Re: Nslookups work, pings fail?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"ITConsultant" <ITConsultant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:47D9534B-22D5-4D5C-9961-BBE5C7181C66@xxxxxxxxxxxxxxxx
> Herb, thanks for posting your information. I had to wait a few days to
> make
> certain the change you requested worked. It was the external ISP's address
> in
> our DHCP scope that was causing the problem. It still doesn't explain why
> it
> worked for me, but most importantly, it now works for everyone else.
>
> Thanks again for your expertise and the tips,

Multiple DNS servers can get used RANDOMLY, so
if the correct AND incorrect ones are listed you cannot
expect predictable results (you get instead intermittent
problems, or different results on various machines.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Roy
>
> "Herb Martin" wrote:
>
>> "ITConsultant" <ITConsultant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:A2BBA158-E4A6-4D7B-AC7D-2CB5C7A7C3C2@xxxxxxxxxxxxxxxx
>> > We have been chasing a very strange problem internally with our Active
>> > Directory enabled DNS servers. The problem appeared to only affect
>> > CNAMES
>> > (aliases) then eventually happened to A records as well. Below are a
>> > few
>> > problem descriptions.
>> >
>> > 1. NSlookups for internal hosts resolve, but pings don't.
>>
>> Don't resolve? (that's what you wrote but I suspect you mean
>> ping fails by address also....)
>>
>> Problem is now everyone who wants to help you must guess
>> or just answer all possibilities....
>>
>> Ok, NSLookup contacts ONLY the DNS server and bypasses
>> even the cache.
>>
>> Ping uses the client cache, and it may use a hosts file if
>> configured.
>>
>> Many anti-malware programs will build a HOSTS file just
>> to disable many names so you may have a hosts file even if
>> no one purposely created it.
>>
>> On the other side of the battles some trojans and virus also
>> do this for the opposite reason.
>>
>> If ping fails by address then it can be blocked by any intervening
>> or personal (on the target) firewall.
>>
>> The XP firewall and ISA/Proxy server both do this by default
>> if enabled.
>>
>> > Now what is
>> > strange is that for some people it works and others it doesn't.
>>
>> People or computers? What's the difference in the affected
>> locations? (And if there really is no difference that is useful.)
>>
>> > 2. Sometimes the problem just goes away without doing anything.
>>
>> That sounds like machines have TWO DIFFERENT sets of DNS
>> servers on their NIC IP properties....
>>
>> You must use STRICTLY the INTERNAL (correct) DNS Server(set).
>>
>> You must NOT mix in the external (ISP etc) - -which is a very common
>> mistake.
>>
>> > 3. When these problems occur, sometimes using "ipconfig /flushdns" or
>> > "ipconfig /renew" fixes the problems. The problems could go away for
>> > days
>> > and
>> > maybe weeks before reappearing.
>>
>> Jibes with previous guess. Two sets of DNS servers being
>> used by clients. Don't do that/
>>
>> > 4. I have two personal computers and am also the domain admin and do
>> > not
>> > experience these issues.
>>
>> Probably your own machines are set correctly to STRICTLY the
>> internal DNS server (set).
>>
>> > 5. Nothing useful is generated in the DNS logs on the server. I cleared
>> > them
>> > for now and set all of my DNS settings to the defaults.
>>
>> Kevin asked for IPConfig /all and when we see that the first
>> thing I will look for is multiple AND DIFFERENT DNS
>> server (sets.)
>>
>> > My two domain controllers are both up to date on patches and are
>> > Windows
>> > 2003 Server Standard.
>> >
>> > Please reply if I'm missing something or need additional information.
>>
>> DCDiag for EACH DC and NetDIAG for non-DCs are your
>> friend but I doubt this is a DC or domain issue.
>>
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>>


.

Relevant Pages

  • Re: Nslookups work, pings fail?
    ... > Directory enabled DNS servers. ... NSLookup contacts ONLY the DNS server and bypasses ... Many anti-malware programs will build a HOSTS file just ... If ping fails by address then it can be blocked by any intervening ...
    (microsoft.public.windows.server.dns)
  • Re: DNS pointing to porn site
    ... > Manager of the DNS servers we forward to and they aren't compromised, ... problem in your systems -- either client side or DNS Server ... Herb Martin, MCSE, MVP ... >> Accelerated MCSE ...
    (microsoft.public.windows.server.dns)
  • Re: 0x80072ee7 when connecting over wireless network
    ... It's possible that the ISP's DNS servers are having problems; although if this is the case, it should only be temporary as the ISP should be working to correct any issues. ... To view the HOSTS file, you may need to associate the HOSTS file with Notepad. ... If the HOSTS file contains a static IP address associated with Windows Update, comment the entry by adding the # sign at the beginning of the entry or delete the entire line and save changes to the HOSTS file. ... I have discovered today that if I connect to my ADSL router using an ethernet cable instead of through wireless it seems to work. ...
    (microsoft.public.windowsupdate)
  • XP Pro sp2 - Entries in hosts file not seen
    ... addresses from the ISP's DNS servers. ... A proxy server is not in use. ... it's pointing to the location of the hosts file. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Problem with sendmail when using microsoft DNS forwarders
    ... vulnerabilities and external dependencies. ... @server domain on the internal and external DNS servers and compare the ... You can also try playing with the hosts file on BSD box. ... private DNS servers. ...
    (comp.mail.sendmail)