Brainfreeze: Can ping but nslookup does not work?

[KuiXing-2005]

Hello all-

My brain freezed on this one. I am trying to verify some servers site admin give me a list of and some are coming up that nslookup cannot find in DNS, but I can ping them. The site admin provided me the names and ips as part of the information I requested to start their upcoming audit, and I tried nslookup with the ip and the hostname. Again - most of the servers worked - but two did not - and all are on the same subnet. I know I should know this, but please have mercy and let me know why this is happening? ARPcache? DNS not updated? Something else?

Also - if someone can google a problem like this - could you share the search string please? I was not even sure how to word this issue in a couple words or less.

I hate this feeling - the feeling like you know something about networks and then something like this just pushes you off your little ego mountain. Damm!t! Well back to my picture books.

TIA.

[RoadClosed]

I am assuming your IP config is set to the correct name server and that same name server pops up in nslookup when you enter the console? If that is the case, I would look at the entrys in the DNS server, maybe they are not part of the directory, again assuming you are in a directory network. Or there are replication issues if they are part of the domain.

You can view your local arp just to eliminate that factor if you like. c:>arp -a But you should only see your machine and the proper DNS server in their.

[Tiger Shark]

Probably a really silly question but I like to start with the obvious.

Is the DNS service on those two servers actually running or have they been disabled, crashed at start or stopped providing DNS resolution?

[zENGER]

When you say you're able to ping them but not nslookup them up, are you pinging their IP or their DNS name?

[zencoder]

KuiXing, I've seen this before...

IIRC, the nslookup command will ALWAYS go to the DNS server and ask for a response...but if you have a host file with entries, the ping (or any other network command) may get its address from there, depending on resolve configurations. Have you flushed the local dns cache and tried again?

[KuiXing-2005]

Hello all-

My apologies for not replying earlier.

Ok:

I am assuming your IP config is set to the correct name server and that same name server pops up in nslookup when you enter the console? If that is the case, I would look at the entrys in the DNS server, maybe they are not part of the directory, again assuming you are in a directory network. Or there are replication issues if they are part of the domain.

Yes - I am pointing to the correct name server. I am able to nslookup the other machines in the list.

However - I will need to contact the admin to see if the servers are in the domain - thanks!

Probably a really silly question but I like to start with the obvious.
Is the DNS service on those two servers actually running or have they been disabled, crashed at start or stopped providing DNS resolution?

Ahhh - good question - you're right - basic and yet quite true - something to check with the SA.

When you say you're able to ping them but not nslookup them up, are you pinging their IP or their DNS name?

Did both - on two of the servers (they are W2K) I can ping by ip by not hostname.

IIRC, the nslookup command will ALWAYS go to the DNS server and ask for a response...but if you have a host file with entries, the ping (or any other network command) may get its address from there, depending on resolve configurations. Have you flushed the local dns cache and tried again?

Hmm - nope will ask the SA about that if the above does not work - I may have to approach Networking as well.

FYI - I have to check with the SA group on all of these because as an auditor, as many of you know, I do not and should not have everyday access to any servers or workstations; outside of my group. My follow-up will also be interesting to see how the site responds to questioning.

Thank you all for your suggestions - I am will be firing off a few notes to see where it takes me. I will let you know what happens.

[zencoder]

FYI - I have to check with the SA group on all of these because as an auditor, as many of you know, I do not and should not have everyday access to any servers or workstations; outside of my group. My follow-up will also be interesting to see how the site responds to questioning.

This is an excellent opportunity to do a little auditing on social-engineering-resistance.

[KuiXing-2005]

This is an excellent opportunity to do a little auditing on social-engineering-resistance.

In my best Montgomery Burns voice: "Yesssss - Excelllllent"

From the Marathon Man: "So tell me, is it safe (dental drill winds up)?"

[Computernerd22]

Have you tried using these in the command prompt


ipconfig /flushdns
ipconfig /displaydns

Perhaps reseting the TCP/IP Stack by clicking start, run, type: "netsh int ip reset resetlog.txt", also, flush the DNS by using "ipconfig /flushdns",

Did both - on two of the servers (they are W2K) I can ping by ip by not hostname.

If you can ping by IP address but not by the hostname, then your winsock file is corrupted. To fix this: Click on start go to run, enter: netsh winsock reset, If entered correctly then you will see the command prompt come up then disappear after that reboot PC. Hope this helps, Computernerd22

[RoadClosed]

As an auditor I would wager the possibility that you are NOT part of the domain. And therefore Windows is ignoring your DNS requests. Therefore you MUST ping the fully qualified domain name. That would equate to something like Host1.domain.com versus just pinging Host1.

Just a guess though.