1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wierd Issue .. Plz help

Discussion in 'Network Infrastructure' started by stolenblessing, Apr 7, 2008.

  1. stolenblessing

    stolenblessing Nibble Poster

    60
    0
    21
    Hello folks..

    I have a strange problem. I am pinging a hostname it gives me one IP address, say 10.9.76.14; when I am ping the IP 10.9.76.14 with -a option, it is giving a different FQDN. Why so?

    Any idea...
     
    Certifications: CCNA, MCP (70-290)
    WIP: 70-291
  2. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Is it possible to get CCNA without understanding reverse DNS lookup ? :blink

    From my understanding you can have multiple forward lookups map to the same IP, but you only get one reverse lookup.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  3. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Another possibility is when pinging a CNAME.

    Mind you - not sure about the '-a' option - I thought that just made an audible sound!

    Edit: Ah - a Windows oddity!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  4. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Unfortunately, yes.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. stolenblessing

    stolenblessing Nibble Poster

    60
    0
    21
    I checked the DNS Reverse Lookup Zone, and the two hostnames are mapped to different IP addresses..
    But the question still remains unanswered, why did I get the "strange" ping results..
     
    Certifications: CCNA, MCP (70-290)
    WIP: 70-291
  6. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Ok, my understanding of DNS is not legendary, but heres my basic understanding :-

    An A record or address record maps a hostname to a 32-bit IPv4 address.

    A CNAME record or canonical name record is an alias of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (such as an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and www.example.com.)

    A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address.

    So you normally have one A-record, optionally one or more CNAME records and one PTR record for an IP.

    The A and CNAME records are used for forward lookups meaning multiple domains can map to one IP.
    The PTR record is used for reverse lookups, meaning one IP maps to domain/hostname.

    Thats the common case, turns out you can have multiple PTR records which is new to me, but its not reccomended, maybe theres a valid use if you have some funky requirement !

    http://en.wikipedia.org/wiki/Domain_Name_System
    http://en.wikipedia.org/wiki/Reverse_DNS_lookup
    http://www.digitalpoint.com/lists/19361.html
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  7. stolenblessing

    stolenblessing Nibble Poster

    60
    0
    21
    Is it possible that the command "ping <hostname>" is referring to the local HOSTS file.

    And when I am using the command "ping -a <IP address>", it is referring to the DNS server (a reverse lookup)


    Thank you.
     
    Certifications: CCNA, MCP (70-290)
    WIP: 70-291
  8. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Yep, I was assuming nothing in your hosts file but yes, forward lookups can be resolved locally or from your designated DNS server. So again depending on location of the name query the results can change.

    Its the same thing essentially just you are using your hosts file and not a DNS server with an A or CNAME record.

    Essentially you can configure you hosts file or records to resolve to anything. If configure them to be asymetric thata your fault !

    In a normal correct config it will resolve to the A record. If you were doing your forward lookup with a CNAME the you'd then notice the difference.

    Thats what people have been saying all along.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  9. stolenblessing

    stolenblessing Nibble Poster

    60
    0
    21
    Thanks for the reply.

    I checked the hosts file, but that is no record for hostname to IP address mapping..

    This is making my head spin.....
     
    Certifications: CCNA, MCP (70-290)
    WIP: 70-291
  10. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Can you nslookup the IP on the DNS server and see what records are stored relating to that IP?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  11. stolenblessing

    stolenblessing Nibble Poster

    60
    0
    21
    i'll try that and get back to u. Thanks
     
    Certifications: CCNA, MCP (70-290)
    WIP: 70-291
  12. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    I would expect that you have some stale records in your DNS zones. If you have access to the DNS server I would look through the zones and search for the records that are mapped to that IP.

    It could well be that you have had something registering with dynamic DNS that hasn't removed it's old record, or just poor house keeping on the server itself.
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  13. kevicho

    kevicho Gigabyte Poster

    1,219
    58
    116
    I would check the following.

    Local machine
    Go to the Dos prompt, enter ipconfig /displaydns, this will show any cached records locally, if its in here wrong, do a /flushdns to clear it out, that should eliminate a local caching problem, ping it again, if it works cool, if not go to the server (do a flushdns again once any server modifications are done)

    First thing to do on the server is ping again, will isolate the problem either ways.

    In DNS console check the server zones (reverse lookup is the main one here), if the records are in here correctly, check out the server cache in the DNS console.
    To do this you will have to put it into advanced mode (to make the cache folder appear - right click a zone - view - advanced), if it is in here wrong, delete it

    Look in the arpa folder (as that is usually the reverse lookup zone)

    There will be a number for that IP address somewhere.

    If they are in the zone wrong, delete them and restart that host, or for speed do ipconfig /registerdns to update the dns records.

    If the host is windows and not xp/2k etc then check your DHCP dns tab, for dynamic updates (make sure both a and ptr records are updated dynamically) finally if the host is unix then i would either create the ptr record manually, or better yet, check the option is to make the a (host) record update the ptr record.

    Some step by step things to try here, hopefully will be of some use.
     
    Certifications: A+, Net+, MCSA Server 2003, 2008, Windows XP & 7 , ITIL V3 Foundation
    WIP: CCNA Renewal

Share This Page

Loading...