Articles

Win resolves host to wrong IP

May 5, 2009 at 00:01:42
Specs: Windows XP

Hello all

Scenario: A company network based on windows PCs and a active directory domain controller (Win Server 2003).

Recently I set up a new web server called Midway. During installing Win 2003 on it, the server was assigned a dynamic IP (192.168.0.184 seemingly) by the DHCP server. I added the server in this state to the Domain. Only afterwards, I changed it to a static IP which is 192.168.0.68.

Now I have the problem that sometimes my client WinXP PC suddenly thinks that Midway was 184 instead of 68, and cannot contact it anymore.

The domain controller is set as our DNS server. In its DNS config, 184 is defined in the forward as well as reverse lookup zones, mapping to a machine different from midway, and 68 is defined in both zones mapping to midway.

Further the Domain Controller acts as DHCP server, and in its DHCP leases list, 184 is not mapped to midway anymore (it was in the beginning, but I removed it and since then it did not re-appear), and has since even been assigned to an other machine.

In the WINS config, no name is defined at all.

In my local hosts file, neither midway nor 68 nor 184 are mapped to anything, since I want the name to be resolved by the DNS server.

nslookup resolves the name correctly!

Reconfiguring my PC with ipconfig /renew immediately stops the issue (until it shows up again some hours later).

Actually I already asked the same question earlier, without success. I was then recommended to start a new thread with the ipconfig and nslookup details.

The old thread can be found on:
http://www.computing.net/answers/ne...

Now, please find the details below. First I want to thank you in advance for your hints.
Cheers,
chiccodoro

Note: 68 is the correct IP, 184 is the wrong one. 184 lies within the leases range of the DHCP server, while 68 is outside the range.

ping

H:\>ping midway

Pinging midway [192.168.0.184] with 32 bytes of data:

Request timed out.

ipconfig
dc1 = 192.168.0.1 is the domain controller, DNS and DHCP server. The hidden DNS servers are all external ones which do not know of any 192.168.0.* network and should be irrelevant. The DNS suffix "foobar" is actually called different, but is not fully qualified and does not contain any dots.

H:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : NAXOS
        Primary Dns Suffix  . . . . . . . : foobar
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : foobar

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connect
ion
        Physical Address. . . . . . . . . : (hidden)
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.185
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.101
                                            192.168.0.103
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 192.168.0.1
                                            (hidden)
        Primary WINS Server . . . . . . . : 192.168.0.1
        Lease Obtained. . . . . . . . . . : Dienstag, 5. Mai 2009 08:10:22
        Lease Expires . . . . . . . . . . : Dienstag, 5. Mai 2009 23:10:22

nslookup:

H:\>nslookup midway
Server:  dc1.foobar
Address:  192.168.0.1

Name:    midway.foobar
Address:  192.168.0.68

midway itself looks as follows:

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : midway
   Primary Dns Suffix  . . . . . . . : foobar
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : foobar

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
   Physical Address. . . . . . . . . : (hidden)
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.68
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.101
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       192.168.0.2

and it pings correctly:

C:\>ping midway

Pinging midway.foobar [192.168.0.68] with 32 bytes of data:

Reply from 192.168.0.68: bytes=32 time=3ms TTL=128


flushdns (on the client) does not help:

H:\>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

H:\>ping midway

Pinging midway [192.168.0.184] with 32 bytes of data:

ipconfig /renew helps:

H:\>ipconfig /renew

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.0.185
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.101
                                            192.168.0.103

H:\>ping midway

Pinging midway.foobar [192.168.0.68] with 32 bytes of data:

Reply from 192.168.0.68: bytes=32 time=1ms TTL=128


See More: Win resolves host to wrong IP

Report •


#1
May 5, 2009 at 08:34:52

Default Gateway . . : 192.168.0.101
192.168.0.103

Why are there 2 default gateways? Is something dual homed?

Secondly, I'm not sure about having an internal & external DNS entry on the same NIC.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
May 5, 2009 at 09:33:47

Hello guapo

The second gateway is connected to another provider and is used if the first fails for some reason. However I don't consider the gateway relevant, or does it matter for resolving names?

The external DNS is for the case that the domain controller fails. Hmmm... do you really think the problem should stem from there? Up to that day when I installed midway, everything worked fine, and still does so, except for that single server...


Report •

#3
May 5, 2009 at 10:08:36

Midway is static
Naxos is dynamic

This means that when you run ipconfig /renew it is only against Naxos.
Running ipconfig /renew against Midway should generate a error due to static ip.

You should only have one gateway listed as provided by dhcp

"Note: 68 is the correct IP, 184 is the wrong one."

Can't see the forest for the trees?

Look at the ipconfig again. It's 185 not 184

I would suspect you have two active dhcp servers. Simple test. Shutdown the dc which contains dhcp. Reboot midway and see what it gets.

No server should every be on dynamic ip.

What happened to wega for dns suffix per your previous post? Now you have foobar. As I pointed out previously that does not look right. It would be foobar.net or foobar.org.

What is your namespace name?


Report •

Related Solutions

#4
May 5, 2009 at 19:42:08

You would be better off with a dual WAN router if you want to have a backup ISP. Two internal default gateways won't work.
___________________

The external DNS entry can't resolve Midway under any circumstances if the internal entry fails. Remove the external entry temporarily. Run your ipconfig renew. that you said helps & see if it loses the ability to resolve Midway.

How do you know when a politician is lying? His mouth is moving.


Report •

#5
May 6, 2009 at 06:27:21

@wanderer:

Sorry if confusing you. Let me try to explain again.

Naxos = 185 is my windows client, and the clients are assigned their IPs and DNS hosts through DHCP.

Midway = 68 is the server, which had the dynamic IP 184 for a very short time during setup, before I changed it to the static 68.

On my client Naxos, the issue shows up that when trying to access Midway, it suddently resolves to 184 again and therefore fails to contact it.

Hmm... how to find out whether there is a second DHCP server on the network? I cannot simply shutdown the primary domain controller, since our company network relies on it. Can I find which DHCP server my current ipconfig stems from? I have already asserted that the Backup Domain Controller has no DHCP service running, and I don't know what else server should be running DHCP. Further I have asserted that even in the phases when my PC resolves the midway to the wrong IP, the DNS server setting still points to the same DNS server(s).

The "foobar" suffix: I changed it in this place to become a little bit more anonymous (not against humans but at least against scanners).

@guapo:
O.k. will consider the idea to remove the external DNS servers. Still I don't expect a change from that: The external DNS servers do not resolve midway to any IP since they do not know any 192.168.* networks, so the 184 cannot stem from these.

@both:
The gateway thing: O.k., will think of your advices there. But does that matter for name resolving? I cannot imagine that. My path to midway is not even routed through any of these at all, since the server is within the same network.


Report •

#6
May 6, 2009 at 06:51:52

The way I understand it, default gateway means one & only one. If a Windows machine has the chance to go in two directions, anything can happen. It's very hard, if not impossible, to control in Windows.

Apparently, you are trying to resolve the problem during business hours. Is there any chance you can trade a day for a Sunday or a night shift? You really need the down time.

How do you know when a politician is lying? His mouth is moving.


Report •

#7
May 6, 2009 at 11:16:02

OK Naxos is a client pc not a server.

Have you reviewed the DNS entries and WINS entries [especially the wins entries] on the dc1 @ 192.168.0.1?

Do you have the ping midway resolve to .184 on any pc you use not just Naxos? In other words is it machine specific or network specific.

What I would suggest is download Wireshark and run your ping midway again. See who it is that responds.

BTW since ping is not used for name resolution and midway resolves correctly using nslookup this is an irritation not a major system config error. Always nice to have SOME good news.


Report •

#8
May 11, 2009 at 06:01:27

Yes!!!

One small step by the mankind, one giant leap for a man :-)

I managed to locate the very packets causing the problem, using Wireshark on my PC.

Indeed, it is a NETBIOS request to the domain controller whose response is 192.168.0.184, after some trials to resolve the name via DNS.

The problems seems to occur only when the client does not send a DNS request to the domain controller for any reason (availability?). So it tries to contact the external DNS servers which fail to resolve the name. Then a NETBIOS request is made, and the 184 address is received.

Now the next question arising is: How can I modify the NETBIOS name-IP mapping on the domain controller?

Of course, I will google for that, however my first google searches have not yet brought me to the answer.


Report •

#9
May 11, 2009 at 09:12:27

Correct the wins server entry which is clearly wrong.

Report •

#10
May 11, 2009 at 11:57:12

Hello wanderer

I have now realized that this seems to be WINS although I claimed in the beginning that there was no entry in the WINS. To be precise, I did not understand that I must choose the "view entries" context menu before the list of WINS entries is displayed :-)

However, although I could find the entry that was indeed wrong, I could only view but not change it. The only thing I can do is delete the entries. Can I rely on the domain controller to automatically create new correct entries after deleting them, at least after a reboot of MIDWAY, or do I need to remove MIDWAY from the Domain and add it again?

Sorry for these basic questions, but since we have been led to this point now anyway...


Report •

#11
May 11, 2009 at 12:06:30

You can delete it. You also have the ability to create a manual record which you should do for a server.

A question to ask yourself is why is dns not resolving and it is referring to netbios resolution.

http://support.microsoft.com/kb/119493

"Primary WINS Server . . . . . . . : 192.168.0.1"

what you see with wireshark from your workstation makes sense due to this ipconfig result. x.x.x.1 is a gateway not your wins server. Looks like you have dhcp/workstation misconfiguration as well as server/wins config issues.


Report •

#12
May 11, 2009 at 12:35:55

Thank you for your hints!

Concerning the gateway/nameserver:

Our gateway is 101, 1 is our domain controller which acts as DNS, WINS and DHCP server. Might be misleading, but this is indeed our configuration. Therefore these entries in the ipconfig.


Report •

#13
May 11, 2009 at 14:45:48

That's right. This thread has gotten so long [and I read/answer so many] that I don't always recall nontraditional ip setups.

Good luck!


Report •


Ask Question