Solved

DNS records

Posted on 2016-10-07
18
104 Views
Last Modified: 2016-10-23
We have a printer on the print server with hostname abcd
if I ping the abcd I get the IP 172.16.x.x.
the ping times out

if I ping the 172.16.x.x I get the abcd
the ping times out

Well, if I nslookup the abcd, I get the record 10.20.x.x

So which DNS record is correct ?

I flushed DNS and tried this on 2 different PCs, but still do not know which DNS is correct for the host abcd.

Any idea ?

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +2
18 Comments
 
LVL 27

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41833954
If the printer is inside your LAN, and the LAN is on 10.20.0.0, they're probably both correct and incorrect.

172.16.x.x is probably the internet-facing address of your DSL/fiber/cable modem.

10.20.x.x is probably the printer's IP address on your LAN.

Do a dig on the name, and see what is returned.  Particularly note the nameserver involved (in the example below, 8.8.8.8, a google nameserver).  Let us know what you find.

dig www.decwrl.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> www.decwrl.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29200
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
;; QUESTION SECTION:
;www.decwrl.com.                        IN      A

;; ANSWER SECTION:
www.decwrl.com.         3599    IN      CNAME   decwrl.com.
decwrl.com.             3599    IN      A       50.63.202.52

;; Query time: 70 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 07 15:48:06 UTC 2016
;; MSG SIZE  rcvd: 73

Open in new window

0
 
LVL 40

Expert Comment

by:omarfarid
ID: 41834133
What is your OS?
0
 

Author Comment

by:jskfan
ID: 41834547
This is windows 2008 OS
The Printer is inside the LAN.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 40

Assisted Solution

by:footech
footech earned 125 total points
ID: 41834643
Do you have an entry in your hosts file for abcd?  Nslookup queries the DNS server directly, ignoring the hosts file, while ping will use the normal OS DNS resolver.

Failing to respond to a ping doesn't necessarily mean a DNS record is incorrect - the firewall rules may just not allow that traffic.
Both 172.16.x.x and 10.20.x.x are private IP addresses (not accessible via the internet).
0
 

Author Comment

by:jskfan
ID: 41834761
If I am not wrong the Ping also uses NSlookup...This is why when I ping abcd I get 172.16.x.x
and when I directly use Nslookup abcd I get 10.20.x.x  if I use Nslookup 10.20.x.x I get abcd

So where is that IP 172.16.x.x coming from ?
0
 
LVL 40

Expert Comment

by:footech
ID: 41834924
I think you should read my comment again.

Ping and nslookup are two different tools.  One doesn't use the other.  Nslookup has its own DNS resolver, while ping uses the DNS resolver of the OS.  The normal OS name resolution process can use your hosts file, DNS, WINS, LMHosts file, and NetBIOS broadcasts to resolve names.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 41835045
Please see the link below that explains difference of how ping and nslookup work:

https://blogs.msdn.microsoft.com/nitinsingh/2013/06/24/dilemma-of-name-resolution-process-with-ping-vs-nslookup/
0
 

Author Comment

by:jskfan
ID: 41835338
I know that they are different...but Ping calls the Nslookup.
For instance if you Ping an IP address 10.20.20.4
you will  get the "Pinging XYZ.domain.com" , how does the Ping knows the hostname ? it gets it from DNS..right?

Pinging XYZ.domain.com [10.20.20.4] with 32 bytes of data:
Reply from 10.20.20.4: bytes=32 time=17ms TTL=57
Reply from 10.20.20.4: bytes=32 time=22ms TTL=57
Reply from 10.20.20.4: bytes=32 time=31ms TTL=57
Reply from 10.20.20.4: bytes=32 time=14ms TTL=57
0
 
LVL 40

Expert Comment

by:footech
ID: 41836171
When I said "Nslookup has its own DNS resolver, while ping uses the DNS resolver of the OS", it would have been more accurate to say:
Nslookup has its own name resolver, while ping uses the name resolver of the OS.  Nslookup only does DNS, while the OS can use any of the methods mentioned (it tries them in order).

I think we've spent enough time covering the differences.

Do you have an entry in your hosts file for abcd?
0
 

Author Comment

by:jskfan
ID: 41836281
We do not use Host file..and this has been tried from 2 different PCs.

 
while ping uses the name resolver of the OS
if you are referring to the DNS resolver cache on the client, That one gets flushed once we ran Ipconfig /flushdns, we also rebooted the clients...

Dr Klahn..on his comment above, probably thought the 172.16.x.x gets translated when you ping the hostname.
I am not sure Networking team will make that to the printer...

The only thing I have not checked was the Print server, if it has cached an old IP for the printer hostname..even though it does not make sense...but I have seen situations when you flush the DNS on the print server itself. it resolves many issues.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 125 total points
ID: 41836494
I asked about the hosts file because that would explain the different results you see from ping and nslookup.

I don't have any further suggestions.
0
 
LVL 26

Assisted Solution

by:DrDave242
DrDave242 earned 150 total points
ID: 41837104
We have a printer on the print server with hostname abcd
Does that mean abcd is the hostname of that printer or the print server?

So which DNS record is correct ?
The simple answer is "The one that matches the actual IP address of abcd." So you might want to check abcd itself before going any further.

Nslookup will only use whatever DNS server you tell it to use. This will be your preferred DNS server unless you specifically tell it to use a different one. As footech said, nslookup won't look at your hosts file. It also won't use an alternate server if the one it queries doesn't respond. If ping is consistently resolving that hostname to a different IP address, it's getting that information from somewhere other than the server nslookup is using. This could be an alternate DNS server, the hosts file, a WINS server, or any of the other methods footech mentioned.

If you want to know for sure where that address is coming from, a packet capture on the client should be very useful. If it shows no name resolution going on at all, then the client has that name cached somewhere locally.
1
 

Author Comment

by:jskfan
ID: 41837712
Ok...
Let's make it simple.

if from PC1,PC2 (more than one computer)
I ping the abcd I get the IP 172.16.x.x.
and the ping times out
Where could the 172.16.x.x come from?

seeing that if I nslookup the abcd, I get the 10.20.x.x
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 100 total points
ID: 41837763
can you try using FQDN (e.g. abcd.domain.con) with ping?

What you get when you run:

nslookup 172.16.x.x

nslookup 10.20.x.x
0
 

Author Comment

by:jskfan
ID: 41842187
Just a comment to the relation between Ping and NSlookup
Ping always use Nslookup when you ping the Hostname or when you ping IP with -a

ping -a 10.x.x.x
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 150 total points
ID: 41842321
I think there's a terminology problem here.

Ping doesn't use nslookup. Ever. Ping and nslookup can both perform name resolution using DNS, but they use different mechanisms to do this.

Nslookup is a command-line tool that does one specific thing: it sends DNS queries to a server and displays the results. It contains its own DNS resolver (DNS client) that behaves differently from the resolver built into Windows.

Ping is a command-line tool that can also perform DNS queries, but it uses the built-in Windows DNS resolver to do so. It also uses other, non-DNS methods to resolve names to IP addresses if DNS resolution is unsuccessful.

One of the key differences between ping and nslookup is that nslookup only queries one specific DNS server, and that's it. It doesn't look at the hosts file, the Windows DNS resolver cache, WINS servers*, or anything else. If you don't tell nslookup which server to use, it will use the first DNS server in the list of servers configured for the Windows resolver. If that DNS server doesn't respond, nslookup tells you that the query timed out. If you want to send the same query to a different server, you have to tell nslookup to use that server; it won't do that automatically.

[*If that DNS server has WINS Forward Lookup enabled and a valid WINS server specified, WINS may ultimately resolve the query. That's controlled by the DNS server, though, not nslookup. And I can't say that I've seen WINS Forward Lookup enabled anywhere in at least a decade.]

The Windows DNS resolver (the one that ping uses) maintains an in-memory cache of records that it has recently resolved. Everything in the machine's hosts file is also in this cache. That's the first place it looks when resolving a query.

Assuming the cache lookup is unsuccessful, the resolver also maintains an in-memory array of DNS servers that it can query. If the first server in that array doesn't respond before a built-in timer expires, it queries the next server, assuming there is one. If there are multiple active NICs in the system and each NIC has more than one DNS server configured, it'll begin querying multiple servers at this point. The array may then be re-prioritized, assuming one of the servers responds. This process is discussed in excruciating detail here by someone who knows more about it than I do.

That's just the DNS part. Nslookup doesn't do anything but DNS, but ping can use a variety of other methods to resolve names, as mentioned already: WINS, the lmhosts.sam file, NetBIOS broadcasts, Link-local multicast name resolution (LLMNR)...and that may be it. That's all I can think of, anyway.

All that can be said for sure, given the information provided, is that ping is obtaining that address from somewhere other than the server that nslookup is using. If it's not cached on the local machine, a packet capture is your best bet at determining where it's coming from.
1
 

Author Comment

by:jskfan
ID: 41844938
That's What I meant....Ping does the Lookup into DNS ...
The order it does it probably , it looks into resolver , then Hostfile, then DNS server
0
 

Author Closing Comment

by:jskfan
ID: 41855939
Thank you
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Printers have changed substantially in the last 30 or so years, not just in technical capabilities but in cost and usage as well.  Printers were originally used for interfacing with the operator, not necessarily for printing copy or pictures. In …
Resolve DNS query failed errors for Exchange
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question