Re: How is DNS resolution working?
From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/27/04
- Next message: Ohaya: "Re: How is DNS resolution working?"
- Previous message: Robert: "DNS Questioss..."
- In reply to: Ohaya: "Re: How is DNS resolution working?"
- Next in thread: Ohaya: "Re: How is DNS resolution working?"
- Reply: Ohaya: "Re: How is DNS resolution working?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 27 Feb 2004 02:05:02 GMT
To help you track down what is exactly going on here is a couple things that can
help and what I would use. Nbtstat -r shows names resolved via netbios. Ipconfig
/displaydns shows names resolved via dns, but I would clear the cache first with
ipconfig /flushdns. The best way, is to use Netmon or other packet sniffer on
the machine trying to resolve a name. It should be readily apparent how the name
is being resolved by watching the packet exchange sequence. --- Steve
"Ohaya" <ohaya@N_O_S_P_A_M_cox.net> wrote in message
news:403E9EEB.ACE1345D@N_O_S_P_A_M_cox.net...
>
>
> "Ace Fekay [MVP]" wrote:
> >
> > In news:O3osOZC$DHA.2432@TK2MSFTNGP09.phx.gbl,
> > Ohaya <Ohaya@NO_SPAM.cox.net> posted their thoughts, then I offered mine
> >
> > > Ace,
> > >
> > > I should've mentioned this. When we did the ping, we used the FQDN
> > > of the host on the external network (e.g., thehost.whatever.com).
> > >
> > > Since we were using the external host's FQDN, would the ping still
> > > have caused the broadcast to the external network for the name?
> >
> > No, FQDN pings do NOT use broadcasts.
> >
> > >
> > > Or, would it only do this broadcast if we had pinged using the
> > > hostname (e.g., thehost)?
> >
> > Yes
> >
> > >
> > >
> > > I just thought about one other aspect about all of this that I'm
> > > starting to wonder about that might have a bearing on all of this...
> > >
> > > This is going to get a bit complicated, so here's what the network
> > > config looks like:
> > >
> > > |
> > > |
> > > +---- Machine A ---- Switch ----+----
> > > | |
> > > E | Machine B
> > > x----+ [Domain Controller]
> > > t |
> > > |
> > > +--- ExtDNS
> > > |
> > > |
> > >
> > > Machine B = Domain Controller (domain name "test.foo.com")
> > > Machine A = Member (joined to Windows domain "test.foo.com")
> > >
> > > ExtDNS = a DNS server on external network, which does DNS for
> > > "foo.com"
> > > Ext = a machine on the external network (ExtDNS DNS
> > > name=ext.test.foo.com)
> > >
> > > Machine A's IP address is registered in the ExtDNS DNS server, with
> > > the name "whatever.test.foo.com".
> > >
> > > In other words, if you were on machine "Ext", and pinged
> > > "whatever.test.foo.com", you would end up pinging the external
> > > interface of machine A.
> >
> > That would make sense.
> >
> > >
> > > Now, we installed Machine B first, and when we installed Win2K on
> > > Machine B, we set the machine name as "data" and the domain name as
> > > "test.foo.com". In other words the FQDN for machine B from the
> > > internal network is "data.test.foo.com".
> > >
> > > I think, based on a thread i posted awhile ago, that we could've
> > > picked just about anything for the domain name (e.g.,
> > > joe.whatever.foo), but we just happened to pick "test.foo.com".
> > >
> > > We then installed Win2K on Machine A (the member server), and we set
> > > the machine name as "web", and made it a member of (i.e., we joined
> > > it to) domain "test.foo.com". In other words, the FQDN for machine A
> > > from the internal network is "web.test.foo.com".
> >
> > I'm thinking you are providing both DNS addresses (internal and external) on
> > the A machine in it's IP properties. Not a good thing. Need to keep it
> > consistent.
> >
> > >
> > > If you look in the DNS server on machine B, you'll see that both
> > > "web.test.foo.com" and "data.test.foo.com" are registered, and have
> > > "192.xx.xx.xx" IP addresses.
> > >
> > > If you ping "web.test.foo.com" from machine B, it resolves to the
> > > internal ("192.xx.xx.xx") IP address of machine A.
> > >
> > > If you ping "data.test.foo.com" from machine A, it resolves to the IP
> > > address of machine B.
> > >
> > >
> > > Again, machine B is the Domain Controller, and also has DNS Server
> > > running on it. Machine A is a member server, joined to the domain
> > > "test.foo.com" (whose Domain Controller is machine B).
> > >
> > > Here's where this is going to begin sounding strange...
> > >
> > > It just happens that on the external network, there is a Windows
> > > domain named "foo.com".
> > >
> > > But, remember, our machine A is joined to the domain for which
> > > machine B is the domain controller, not that other Windows domain
> > > that is on the external network.
> > >
> > >
> > > I'm probably going to muddle this question, but what I'm wondering is
> > > if there is something strange going on with the name resolution when
> > > we ping from machine A because we just happen to pick the name of the
> > > "internal" Windows domain such that that Windows domain's root
> > > ("test.com") is the same as the name of the Windows domain on the
> > > external network???
> > >
> > > Jim
> >
> > Let us see an ipconfig /all from both machines please.
>
>
> Ace et al,
>
> My apologies that I couldn't post back earlier. It's been a really long
> day :(.
>
> Also, I can't provide the "ipconfig /all" directly, as the systems
> involved are on a private lan (i.e., what I termed the "external"
> network is really our private corporate network (which in turn is
> connected to the open Internet), but I can provide the info from an
> "ipconfig /all" that I wrote down today:
>
>
> Machine A:
>
> NIC1: This is the NIC on Machine A that is physically connected to our
> corporate network
>
> IP: 10.5.1.211
> Subnet: 255.255.0.0
> GWY: 10.5.2.254
> DNS: 192.168.1.10
> BINDING ORDER: This NIC is at the top of the binding order
>
> NIC2: This is the NIC on Machine A that is physically connected to the
> "internal" Ethernet switch
>
> IP: 192.1.1.10
> Subnet: 255.255.255.0
> GWY: NONE (left empty in Network/TCP properties)
> DNS: 192.1.1.11
> BINDING ORDER*: BOTTOM
>
>
> Machine B:
>
> NIC1: This is the NIC on Machine B that is also physically connected to
> the "internet" Ethernet switch
>
> IP: 192.1.1.11
> Subnet: 255.255.255.0
> GWY: NONE (left empty in Network/TCP properties)
> DNS: 192.1.1.11
>
>
> I went and specifically tested today, and from Machine A, I can
> successfully ping both Machine A (machine name resolves to 192.1.1.10)
> and Machine B (machine name resolves to 192.1.1.11). I think this name
> resolution is being properly handled by the DNS server on Machine B
> (192.1.1.11).
>
> On this same machine, when I ping any other machine (i.e., name
> resolves) on the external network (i.e., our corporate network). In
> fact, I can ping (name resolves) any machine on the open Internet (e.g.,
> www.yahoo.com resolves).
>
> Having done this testing, contrary to what I was theorizing earlier, I
> seriously doubt that the name resolution of machines on the open
> Internet is happening via broadcast (I'm pretty sure my company's router
> or firewall would've blocked any broadcasts out to the open Internet),
> so I'm assuming that name resolution of machines on our corporate
> network isn't occurring via broadcast either.
>
> So now, I am STILL very puzzled (maybe even more puzzled than before)
> about how this name resolution is occurring at all????
>
> Consider the following:
>
> 1) Per your posts, since we are pinging by FQDN, NetBIOS name resolution
> (e.g., WINS server, broadcast, and LMHOST) should not be occurring, so
>
> 2) The only remaining possibilities are either a DNS server or HOSTS
> file.
>
> 3) I checked the HOSTS file on Machine A, and there are no entries other
> than the default "localhost".
>
>
> Based on the above, the name resolution when I ping from Machine A using
> a FQDN should fail, right?
>
> Jim
- Next message: Ohaya: "Re: How is DNS resolution working?"
- Previous message: Robert: "DNS Questioss..."
- In reply to: Ohaya: "Re: How is DNS resolution working?"
- Next in thread: Ohaya: "Re: How is DNS resolution working?"
- Reply: Ohaya: "Re: How is DNS resolution working?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
