Got a DNS issue I cant figure out....

tdean · October 2011

Its not a biggie, I think I’ve just been looking at it too long, if you know what I mean… we set up a new cisco asa at a remote location. Rebuilt the vpn and had to change the subnet from 3.1 to 4.1. Sooo… new subnet 4.1 replaces 3.1. from the remote pc, can access our other subnets by ip. I can ping everything. i can rdp INTO the remote machine by host name across subnets, but cant rdp into anything FROM that machine by host name. my redirected "my docs" doesnt snych.... also getting a message the "domain is not avail" for people that havent logged in before.

on the remote pc nic (new 4.1 network) i added our internal dns ip's and couldnt even get on the net. i added the isp dns and it works fine... the pc also gets all the info (ip, gw, dns server) from the ASA if I change the nic to do it automatically rather than statically.

I cant find anything in AD that references the old 3.1.... so this confuses me.

would adding something like a new dns zone help this? Does this even make sense?

RomBUS · October 2011

Hmm I know this maybe basic but try flushing the DNS resolver cache and reregistering DNS of the client that is having the issue (if it is only the one)

Krunchi · October 2011

Did you clear out the DNS cache?

tdean · October 2011

yes... no luck.

pham0329 · October 2011

tdean wrote: »

on the remote pc nic (new 4.1 network) i added our internal dns ip's and couldnt even get on the net. i added the isp dns and it works fine... the pc also gets all the info (ip, gw, dns server) from the ASA if I change the nic to do it automatically rather than statically.

can you ping your dns servers from the remote host? When the internal dns is set, does it actually resolves host name at all? Port 53 isn't blocked is it?

tdean · October 2011

pham0329 wrote: »

can you ping your dns servers from the remote host? When the internal dns is set, does it actually resolves host name at all? Port 53 isn't blocked is it?

i can ping by ip sucessfully, but not by host name. 53 is not blocked as far as i can tell.

pham0329 · October 2011

When you ping by hostname, does it resolve the correct IP or does it timeout/not resolve to anything?

tdean · October 2011

i wonder about removing it from the domain then readding it....

tdean · October 2011

pham0329 wrote: »

When you ping by hostname, does it resolve the correct IP or does it timeout/not resolve to anything?

i get this...

C:\Documents and Settings\tdean>ping tcsdc02
Ping request could not find host tcsdc02. Please check the name and try again.

unclerico · October 2011

Have you tried fqdn?

demonfurbie · October 2011

it sounds like a ptr record issue

if you can ping the ip but not the name

also check the global names zone if its windows server

tdean · October 2011

unclerico wrote: »

Have you tried fqdn?

i tried adding the domain suffix after the hostname i was trying to ping. no deal.

tdean · October 2011

demonfurbie wrote: »

it sounds like a ptr record issue

if you can ping the ip but not the name

also check the global names zone if its windows server

i added an entry for the remote machine in dns. no diffrence.

we're still on 2003, how do i check ptr records or global name zone? what should i see? there is nothing in AD that even points to the old 3.1 netwrork that was working perfectly.

tdean · October 2011

this is from my workstation to the remote pc:

C:\Documents and Settings\tdean>ping 172.22.4.100
Pinging 172.22.4.100 with 32 bytes of data:
Reply from 172.22.4.100: bytes=32 time=26ms TTL=127
Reply from 172.22.4.100: bytes=32 time=21ms TTL=127
Reply from 172.22.4.100: bytes=32 time=22ms TTL=127
Reply from 172.22.4.100: bytes=32 time=26ms TTL=127
Ping statistics for 172.22.4.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 26ms, Average = 23ms
C:\Documents and Settings\tdean>ping tcs-2140
Pinging tcs-2140.TheXXXXXXXXX.local [172.22.4.100] with 32 bytes of data:
Reply from 172.22.4.100: bytes=32 time=23ms TTL=127
Reply from 172.22.4.100: bytes=32 time=24ms TTL=127
Reply from 172.22.4.100: bytes=32 time=26ms TTL=127
Reply from 172.22.4.100: bytes=32 time=55ms TTL=127

and now the other way.....

C:\Documents and Settings\tdean>ping 172.22.1.242Pinging 172.22.1.242 with 32 bytes of data:
Reply from 172.22.1.242: bytes=32 time=22ms TTL=127
Reply from 172.22.1.242: bytes=32 time=22ms TTL=127
Reply from 172.22.1.242: bytes=32 time=22ms TTL=127
Reply from 172.22.1.242: bytes=32 time=22ms TTL=127
Ping statistics for 172.22.1.242:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 22ms, Average = 22ms
C:\Documents and Settings\tdean>ping tcs-2169
Ping request could not find host tcs-2169. Please check the name and try again.

undomiel · October 2011

Time to break out nslookup. When you point nslookup at the internal DNS server is it able to resolve anything. Does a look up for gc._msdcs.yourdomain.local return anything? nltest /dnsgetdc:youdomain.local return anything? Are you able to telnet probe port 53 on the internal DNS from the remote PC? It really sounds like there's a firewall in the way somewhere blocking DNS traffic.

tdean · October 2011

just an update.... there is no update. cant do anything today b/c there is a girl working at that computer all day. Will resume tomorrow.

undomiel · October 2011

psexec is your best friend, it will get you in for some troubleshooting without disturbing the logged in user: PsExec

Got a DNS issue I cant figure out....

Comments