sundance-communications.com/forum Forums VOIP Phones & IP PBX Networking Crazy DNS error

2003/2008 Active Directory with two servers, both are DCs.

This is only happening on one workstation (out of 5).

nslookup resolves the second server using the first domain controller for DNS to the
private (192.x.x.x) address

When I ping the first server, it is resolving to a public address (167.x.x.x).

The DNS setting on the workstation NIC points to the first controller and has no setting for a second.

All other workstations are resolving the IPs properly.

Any host file entries on that one workstation? If you were having the problem anywhere else I would suspect you had external zones on that same DNS server. Are you using the fully qualified domain name when you ping? How about when you use nslookup?

No host entries, these are recently installed machines (2 weeks)

Regardless of whether I'm using the netbios handle or a FQDN, it still resolves to the LAN address on nslookup yet pings to the internet address (which is the website -- I have an alias for it).

After ipconfig /flushdns it will resolve to the LAN address for a while but eventually goes back to the internet address (167.x.x.x)

I've only seen this in situations where:

A) The DNS server has both internal and external zones.

B) The AD domain name is identical to the Internet domain name used for your website etc.

If this is the case, I would recommend you have a separate DNS server, not integrated with AD, for any external zones. I would also change the AD domain name so there can be no confusion between what is internal and what is external. "something.internal" instead of "something.com" for example.

Yes the AD name is the same as the website domain name.

What puzzles me is that only one workstation out of five is doing this. Furthermore, nslookup resolves it correctly each and every time but ping does not.

The only thing it's actually screwing up is access to a SQL server that is ran on the second server. All file shares which are also on that same server work just fine.

Try doing the nslookup several times in a row with the same hostname. nslookup will check with the name server every time you ask it to, but ping will use whatever is in the cache, so there's only one lookup. I have a feeling the problem would present itself on more workstations than this one. If the DNS server has multiple IPs for the same host name (your inside server IP and your external IP) it will alternate which IP it gives out when there is a lookup request. So you will sometimes get the external IP for internal clients, and external clients may also get your internal IP. I strongly recommend using different DNS servers and a different naming scheme for the internal and external services. Otherwise you will end up with a DNS nightmare down the road.

I'll try that...

It's still odd to me that only one workstation is having this issue and I have a dozen different ADs that I manage for different clients and all have the same AD naming convention (web domain in the AD) and have absolutely no problems.

This is so flipping weird and is going to be a huge problem real soon. It's now "tax season" and having an issue like this at a CPA office isn't exactly what I call an ideal situation.

It worked fine for a week on this one particular workstation but now all of a sudden is doing it again.

I thought an "easy" fix would be to add an A record to the nameservers....I didn't realize they wouldn't take a private address

As a kludge you can always add a record in your HOSTS file. HOSTS overrides DNS. Not a fix but a workaround to last until you can dig into it after crunch time. I'd look at secondary DNS. Bear in mind M$ ping is anything but RFC compliant. Ditto for their flavor of ICMP. I'd look at the M$ knowledebase for how their ping really works. That is where I'd expect to find the answer.

Here's the crazy thing...that particular machine...has no secondary DNS set right now.

I went the HOSTS file solution a few days ago. As long as this works through April (end of tax season) I'll be ok