DNS resolution

DNS resolution

I have seen scenarios where I use RDP to access a computer, but after accessing the computer and run Hostname command I see different hostname than the one I used to RDP to.
for instance, I open up RDP window, and type Computer1 , It will prompt me for domain user and password,  I type domain credentials and login. when I am in I open Command line window, type hostname command it will give me computer2.

after doing some research, I found out it is Windows cluster with 2 nodes. but I still do not understand how this is tied up together.

Computer1 has IP= 10.40.9.158



I check I P configuration and saw this:

Ethernet adapter Public:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-18-8B-53-58-12
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.40.9.159
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.40.9.158
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.40.9.157
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.40.9.161
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.40.9.1
   DNS Servers . . . . . . . . . . . : 10.40.9.88
                                       10.40.9.89
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Heartbeat:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client) #2
   Physical Address. . . . . . . . . : 00-18-8B-53-58-14
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.10.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.10.10.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.10.10.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 10.10.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
jskfanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
Advertise Here
 
mlongohConnect With a Mentor Commented:
Oh I'm sorry.  I misinterpreted your statement "But computer1 , You would think it might have  DNS name pointing to computerX, but I cannot find that info in DNS" to mean that you found nothing in DNS for Computer1.

This is fine too.  You can have virtual IP addresses in a cluster.  Odds are that the IP address assigned to Computer1 is a cluster resource that shifts to whatever server is active.
0
 
mlongohConnect With a Mentor Commented:
With a cluster you have one or more virtual servers "fronting" the physical servers.  One node (physical server) will show as active for one or more services while the other will be passive (on stand-by).  In your case, you could have two physical servers, Computer1 and Computer3 both acting as Computer2 as needed.  So you might try to access Computer2, and at that moment Computer1 is acting as Computer2.

If you were to take Computer1 down, wait a minute, and try to RDP in again, you'll probably connect to the other server in the cluster, and its real name would be different from Computer1 or Computer2 (it would be Computer3 in my example).
0
 
mlongohConnect With a Mentor Commented:
You could also have active-active clusters where both nodes are active for different services (like one could be active for certain file shares, and the other could be active for other file shares.  But that's besides the point of what you are seeing.

Also, to explain the two network interfaces... one is for communication on the network and the other is for communication between the cluster nodes... the heartbeat.  This is how one node would know that the other has gone down and it must become the active node for the services that the other was providing.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Download the Report
 
jskfanAuthor Commented:
the cluster has 2 nodes..
computer2 and computer3  the cluster name is ComputerX


I am not sure how the computer1 name got there
0
 
mlongohConnect With a Mentor Commented:
Sorry, my first explanation might have been a little confusing...  in your description Computer1 would be the virtual server that one of the two physical servers (let's call them Computer2 and Computer3) could be providing services for.

I switched the names around in my explanation such that Computer2 is the virtual server and Computer1 and Computer3 were the physical.  But the concept is the same.

You RDP's into a virtual server (the could be more than one virtual server) called Computer1 but in reality connected to Computer2.
0
 
mlongohConnect With a Mentor Commented:
There's a DNS entry called Computer1 pointing to the IP address of ComputerX?
0
 
mlongohConnect With a Mentor Commented:
The cluster name is not necessarily the name of the virtual server, and it's very likely that the virtual server name is Computer1 - regardless of the cluster name.

You should be able to use cluster administrator to view the details and find the virtual server names.
0
 
jskfanAuthor Commented:
<<You should be able to use cluster administrator to view the details and find the virtual server names. >>>

where can I find that ?
I have windows 2003 cluster
0
 
mlongohConnect With a Mentor Commented:
On either server there should be Cluster Administrator in the Administrator Tools.
0
 
jskfanAuthor Commented:
I mean I open up Cluster Administrator, there are 2 node names and the one that show up on the top of cluster Administrator left pane.

ComputerX (on the top)

computer2 (node1)
computer3 (Node2)


however when I used RDP I used computer1
and when logged in and typed hostname command ,it shows computer2 (it got to be the Active node)

to my understanding:

ComputerX is the virtual name of the cluster
computer 2 is the active node
computer3 is another active or passive node (I am not sure I need to find out)

But computer1 , You would think it might have  DNS name pointing to computerX, but I cannot find that info in DNS
0
 
mlongohConnect With a Mentor Commented:
I believe that you have a virtual server defined in the cluster configuration called Computer1 (this is not the same as the name of the cluster).  It looks to the network like a real server, and even though you didn't resolve the name via DNS, it's netbios name is broadcast on the network and that's how you are able to resolve the name.  The actual server providing the services for Computer1 at the moment is Computer2... so when you RDP'd to Computer1 you actually connected to Computer2, because right now they are the same thing.
0
 
jskfanAuthor Commented:
there is A record for Computer1

That s all I see
0
 
jskfanAuthor Commented:
I will investigate further on this later
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.