...


------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        outlook.wrcbermuda.com.partners.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  partners.local
        ttl = 3600 (1 hour)
        primary name server = srvsbs03.partners.local
        responsible mail addr = hostmaster
        serial  = 3466
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        outlook.wrcbermuda.com, type = A, class = IN
    ANSWERS:
    ->  outlook.wrcbermuda.com
        internet address = 10.10.12.250
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
Name:    outlook.wrcbermuda.com
Address:  10.10.12.250

0
 

Accepted Solution

by:
IAmDH earned 0 total points
ID: 34986997
Problem was rule in firewall for wrcbermuda domain.

Thanks for assistance.
0
 

Author Closing Comment

by:IAmDH
ID: 35025079
Turned out to be issue with firewall for client network inside same building.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now