Re: Nslookups work, pings fail?
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Thu, 5 Jan 2006 00:35:21 -0600
"ITConsultant" <ITConsultant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A2BBA158-E4A6-4D7B-AC7D-2CB5C7A7C3C2@xxxxxxxxxxxxxxxx
> We have been chasing a very strange problem internally with our Active
> Directory enabled DNS servers. The problem appeared to only affect CNAMES
> (aliases) then eventually happened to A records as well. Below are a few
> problem descriptions.
>
> 1. NSlookups for internal hosts resolve, but pings don't.
Don't resolve? (that's what you wrote but I suspect you mean
ping fails by address also....)
Problem is now everyone who wants to help you must guess
or just answer all possibilities....
Ok, NSLookup contacts ONLY the DNS server and bypasses
even the cache.
Ping uses the client cache, and it may use a hosts file if
configured.
Many anti-malware programs will build a HOSTS file just
to disable many names so you may have a hosts file even if
no one purposely created it.
On the other side of the battles some trojans and virus also
do this for the opposite reason.
If ping fails by address then it can be blocked by any intervening
or personal (on the target) firewall.
The XP firewall and ISA/Proxy server both do this by default
if enabled.
> Now what is
> strange is that for some people it works and others it doesn't.
People or computers? What's the difference in the affected
locations? (And if there really is no difference that is useful.)
> 2. Sometimes the problem just goes away without doing anything.
That sounds like machines have TWO DIFFERENT sets of DNS
servers on their NIC IP properties....
You must use STRICTLY the INTERNAL (correct) DNS Server(set).
You must NOT mix in the external (ISP etc) - -which is a very common
mistake.
> 3. When these problems occur, sometimes using "ipconfig /flushdns" or
> "ipconfig /renew" fixes the problems. The problems could go away for days
> and
> maybe weeks before reappearing.
Jibes with previous guess. Two sets of DNS servers being
used by clients. Don't do that/
> 4. I have two personal computers and am also the domain admin and do not
> experience these issues.
Probably your own machines are set correctly to STRICTLY the
internal DNS server (set).
> 5. Nothing useful is generated in the DNS logs on the server. I cleared
> them
> for now and set all of my DNS settings to the defaults.
Kevin asked for IPConfig /all and when we see that the first
thing I will look for is multiple AND DIFFERENT DNS
server (sets.)
> My two domain controllers are both up to date on patches and are Windows
> 2003 Server Standard.
>
> Please reply if I'm missing something or need additional information.
DCDiag for EACH DC and NetDIAG for non-DCs are your
friend but I doubt this is a DC or domain issue.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
.
- Follow-Ups:
- Re: Nslookups work, pings fail?
- From: ITConsultant
- Re: Nslookups work, pings fail?
- Prev by Date: Re: New DNS Server
- Next by Date: Re: redirect sub-domain to another server
- Previous by thread: Re: Nslookups work, pings fail?
- Next by thread: Re: Nslookups work, pings fail?
- Index(es):
Relevant Pages
|
