Wierd Issue .. Plz help

[stolenblessing]

Hello folks..

I have a strange problem. I am pinging a hostname it gives me one IP address, say 10.9.76.14; when I am ping the IP 10.9.76.14 with -a option, it is giving a different FQDN. Why so?

Any idea...

[dmarsh26]

Is it possible to get CCNA without understanding reverse DNS lookup ?

From my understanding you can have multiple forward lookups map to the same IP, but you only get one reverse lookup.

[hbroomhall]

Another possibility is when pinging a CNAME.

Mind you - not sure about the '-a' option - I thought that just made an audible sound!

Edit: Ah - a Windows oddity!

Harry.

[BosonMichael]

Quote:

Originally Posted by dmarsh26

Is it possible to get CCNA without understanding reverse DNS lookup ?

Unfortunately, yes.

[stolenblessing]

Quote:

Originally Posted by dmarsh26

Is it possible to get CCNA without understanding reverse DNS lookup ?

From my understanding you can have multiple forward lookups map to the same IP, but you only get one reverse lookup.

I checked the DNS Reverse Lookup Zone, and the two hostnames are mapped to different IP addresses..
But the question still remains unanswered, why did I get the "strange" ping results..

[dmarsh26]

Ok, my understanding of DNS is not legendary, but heres my basic understanding :-

An A record or address record maps a hostname to a 32-bit IPv4 address.

A CNAME record or canonical name record is an alias of one name to another. The A record to which the alias points can be either local or remote - on a foreign name server. This is useful when running multiple services (such as an FTP and a webserver) from a single IP address. Each service can then have its own entry in DNS (like ftp.example.com. and www.example.com.)

A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address.

So you normally have one A-record, optionally one or more CNAME records and one PTR record for an IP.

The A and CNAME records are used for forward lookups meaning multiple domains can map to one IP.
The PTR record is used for reverse lookups, meaning one IP maps to domain/hostname.

Thats the common case, turns out you can have multiple PTR records which is new to me, but its not reccomended, maybe theres a valid use if you have some funky requirement !

http://en.wikipedia.org/wiki/Domain_Name_System
http://en.wikipedia.org/wiki/Reverse_DNS_lookup
http://www.digitalpoint.com/lists/19361.html

[stolenblessing]

Is it possible that the command "ping <hostname>" is referring to the local HOSTS file.

And when I am using the command "ping -a <IP address>", it is referring to the DNS server (a reverse lookup)


Thank you.

[dmarsh26]

Yep, I was assuming nothing in your hosts file but yes, forward lookups can be resolved locally or from your designated DNS server. So again depending on location of the name query the results can change.

Its the same thing essentially just you are using your hosts file and not a DNS server with an A or CNAME record.

Essentially you can configure you hosts file or records to resolve to anything. If configure them to be asymetric thata your fault !

In a normal correct config it will resolve to the A record. If you were doing your forward lookup with a CNAME the you'd then notice the difference.

Thats what people have been saying all along.

[stolenblessing]

Thanks for the reply.

I checked the hosts file, but that is no record for hostname to IP address mapping..

This is making my head spin.....

[Stoney]

Can you nslookup the IP on the DNS server and see what records are stored relating to that IP?

[stolenblessing]

Quote:

Originally Posted by Stoney

Can you nslookup the IP on the DNS server and see what records are stored relating to that IP?

i'll try that and get back to u. Thanks

[Stoney]

I would expect that you have some stale records in your DNS zones. If you have access to the DNS server I would look through the zones and search for the records that are mapped to that IP.

It could well be that you have had something registering with dynamic DNS that hasn't removed it's old record, or just poor house keeping on the server itself.

[kevicho]

Quote:

Originally Posted by Stoney

I would expect that you have some stale records in your DNS zones. If you have access to the DNS server I would look through the zones and search for the records that are mapped to that IP.

It could well be that you have had something registering with dynamic DNS that hasn't removed it's old record, or just poor house keeping on the server itself.

I would check the following.

Local machine
Go to the Dos prompt, enter ipconfig /displaydns, this will show any cached records locally, if its in here wrong, do a /flushdns to clear it out, that should eliminate a local caching problem, ping it again, if it works cool, if not go to the server (do a flushdns again once any server modifications are done)

First thing to do on the server is ping again, will isolate the problem either ways.

In DNS console check the server zones (reverse lookup is the main one here), if the records are in here correctly, check out the server cache in the DNS console.
To do this you will have to put it into advanced mode (to make the cache folder appear - right click a zone - view - advanced), if it is in here wrong, delete it

Look in the arpa folder (as that is usually the reverse lookup zone)

There will be a number for that IP address somewhere.

If they are in the zone wrong, delete them and restart that host, or for speed do ipconfig /registerdns to update the dns records.

If the host is windows and not xp/2k etc then check your DHCP dns tab, for dynamic updates (make sure both a and ptr records are updated dynamically) finally if the host is unix then i would either create the ptr record manually, or better yet, check the option is to make the a (host) record update the ptr record.

Some step by step things to try here, hopefully will be of some use.