Re: Ping returns the wrong name; nslookup OK

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Phil Tuttiett" <phil.tuttiett@xxxxxxxxx> wrote in message news:%231C1H6MNKHA.1796@xxxxxxxxxxxxxxxxxxxxxxx
Ace Fekay [MCT] wrote:
"Phil Tuttiett" <phil.tuttiett@xxxxxxxxx> wrote in message news:eQcQGKMNKHA.5072@xxxxxxxxxxxxxxxxxxxxxxx
Ace Fekay [MCT] wrote:
"Phil Tuttiett" <phil.tuttiett@xxxxxxxxx> wrote in message news:%23A4wzNoMKHA.1280@xxxxxxxxxxxxxxxxxxxxxxx
I have a webserver with two IP addresses - one is a NAT and the other is an external address. My internal dns server has the internal ip address for the host, and the external dns A record is hosted in the cloud (externally).

On a Windows 2003 Server (latest patches) - ping www.myhost.com returns the external address, whereas nslookup www.wananga.com returns the internal address (as in 129.0.1.240).

I have two dns entries loaded in network adapter - ipconfig /all shows

Windows IP Configuration

Host Name . . . . . . . . . . . . : kaitiaki
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : twor-otaki.ac.nz

Ethernet adapter Wananga LAN:

Connection-specific DNS Suffix . : twor-otaki.ac.nz
Description . . . . . . . . . . . : HP NC7781 Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-0F-20-97-23-8F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 129.0.1.232
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 129.0.1.1
DNS Servers . . . . . . . . . . . : 129.0.1.251
129.0.1.252
Primary WINS Server . . . . . . . : 129.0.1.251
Secondary WINS Server . . . . . . : 129.0.1.252

Nslookup shows -

C:\>nslookup www.wananga.com
Server: tumatauenga.lan.twor-otaki.ac.nz
Address: 129.0.1.251

Name: www.wananga.com
Address: 129.0.1.240


But ping shows -

C:\>ping www.wananga.com

Pinging www.wananga.com [122.56.6.244] with 32 bytes of data:

Request timed out.
Request timed out.



Does a ping from another machine give the same results?
Is there a HOSTS file on the machine you are pinging from with a www entry and the external IP?

Ping from another machine gives the correct result.
There isn't a hosts table entry - I've had to add one to force the internal IP to resolve correctly.


That's odd. Something's up with the resolver service, unless it got hijacked with a DNS malware product. I was also thinking the hosts file location got hijacked, but since you mentioned you put an entry in there to force it, apparently that's not the case.

Have you run a spyware scan? Try Adaware, then afterwards, run Malwarebytes (both free). Look in Add/Remove for anything you don't recognize, as well as Services for a service that doesn't look familiar.

Ace

Ace
Nope -no spyware.
Here's an interesting one...

The server also hosts a DNS server, but for a different external domain. In discussion with a colleague in the office, I added a stub zone to a primary on the main internal dns server, the re-tried the lookup again.

It now works correctly! I have removed the entries in the hosts table and dns is now being correctly resolved.

So, it appears that if the server hosts a dns server, then the resolver looks there first, regardless of the settings on the network card.


Well, not true. I thought this was a client machine, not a server. Even if it is a DNS server, or any service running on a machine, it will not use itself unless you specifically type its own IP address as a DNS server in it's own IP properties. You can opt to not use itself by simply specifying a different DNS server in it's properties.

Apparently the DNS service itself didn't have a reference to the other internal DNS server that hosts a copy of the internal zone, hence why it was resolving the external address. Once you've made a reference to it (either by a stub, conditional forwarder or secondary zone), then it can resolve it, otherwise it would use it's general forwarder (assuming to the internet) or the Root hints.

Ace

.

Relevant Pages

  • Re: Ping returns the wrong name; nslookup OK
    ... My internal dns server has the internal ip address for the host, and the external dns A record is hosted in the cloud. ... There isn't a hosts table entry - I've had to add one to force the internal IP to resolve correctly. ... In discussion with a colleague in the office, I added a stub zone to a primary on the main internal dns server, the re-tried the lookup again. ...
    (microsoft.public.windows.server.dns)
  • Re: External and Internal IP addresses
    ... (especially if you have only a few hosts to add and things don't change ... Then set the DNS server to forward all non-authoritative requests to ... the ISP's DNS server (or you could just let your internal DNS server do the ... P.S. - this was all written under the assumption that your AD DNS namespace ...
    (microsoft.public.exchange.clients)
  • Re: Question on DNS setup change not working.
    ... The hosts file is used by anything which can use the hosts data to ... The BIND DNS server uses its own configuration files to give answers to ... the /etc/nsswitch.conf file lists how various ...
    (Fedora)
  • Re: Non-Authoritative DNS
    ... My ISP hosts foo.com..and what they have is fine for external ... We have a AD DNS server only. ... I want the machine to resolve some hosts for foo.com, ...
    (microsoft.public.win2000.dns)
  • Re: %PIX-4-106023 messages in log
    ... DNS queries usually time out in 60 seconds, ... Does 167.142.225.5 happen to be your regular DNS server? ... from 167.142.225.5 (as opposed to them asking your internal DNS server ... If your hosts are regularily presenting DNS queries to 167.142.225.5 ...
    (comp.dcom.sys.cisco)