Ping by Name Returns Wrong IP Address
Problem:
I have a few machines that when I ping them they ping back with the wrong IP address. I have done an ipconfig /flushdns on them, but still they will not ping with the right address. I have checked the IP address on the DHCP server and it is correct with what is on the machine.
Background:
We were a small company with our own domain we got bought out by a bigger company with its own domain. For this example I will use Domain A for our old small domain and Domain B for the company that bought us out domain.
So right now all our computers are on Domain B. All the network configuration (DHCP, Gateway, Domain, and DNS) all come from Domain A. The only network configurations we have from Domain B is a few DNS suffixes that get pushed down via Group Policy. When I look in the Forward Lookup Zone on Domain A under Domain A’s domain I don’t see any of our computers that are on Domain B even though I’m pushing down DNS setting from Domain A. I do see in the Reverse Lookup Zone all the computers on Domain B and they all seem to have a PTR record.
The only reason we have Domain A is because the bigger company will not let us move our servers over to Domain B.
I guess my questions is could the problem that we are seeing be caused by us not pushing down network configurations for Domain B? If we configured our Domain and DNS to reflect Domain B instead of Domain A would that fix the problem with DNS that we are seeing?
Notes:
We don’t have any admin access to Domain B.
I have a few machines that when I ping them they ping back with the wrong IP address. I have done an ipconfig /flushdns on them, but still they will not ping with the right address. I have checked the IP address on the DHCP server and it is correct with what is on the machine.
Background:
We were a small company with our own domain we got bought out by a bigger company with its own domain. For this example I will use Domain A for our old small domain and Domain B for the company that bought us out domain.
So right now all our computers are on Domain B. All the network configuration (DHCP, Gateway, Domain, and DNS) all come from Domain A. The only network configurations we have from Domain B is a few DNS suffixes that get pushed down via Group Policy. When I look in the Forward Lookup Zone on Domain A under Domain A’s domain I don’t see any of our computers that are on Domain B even though I’m pushing down DNS setting from Domain A. I do see in the Reverse Lookup Zone all the computers on Domain B and they all seem to have a PTR record.
The only reason we have Domain A is because the bigger company will not let us move our servers over to Domain B.
I guess my questions is could the problem that we are seeing be caused by us not pushing down network configurations for Domain B? If we configured our Domain and DNS to reflect Domain B instead of Domain A would that fix the problem with DNS that we are seeing?
Notes:
We don’t have any admin access to Domain B.
Does the same happen when you ping with fully qualified domain name?
Idea is that you have the same names in Domain A and Domain B but the search suffix wrong.
Idea is that you have the same names in Domain A and Domain B but the search suffix wrong.
All this is related to name resolution.
I don't understand what you mean by "ping back with the wrong address".
A ping is ISSUED by a certain host. The host runs the usual process to resolve the destination machine name into an IP address. When it knows the IP address, it sends the "ping message" (ICMP ECHO REQUEST) to tje destination machine.
On the machine that you ran a "ping" that did not reach the correct ip address, run an nslookup command
if you have previously run
ping machine1
run
nslookup machine1
if you have previously run
ping machine1.domainA.loc
run
nslookup machine1.domainA.loc
etc.
You will see which DNS answered, and with what IP address.
Now, it may be that the name resolution is not done with DNS but with WINS or even with broadcast. Normally, if you use an fqdn name (machine1.domainA.loc), DNS should be used first.
Now, let it be clear that in case a ping command seems to be reaching a wrong IP address, the problem is within the host that SENT the ping command, not with the host that you thought should have answered.
Check these resources:
http://technet.microsoft.com/en-us/library/cc755374%28v=ws.10%29.aspx
http://www.techrepublic.com/article/how-netbios-name-resolution-really-works/
Use nslookup, nbtstat (nbtstat -c displays the netbios cache) and ipconfig /displaydns utility to check what happens on your machines
I don't understand what you mean by "ping back with the wrong address".
A ping is ISSUED by a certain host. The host runs the usual process to resolve the destination machine name into an IP address. When it knows the IP address, it sends the "ping message" (ICMP ECHO REQUEST) to tje destination machine.
On the machine that you ran a "ping" that did not reach the correct ip address, run an nslookup command
if you have previously run
ping machine1
run
nslookup machine1
if you have previously run
ping machine1.domainA.loc
run
nslookup machine1.domainA.loc
etc.
You will see which DNS answered, and with what IP address.
Now, it may be that the name resolution is not done with DNS but with WINS or even with broadcast. Normally, if you use an fqdn name (machine1.domainA.loc), DNS should be used first.
Now, let it be clear that in case a ping command seems to be reaching a wrong IP address, the problem is within the host that SENT the ping command, not with the host that you thought should have answered.
Check these resources:
http://technet.microsoft.com/en-us/library/cc755374%28v=ws.10%29.aspx
http://www.techrepublic.com/article/how-netbios-name-resolution-really-works/
Use nslookup, nbtstat (nbtstat -c displays the netbios cache) and ipconfig /displaydns utility to check what happens on your machines
ASKER
Ged325:
Checked the hosts and lnhosts.sam and those all look good.
The gateway is pointed to our Cisco Router - Sorry my router knowledge is not that good. Could the router have cached that IP with that computer name? This has been going on for about 3 months now I would have thought it would have flushed out.
The only thing the same on all the machines is the image, but I have other machines that when I ping them give me the correct IP address.
HalldorG:
Yes, when I ping the fully qualified domain name I get the wrong IP address.
Vivigatt:
What I mean when I say ping back with the wrong address when I ping machine1 it gives me the IP address of another computer. Example machine1 (X.X.X.79) machine2 (X.X.X.86). When I ping machine1 from any computer on our network I get X.X.X.86 which is the IP Address of machine2. In DHCP I see the correct IP address for machine1 and machine2.
Here is what I get when I do an nslookup
> Machine1
Server: DC on Domain A
Address: X.X.X.65
Non-authoritative answer:
Name: Machine1.domainB.loc
Addresses: IPV6 Address
X.X.X.86
> Machine1.domainB.loc
Server: DC on Domain A
Address: X.X.X.65
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: Machine1.domainB.local
Addresses: IPV6 Address
X.X.X.86
When I do a ipconfig /displydns from another computer on the network. I see that computer that I’m having issues with and it has the wrong IP address along with a few other servers in the company.
Machine1
--------------------------
Record Name . . . . . : Machine1.domainB.loc
Record Type . . . . . : 1
Time To Live . . . . : 124
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : X.X.X.86
Machine1
--------------------------
Record Name . . . . . : Machine1.domainB.loc
Record Type . . . . . : 28
Time To Live . . . . : 125
Data Length . . . . . : 16
Section . . . . . . . : Answer
AAAA Record . . . . . : IPV6 Address
Checked the hosts and lnhosts.sam and those all look good.
The gateway is pointed to our Cisco Router - Sorry my router knowledge is not that good. Could the router have cached that IP with that computer name? This has been going on for about 3 months now I would have thought it would have flushed out.
The only thing the same on all the machines is the image, but I have other machines that when I ping them give me the correct IP address.
HalldorG:
Yes, when I ping the fully qualified domain name I get the wrong IP address.
Vivigatt:
What I mean when I say ping back with the wrong address when I ping machine1 it gives me the IP address of another computer. Example machine1 (X.X.X.79) machine2 (X.X.X.86). When I ping machine1 from any computer on our network I get X.X.X.86 which is the IP Address of machine2. In DHCP I see the correct IP address for machine1 and machine2.
Here is what I get when I do an nslookup
> Machine1
Server: DC on Domain A
Address: X.X.X.65
Non-authoritative answer:
Name: Machine1.domainB.loc
Addresses: IPV6 Address
X.X.X.86
> Machine1.domainB.loc
Server: DC on Domain A
Address: X.X.X.65
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: Machine1.domainB.local
Addresses: IPV6 Address
X.X.X.86
When I do a ipconfig /displydns from another computer on the network. I see that computer that I’m having issues with and it has the wrong IP address along with a few other servers in the company.
Machine1
--------------------------
Record Name . . . . . : Machine1.domainB.loc
Record Type . . . . . : 1
Time To Live . . . . : 124
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : X.X.X.86
Machine1
--------------------------
Record Name . . . . . : Machine1.domainB.loc
Record Type . . . . . : 28
Time To Live . . . . : 125
Data Length . . . . . : 16
Section . . . . . . . : Answer
AAAA Record . . . . . : IPV6 Address
Is there a static entry in your DNS (x.x.x.65) for Machine1 (that would have the wrong IP address)?
Your machines are using this very DNS for name resolution, so there may be an issue on the zones of that DNS...
If you do have a local DNS (and you certainly have, a DC for Dmain B is a DNS), use it for name resolution:
nslookup
lserver <DC for Domain B>
<machine1>
This name should be correctly resolved
You should also make sure that your clients get a DC for domain B as their first DNS (which seems not to be the case, since they are using a DC for domain A).
Configure your DHCP accordingly.
Your machines are using this very DNS for name resolution, so there may be an issue on the zones of that DNS...
If you do have a local DNS (and you certainly have, a DC for Dmain B is a DNS), use it for name resolution:
nslookup
lserver <DC for Domain B>
<machine1>
This name should be correctly resolved
You should also make sure that your clients get a DC for domain B as their first DNS (which seems not to be the case, since they are using a DC for domain A).
Configure your DHCP accordingly.
ASKER
Vivigatt,
Thanks for getting back to me so quick. I don’t have any static DNS on machine1 it is getting X.X.X.65 from the DHCP scope. This is what I thought was the issue. When we moved our computers to DomainB we never updated our DHCP scope to reflect this. We kept everything as if our computers still connected to DomianA which I think is causing this problems. Will it take a few days after I make the change to the DHCP scope to work things out, or should we see results in a few hours?
Thanks for getting back to me so quick. I don’t have any static DNS on machine1 it is getting X.X.X.65 from the DHCP scope. This is what I thought was the issue. When we moved our computers to DomainB we never updated our DHCP scope to reflect this. We kept everything as if our computers still connected to DomianA which I think is causing this problems. Will it take a few days after I make the change to the DHCP scope to work things out, or should we see results in a few hours?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your results indicate that the DNS records are incorrect. It is entirely possible for DHCP to list the IP associated with a machine as one thing, but for DNS to not have the same information. This can occur when switching around between wireless and ethernet. DNS scavenging is typically used to keep out-of-date records to a minimum, but even then there is typically some lag where incorrect records can be present. These records will be present on Domain B, so there may not be much you can do. Here's a good link for setting up DNS scavenging.
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
ASKER
Thanks for the help!
%windir%\system32\drivers\
(double click and open with notepad)
ensure there are no definitions in there.
run an ipconfig /all
see what the default gateway is
go to that machine, and clear the dns cache on the gateway.
Is there anything similiar between all the machines that are reporting the wrong IP?