Dwci
asked on
Nslookup fails but ping to ip of same server works
nslookup on client fails no matter what address I put in for a DNS server. Is there a way to see what is happening with nslookup.
when I type nslookup I get unknown for default server no matter what DNS server I use.
when I type nslookup I get unknown for default server no matter what DNS server I use.
NSLOOKUP only tries to reslove names using DNS.
ping, along with most other commands will by default read the "hosts" file. On *nix systems this would be /etc/hosts. On Windows systems this would typically be C:\Windows\system32\driver
Also on Windows systems it may try to use NetBIOS name lookup and/or WINS.
ping, along with most other commands will by default read the "hosts" file. On *nix systems this would be /etc/hosts. On Windows systems this would typically be C:\Windows\system32\driver
Also on Windows systems it may try to use NetBIOS name lookup and/or WINS.
ASKER
response is :
server: unknown
address: 192.168.1.1
socket (dg) failed: result too large
socket (dg) failed: result too large
*** unknown can't find msn.com: No response from server
server: unknown
address: 192.168.1.1
socket (dg) failed: result too large
socket (dg) failed: result too large
*** unknown can't find msn.com: No response from server
What if you try this on the nslookup command line:
> msn.com 208.67.220.220
(the ip address is an OpenDNS server)
> msn.com 208.67.220.220
(the ip address is an OpenDNS server)
What operating system are you running?
This part is normal:
response is :
server: unknown
address: 192.168.1.1
nslookup tried to do a reverse lookup on the IP address of the DNS server it is going to use. Most places don't setup reverse entries (a.k.a. PTR records) so this always fails. This is bascially saying nslookup could not find the name associated with the IP address 192.168.1.1.
Now the next two messages are a bit troubling: socket (dg) failed: result too large
This implies that nsloolup got back a response, it it was larger than what it expected, thus the response was dropped/ignored and so nslookup said it never got a response.
response is :
server: unknown
address: 192.168.1.1
nslookup tried to do a reverse lookup on the IP address of the DNS server it is going to use. Most places don't setup reverse entries (a.k.a. PTR records) so this always fails. This is bascially saying nslookup could not find the name associated with the IP address 192.168.1.1.
Now the next two messages are a bit troubling: socket (dg) failed: result too large
This implies that nsloolup got back a response, it it was larger than what it expected, thus the response was dropped/ignored and so nslookup said it never got a response.
Try this.
I've never experienced it myself, but from what I've read the error message can be from when you're using EDNS0 but a device is not allowing it.
Next try this command and post back the results.
nslookup -type=TXT rs.dns-oarc.net
nslookup
server 8.8.8.8
set vc
www.google.com.I've never experienced it myself, but from what I've read the error message can be from when you're using EDNS0 but a device is not allowing it.
Next try this command and post back the results.
nslookup -type=TXT rs.dns-oarc.net
ASKER
footech: the error on the first steps is unspecified error
second command returns
cannot find rs.dns-oarc.net no response from server
I am questioning if I have some sort of virus or malware that has done something to the network files.
second command returns
cannot find rs.dns-oarc.net no response from server
I am questioning if I have some sort of virus or malware that has done something to the network files.
Do you have other machines on the same network which work correctly? You could try running sfc /scannow to check system files.
What do you have for the internal DNS server?
What is the network firewall?
One more attempt at the last test.
What do you have for the internal DNS server?
What is the network firewall?
One more attempt at the last test.
nslookup
server 8.8.8.8
set vc
set type=txt
rs.dns-oarc.net
Can you access website using host name from this computer? Do you get to the correct site?
If so then it sound just like nslookup is broke and only nslookup.
Can you post the output from "ipconfig /all" command?
Typically nslookup will only use the 1st dns server if there is more than one configured. Whereas all other programs when doing name resolution will all DNS servers that are configured.
If so then it sound just like nslookup is broke and only nslookup.
Can you post the output from "ipconfig /all" command?
Typically nslookup will only use the 1st dns server if there is more than one configured. Whereas all other programs when doing name resolution will all DNS servers that are configured.
ASKER
after sfc command, which found nothing, still the same result.
As for giltjr questions:
No access to any hostname from the computer, any browser.
Below is the ipconfig but understand I have forced it to multiple DNS servers and it still doesn't work including 8.8.8.8.
Connection-specific DNS Suffix . : cacc.local
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connect
Physical Address. . . . . . . . . : 3C-97-0E-21-E1-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, April 14, 2015 1:45:26 PM
Lease Expires . . . . . . . . . . : Wednesday, April 15, 2015 2:10:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.5
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
As for giltjr questions:
No access to any hostname from the computer, any browser.
Below is the ipconfig but understand I have forced it to multiple DNS servers and it still doesn't work including 8.8.8.8.
Connection-specific DNS Suffix . : cacc.local
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connect
Physical Address. . . . . . . . . : 3C-97-0E-21-E1-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, April 14, 2015 1:45:26 PM
Lease Expires . . . . . . . . . . : Wednesday, April 15, 2015 2:10:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.5
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
When you say ping resolves the name, is the host name one on the Internet or one on your LAN?
Can you try:
nslookup
lserver 192.168.1.5
https://www.experts-exchange.com
Can you try:
nslookup
lserver 192.168.1.5
https://www.experts-exchange.com
ASKER
OK so here is the complete scenario:
ping's to IP's works fine
ping's to FQDN do not work
nslookup does not work
Seems to be to be something with dns. As stated above I continue to get no response from server.
All suggestions above have not changed the situation. It doesn't seem to matter what DNS server I use it still fails.
ping's to IP's works fine
ping's to FQDN do not work
nslookup does not work
Seems to be to be something with dns. As stated above I continue to get no response from server.
All suggestions above have not changed the situation. It doesn't seem to matter what DNS server I use it still fails.
O.K, I mis-read the title and though that ping to names work.
What are 192.168.1.1 and 192.168.1.5?
Are they actually running a DNS server service?
If so are they configured to forward to your ISP DNS resolvers/servers or to some other resolvers/servers on the Internet such as Google's 8.8.8.8 and 8.8.4.4?
Are all firewalls invloved (on desktops/servers/routers or standalone firewalls) configured to allow DNS resolution requests out and in (UDP port 53)?
What are 192.168.1.1 and 192.168.1.5?
Are they actually running a DNS server service?
If so are they configured to forward to your ISP DNS resolvers/servers or to some other resolvers/servers on the Internet such as Google's 8.8.8.8 and 8.8.4.4?
Are all firewalls invloved (on desktops/servers/routers or standalone firewalls) configured to allow DNS resolution requests out and in (UDP port 53)?
ASKER
192.168.1.1 is the router
192.168.1.5 is a server setup with DNS
I have tried both with forwarders and not but still no luck.
As for the firewalls etc this is one computer that doesn't work all the rest in the network are fine.
192.168.1.5 is a server setup with DNS
I have tried both with forwarders and not but still no luck.
As for the firewalls etc this is one computer that doesn't work all the rest in the network are fine.
If possible can you install Wireshark and do a packet capture to see what it may be sending out to the network when it attempts to do name resolution.
Do you have any VPN client software installed on that computer?
Does it have the same anti-virus software as the rest of the computers?
Do you have any VPN client software installed on that computer?
Does it have the same anti-virus software as the rest of the computers?
ASKER
NO VPN Client that I am aware of. It had the same anti-virus as the others. I even removed that this morning as a test.
I am not a wireshark expert so not sure what to look for.
What I will tell you is that network shares using names works fine just no outside dns lookups.
I am not a wireshark expert so not sure what to look for.
What I will tell you is that network shares using names works fine just no outside dns lookups.
Network share are most likely using WINS if you are in an Active Directory environment or NetBIOS name lookup, which is a UDP broadcast, if you are not a AD environment.
With Wireshark you want to see where the lookup is failing. When working you should see UDP packet going to your DNS server with a destination port of 53. Then a response from your DNS server from port 53.
You can use the display filter of "udp.port == 53", but don't put the quotes in.
With Wireshark you want to see where the lookup is failing. When working you should see UDP packet going to your DNS server with a destination port of 53. Then a response from your DNS server from port 53.
You can use the display filter of "udp.port == 53", but don't put the quotes in.
ASKER
Using the udp.port==53 I get no data from wireshark.
That implies that no DNS queries are leaving your computer.
Please do ipconfig /all again and at the top will be "Windows IP Configuration." What does it have for Node Type?
Please do ipconfig /all again and at the top will be "Windows IP Configuration." What does it have for Node Type?
ASKER
Hybrid is the node type.
I'm wondering if you ever did this last test.
It might be worth checking that you don't have any proxy settings in place.
Can you browse to a site using an IP address? Like http://216.58.217.36/ (a Google IP).
nslookup
server 8.8.8.8
set vc
set type=txt
rs.dns-oarc.netIt might be worth checking that you don't have any proxy settings in place.
Can you browse to a site using an IP address? Like http://216.58.217.36/ (a Google IP).
ASKER
I have run the commands multiple times and everytime it says it cannot find rs.dns-oarc.net
It will not browse to the IP either.
I don't see any obvious proxy settings but do you have any good places to look?
It will not browse to the IP either.
I don't see any obvious proxy settings but do you have any good places to look?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the repair of the TCP/IP Stack and winsock fixed the problem. Thanks
Super!
Thanks, helped super with windows vista 32-bit
set debug
Then enter a name you want to lookup. If you don't see what is happening try this instead:
set d2
Then try the lookup again. What do you get?