• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1968
  • Last Modified:

Getting different results when I run a NSLOOKUP for the same IP Address.

When i run an nslookup on a certain IP Address I am getting different results. Does anyone know what could be causing this?

Example:

U:\>nslookup 10.1.10.x
Server:  DomainServer.domain.com
Address:  10.1.x.x

Name:    Device1.domain.com
Address:  10.1.10.x

U:\>nslookup 10.1.10.x
Server:  DomainServer.domain.com
Address:  10.1.x.x

Name:    Device2.domain.com
Address:  10.1.10.x
0
twanderson
Asked:
twanderson
  • 11
  • 7
  • 4
  • +1
1 Solution
 
Neil RussellTechnical Development LeadCommented:
Have you looked into your DNS records on the DNS Server? Its possible that a device was allocated the IP Via DHCP and has subsequently being allocated to another device.
0
 
IT-Monkey-DaveCommented:
They're probably set up for round-robin DNS.  It's a way to distribute the traffic load across multiple servers for high-traffic sites.

http://en.wikipedia.org/wiki/Round-robin_DNS
0
 
twandersonAuthor Commented:
If I run it 5 times in a row I get diffrent results and then on the 6th time it will show the first result again.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
twandersonAuthor Commented:
Dave,

We are using Round Robin on our DNS servers. I am not sure that I understand the reason for round robin, Is using it a bad idea?
0
 
twandersonAuthor Commented:
Can someone explaine what this would be used for on a domain controller?
0
 
IT-Monkey-DaveCommented:
Do you have a multihomed domain controller?  (multiple network cards, each with a unique IP).  That's not recommended for DCs.  I'm not an expert on the issue but I found this:

http://forums.techarena.in/active-directory/954155.htm
0
 
twandersonAuthor Commented:
We do not use a multihomed DC.
0
 
elawadCommented:
well if you try the nslookup (name of the pc instead of the ip) what does it return? one ip address or the same
0
 
twandersonAuthor Commented:
If I do the nslookup by name I get the correct results for each name. So what does this tell us?
0
 
elawadCommented:
you probably have duplicate records for the same pc in your reverse lookup zone check the reverse zone and feed me back, and if possible delete the record that is not correct.
0
 
IT-Monkey-DaveCommented:
Make sure there are not multiple IPs assigned to the network adapter (Properties).
0
 
twandersonAuthor Commented:
I dont think I mentioned that this IP address is a DHCP address, does this change things?
0
 
IT-Monkey-DaveCommented:
The server is getting its IP from DHCP?  That's not good.  Servers, and especially AD controllers, should always have static IP assigned.  Not dynamic.
0
 
twandersonAuthor Commented:
NO...The ip address I lookup using NSLOOKUP is a dhcp address. It just shows multiple workstations for the same IP address.
0
 
elawadCommented:
IT-Monkey is correct so your problem might be that in te aging period of your reverse lookup zones, right click on your reverse zone then check the aging period it is advisable to be 1 day.
0
 
twandersonAuthor Commented:
It is set to 1 day.
0
 
elawadCommented:
did you check if you have multiple ips for the same name in the reverse zone?
0
 
elawadCommented:
and also check the lease duration of the ip addresses in the DHCP server please.
0
 
twandersonAuthor Commented:
Elawad,

Yes it shows 4 different devices for the same IP address in the reverse lookup zone. There are others that show 7 or 8 devices per IP address. How can I resolve this?
0
 
twandersonAuthor Commented:
Lease duration is 7 days.
0
 
elawadCommented:
ok and do your domain controller have its reverse ip there also or it has beside its name (same as parent folder)? what you should do is first give your domain controller fix ip address exclude that address from you DHCP scope then delete the record from the reverse as well as the forward lookup zones restart the domain controller and see if the problem solved.
0
 
Neil RussellTechnical Development LeadCommented:
So as I said in the very first post....

"Have you looked into your DNS records on the DNS Server? Its possible that a device was allocated the IP Via DHCP and has subsequently being allocated to another device."

You are not scaveging your dns records by the look of things or your dns scope is so small that you you have to allocate the same IP as soon as its released.
0
 
twandersonAuthor Commented:
All my domain controllers have a static ip address. I think we got off course here, when I do a nslookup i am not seeing my domain controller as one of the names, I am seeing 4 different workstations. One of these workstations has the actual IP address the others I believe had the same IP address at some point but now have a different ip. When I look in the reverse dns zone I see the workstations that show in the nslookup and I see that there are a lot of other workstations assigned to the same IP address. I believe this is my problem, how can I cleanup the reverse lookup?
0
 
elawadCommented:
also try to put your lease duration in the DHCP server to 2 days the aging stale records in the forward lookup zones to 2 days also and in the reverse lookup zones to 3 days and check if the problem persists.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 11
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now