Problem Ping & Tracert issue

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys

I came across an interesting problem today at a customers site. It turns out no matter what you ping or tracert you get a response from an external IP. Always the same IP address which i don't recognise.

So anyone got any pointers? My guess is that the DNS servers are sticking the domain suffix on everything and then sending it out to the web.

(i did have fun thinking of words to ping or tracert such as ping pongmerrilyonhigh)

Cheers in advance

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Simple questions first:

Are the machines DNS servers what you expect them to be?
Is the hosts file clean?

I've seen mDNSResponder causing DNS issues on client machines so check for iTunes. You can disable the service and test.

Additionally:

Does it matter where you ping from or is this happening on all clients/servers?
If you do a manual nslookup do you get a different response using the internal DNS server vs Googles or OpenDNS ?

 

Yeah the same ip address responds to ping or tracert. Im in the office tomorrow so ill have time to have a proper look then.

 

If the hostname is in DNS the server will respond with the correct ip (ping mail ........10.10.10.1)
If the hostname isnt in DNS the server reponds with an external ip (ping .........pleasedontrespond 72.1.5.1) The external ip that responds is always the same and looking it up online it appears to be a hosting company. The hostname of the ip looks correct ie myclient.hostingcompany.com.

This is the same from both of the main DNS servers. However there is a 3rd DNS server on site that behaves normally.
Its active directory intergreated DNS and i couldnt see any differences in the config.
I feel like theres a setting in DNS im forgetting about.

 

Probably a daft question but whats the internal domain name is it company.local and not company.com or similar is it.

 

Hi Dales, the internal domain is company.companyname.org

 

We had a similar issue a while back, it turned out that the firewall was misconfigured for Proxy ARP and was responding on behalf of our VMWare hosts, that was a fun day!

 

Are the DNS forwarders identical across all three boxes?

 

Yep the same on all 3