DNS and/or DHCP issue

Hey gang,

I am having the following issue, and if somethign is wrong with my companies network.

Map

SysA = 10.0.0.10
SysB = 10.0.0.11
SysC = 10.0.0.12

Some machines when you ping 10.0.0.10 will return SysB, but when you ping SysB with the "-a" at 10.0.0.10 you get another machine. This is not happening for every machine. I have flushed the DNS records with the ipconfig /flushdns but i am still haivng this issue.

I am at a lost, and have no idea where i should look to start troubleshooting. If i look on the DHCP snap-in everything is currect. I am then able to get the ip address by goign to the DHCP snap-in.

Again this is not happening with every system.

Thank you.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

Check your reverse look-up zones in DNS. I'm not sure why'd you get different results if you've flushed the cache though. Are all machines pointing to the same DNS server?

sprkymrk

dynamik wrote:

Check your reverse look-up zones in DNS. I'm not sure why'd you get different results if you've flushed the cache though. Are all machines pointing to the same DNS server?

Reverse lookup zones are not by default updated automatically when a client changes ip if I remember correctly. So flushing the cache on a client won't help. You've got to remove the bad records from the DNS server's reverse lookup zone manually.

datchcha

dynamik wrote:

Check your reverse look-up zones in DNS. I'm not sure why'd you get different results if you've flushed the cache though. Are all machines pointing to the same DNS server?

every machine on the netwrok points to the same DNS server.

datchcha

sprkymrk wrote:

dynamik wrote:

Check your reverse look-up zones in DNS. I'm not sure why'd you get different results if you've flushed the cache though. Are all machines pointing to the same DNS server?

Reverse lookup zones are not by default updated automatically when a client changes ip if I remember correctly. So flushing the cache on a client won't help. You've got to remove the bad records from the DNS server's reverse lookup zone manually.

Will this be in somewhat of a simple output? something like SysB - - - 10.0.0.11 or something along those lines? thank you

dynamik

sprkymrk wrote:

dynamik wrote:

Check your reverse look-up zones in DNS. I'm not sure why'd you get different results if you've flushed the cache though. Are all machines pointing to the same DNS server?

Reverse lookup zones are not by default updated automatically when a client changes ip if I remember correctly. So flushing the cache on a client won't help. You've got to remove the bad records from the DNS server's reverse lookup zone manually.

Maybe I didn't phrase that right. I don't understand why some machines are getting different results if he has flushed the cache on the machines. Shouldn't the results be consistently wrong if the record has incorrect data?

undomiel

Sounds like it is time to break out nslookup to see what is really getting pulled from the server against what is being pulled from cache. Also make sure your hosts file is clean. Are you running two dns servers or just one? If two, make sure they're replicating properly.

datchcha

undomiel wrote:

Sounds like it is time to break out nslookup to see what is really getting pulled from the server against what is being pulled from cache. Also make sure your hosts file is clean. Are you running two dns servers or just one? If two, make sure they're replicating properly.

I guess i am running (2). I have the preferred and the alt.

undomiel

Did you check that replication is working properly? Did you try nslookup and query the same records from both servers? Did you verify your reverse look-up zones? We need more info on the results of checking these things.

datchcha

undomiel wrote:

Did you check that replication is working properly? Did you try nslookup and query the same records from both servers? Did you verify your reverse look-up zones? We need more info on the results of checking these things.

Ok I reviewed my DNS Reverse Lookup Zone, and noticed that i have a few double entries.
Example:

10.0.0.11 SysB
10.0.0.11 SysC

Woud it be safe to delete the entries? will they be rebuilt?

Thank you,

snadam

datchcha wrote:

undomiel wrote:

Did you check that replication is working properly? Did you try nslookup and query the same records from both servers? Did you verify your reverse look-up zones? We need more info on the results of checking these things.

Ok I reviewed my DNS Reverse Lookup Zone, and noticed that i have a few double entries.
Example:
10.0.0.11 SysB
10.0.0.11 SysC

Woud it be safe to delete the entries? will they be rebuilt?

Thank you,

you can always re-create them if they cause further issues, but it also depends on how the DNS records are replicated throughout your network. But judging from your example, YES that would surely cause DNS issues if resolving IP to host names.

to further strengthen sprkymrk's point, I think the key here is to find out exactly how your zones are being replicated.

dynamik

Also check how you're configured for DNS updates, and be sure to check if DHCP is updating the records on behalf of the clients as well.

sprkymrk

If you are using 2 or more DHCP servers, and you are using dynamic "secure" updates, you need to use the DnsUpdateProxy group so that a single DHCP server will not own the records for all it's clients, thus causing problems when the original DHCP server is unavailable and the client gets an address from a different server. The new server will be unable to update the cleint record.

Also take a look on your DHCP server at option 81. This tells how the server is configured to perform the updates and such. Most likely, the client registers it's own A record, while the DHCP server registers the clients PTR record.

Of course all this assumes W2K or higher.

RTmarc

Make sure you enable records scavenging.

blargoe

The answer to your questions is completely dependent on the OS that the DHCP servers and the OS of the systems sysa, sysb, and sysc.

sprkymrk

blargoe wrote:

The answer to your questions is completely dependent on the OS that the DHCP servers and the OS of the systems sysa, sysb, and sysc.

Since he mentioned a "DHCP snap-in" I assumed it was a Windows network. Ipconfig /flushdns is also a Windows TCP/IP command, so that would make the clients windows too.

Linux/Unix machines don't have a "DHCP Snap-in", and linux clients use ifconfig.

datchcha

thanks for the insight, i will check all of your suggestions.

Thank you.

royal

Awwww. So busy today I missed all the DNS fun!