Troubleshooting Name Resolution Problems


Troubleshooting Name Resolution Problems

Troubleshoot host name resolution.

  • Diagnose and resolve issues related to DNS services.

  • Diagnose and resolve issues related to client computer configuration.

Troubleshooting name resolution is a sometimes tricky art that you may well need to master. Fortunately, Windows Server 2003 provides a wealth of tools that you can use to quickly determine and correct the cause of the problems at hand. You have five basic tools at your disposal when it comes to troubleshooting name resolution issues:

  • ipconfig

  • ping

  • nbtstat

  • tracert

  • pathping

  • nslookup

We will briefly examine the use of each of these tools in the following sections.

ipconfig

The first, and easiest , step in troubleshooting any TCP/IP “related network problem is to gather information about the computer on which the problem is occurring or has been reported . The ipconfig command makes this process easy. To get a complete report of the computer's IP configuration properties, enter the ipconfig/all command at the command line. A typical output might look something like that shown here:

 
 c:\>ipconfig/all Windows IP Configuration    Host Name . . . . . . . . . . . . : a51svr3142    Primary Dns Suffix  . . . . . . . : lab1.area51partners.com    Node Type . . . . . . . . . . . . : Hybrid    IP Routing Enabled. . . . . . . . : Yes    WINS Proxy Enabled. . . . . . . . : No    DNS Suffix Search List. . . . . . : lab1.area51partners.com                                        area51partners.com Ethernet adapter Cluster:    Media State . . . . . . . . . . . : Media disconnected    Description . . . . . . . . . . . : Linksys LNE100TX    Physical Address. . . . . . . . . : 02-BF-0A-00-00-01 Ethernet adapter Administration:    Connection-specific DNS Suffix  . :    Description . . . . . . . . . . . : Realtek RTL8139    Physical Address. . . . . . . . . : 00-E0-7D-C1-3E-70    DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 192.168.0.123    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : 192.168.0.1    DNS Servers . . . . . . . . . . . : 192.168.0.240                                        192.168.0.100    Primary WINS Server . . . . . . . : 192.168.0.240    Secondary WINS Server . . . . . . : 192.168.0.241 

You can learn several key pieces of information about your computer's network connections just from examining the output of the ipconfig/all command. First, the top of the output tells you the hostname and domain that the computer belongs to as well as the DNS suffixes that have been configured for the computer. Note that additional connection-specific DNS suffixes are listed later in the detail. Moving down to the first network connection, Cluster , notice that its status is shown as Media disconnected , which means that either the network cable is disconnected at one or both ends or that the device the cable is attached to (a switch or hub) is not powered on. This might be your first sign of a problem.

The second network connection, Administration , shows the full gamut of information that can be gleaned from the ipconfig/all command, including whether DHCP is enabled for the adapter, the IP address assigned, the default gateway (always a prime concern when problems arise with computers on different subnets), and other critical information including the IP addresses for the DNS servers in use by the network connection. All this information can be used to identify where the problem lies by determining simply "what doesn't look right." Usually, the problem jumps right out at you after you start to look around for it.

You also can use the ipconfig command to display and purge the contents of the local DNS resolver cache, as shown in the following output:

 
 c:\>ipconfig/displaydns Windows IP Configuration     1.0.0.127.in-addr.arpa     ----------------------------------------     Record Name . . . . . : 1.0.0.127.in-addr.arpa.     Record Type . . . . . : 12     Time To Live  . . . . : 276808     Data Length . . . . . : 4     Section . . . . . . . : Answer     PTR Record  . . . . . : localhost     a51svr3042.lab1.area51partners.com     ----------------------------------------     Record Name . . . . . : A51SVR3042.lab1.area51partners.com     Record Type . . . . . : 1     Time To Live  . . . . : 2721     Data Length . . . . . : 4     Section . . . . . . . : Answer     A (Host) Record . . . : 192.168.0.240     Record Name . . . . . : A51SVR3042.lab1.area51partners.com     Record Type . . . . . : 1     Time To Live  . . . . : 2721     Data Length . . . . . : 4     Section . . . . . . . : Answer     A (Host) Record . . . : 10.0.0.10     Record Name . . . . . : A51SVR3042.lab1.area51partners.com     Record Type . . . . . : 1     Time To Live  . . . . : 2721     Data Length . . . . . : 4     Section . . . . . . . : Answer     A (Host) Record . . . : 10.0.0.1 c:\>ipconfig/flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. c:\>ipconfig/displaydns Windows IP Configuration     1.0.0.127.in-addr.arpa     ----------------------------------------     Record Name . . . . . : 1.0.0.127.in-addr.arpa.     Record Type . . . . . : 12     Time To Live  . . . . : 276751     Data Length . . . . . : 4     Section . . . . . . . : Answer     PTR Record  . . . . . : localhost     localhost     ----------------------------------------     Record Name . . . . . : localhost     Record Type . . . . . : 1     Time To Live  . . . . : 276751     Data Length . . . . . : 4     Section . . . . . . . : Answer     A (Host) Record . . . : 127.0.0.1 

This command can be helpful in situations in which the local DNS cache is corrupt or contains invalid information. This cache will rebuild itself over time as the computer queries DNS servers.

ping

The ping command is practically as old as TCP/IP networking itself. You can use the ping command to test basic network connectivity between two computers, over local and remote networks. The basic syntax of the ping command looks something like ping computerIP or ping HostName . This command causes Windows to send four special Internet Control Message Protocol (ICMP) packets to the remote computer that are then returned to the local computer. You can instruct Windows to send a continuous stream of ping packets by using the ping -t command. Using the ping -a command specifies that name resolution is to be performed during the ping process.

NOTE

The story of ping If you want to see the history of the ping command and learn some other interesting ping -related trivia, be sure to visit the page of the late Mike Muuss, creator of the ping application. You can find it located at http://ftp.arl.mil/~mike/ping.html.


You can see the standard output of the ping command here without the use of any modifying switches:

 
 C:\>ping mcseworld.com Pinging mcseworld.com [207.44.182.13] with 32 bytes of data: Reply from 207.44.182.13: bytes=32 time=57ms TTL=46 Reply from 207.44.182.13: bytes=32 time=53ms TTL=46 Reply from 207.44.182.13: bytes=32 time=52ms TTL=46 Reply from 207.44.182.13: bytes=32 time=51ms TTL=46 Ping statistics for 207.44.182.13:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 51ms, Maximum = 57ms, Average = 53ms 

Note, however, that some remote firewalls and routers have been configured to block ICMP packets (once commonly used to stage Denial of Service attacks), and you might see output like this:

 
 C:\>ping microsoft.com Pinging microsoft.com [207.46.245.222] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 207.46.245.222:     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss) 

You can also test the TCP/IP stack on the local network adapter by using the ping loopback or ping 127.0.0.1 command, as shown here:

 
 C:\>ping loopback Pinging a51svr3142.lab1.area51partners.com [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 0ms, Maximum = 0ms, Average = 0ms 

If pinging the loopback address works, but you cannot successfully ping an outside address, you might try pinging the default gateway for the specific computer. How do you know what the default gateway is? Look back at the output of the ipconfig/all command to gather this information. Pinging the default gateway's IP address lets you know if any problems you are having are being caused by the default gateway itself. Of course, the ipconfig/all command shows only the private IP address of the default gateway; you also need to know and ping the public IP address of publicly addressable gateways, such as border routers and firewalls.

nbtstat

If your problem seems to be WINS and NetBT specific, you might consider using the nbtstat command to gather information and troubleshoot the problem at hand. nbtstat can be used to display the local NetBIOS table on the computer, display the content of the local NetBIOS cache on the computer, or even purge the local NetBIOS cache.

You can use several different switches with nbtstat to determine how it returns information to you. Using the nbtstat -n command returns the local NetBIOS name table, as shown here:

 
 C:\>nbtstat -n Cluster: Node IpAddress: [0.0.0.0] Scope Id: []     No names in cache Administration: Node IpAddress: [192.168.0.123] Scope Id: []                 NetBIOS Local Name Table        Name               Type         Status     ---------------------------------------------     A51SVR3142     <00>  UNIQUE      Registered     LAB1           <00>  GROUP       Registered     A51SVR3142     <20>  UNIQUE      Registered     LAB1           <1E>  GROUP       Registered 

If you need to list the contents of the NetBIOS name cache, use the nbtstat -c command to produce the following output:

 
 C:\>nbtstat -c Cluster: Node IpAddress: [0.0.0.0] Scope Id: []     No names in cache Administration: Node IpAddress: [192.168.0.123] Scope Id: []                   NetBIOS Remote Cache Name Table         Name              Type       Host Address    Life [sec]     ------------------------------------------------------------     A51SVR3042.LAB1<2E>  UNIQUE          192.168.0.240       525     A51SVR3042     <20>  UNIQUE          192.168.0.240       97     W2KSVR001      <00>  UNIQUE          192.168.0.101       537 

To examine the NetBIOS name table of a remote computer, use the nbtstat -a RemoteComputerName command to produce the following output:

 
 C:\>nbtstat -a a51svr3042 Cluster: Node IpAddress: [0.0.0.0] Scope Id: []     Host not found. Administration: Node IpAddress: [192.168.0.123] Scope Id: []            NetBIOS Remote Machine Name Table        Name               Type         Status     ---------------------------------------------     A51SVR3042     <00>  UNIQUE      Registered     LAB1           <00>  GROUP       Registered     LAB1           <1C>  GROUP       Registered     A51SVR3042     <20>  UNIQUE      Registered     LAB1           <1B>  UNIQUE      Registered     LAB1           <1E>  GROUP       Registered     LAB1           <1D>  UNIQUE      Registered     ..__MSBROWSE__.<01>  GROUP       Registered     MAC Address = 00-E0-7D-C1-3E-0E 

To display a listing of client and server connections, use the nbtstat -s command to produce the following output:

 
 C:\>nbtstat -s Cluster: Node IpAddress: [0.0.0.0] Scope Id: []     No Connections Administration: Node IpAddress: [192.168.0.123] Scope Id: []                      NetBIOS Connection Table     Local Name       State      In/Out  Remote Host      Input   Output     --------------------------------------------------------------------     A51SVR3142 <00>  Connected  Out     W2KSVR001 <20>   97MB    92MB 

You can also clear the contents of the cache and reload it from the LMHOSTS file by using the nbtstat -R command. You must use an uppercase R in this command. To release and subsequently refresh name records on a WINS server, issue the nbtstat -RR command.

tracert

tracert is another of the old standby tools that network administrations have grown to love over time. tracert routes tracing from the source to the destination, showing all intermediate hops (routers) that are used to forward and deliver the packets to their destination. As well, tracert calculates how long each hop takes. The basic use of tracert yields output like the following:

 
 C:\>tracert mcseworld.com Tracing route to mcseworld.com [207.44.182.13] over a maximum of 30 hops:   1    16 ms    13 ms    22 ms  ip68-0-16-1.hr.hr.cox.net [68.0.16.1]   2    74 ms    47 ms    19 ms  68.10.8.41   3    19 ms    14 ms    16 ms  nrfksysr02-atm151103.hr.hr.cox.net [68.10.8.53]   4    16 ms    14 ms    35 ms  nrfkdsrc02-gew0304.rd.hr.cox.net [68.10.14.17]   5    17 ms    18 ms    12 ms  nrfkbbrc02-pos0101.rd.hr.cox.net [68.1.0.26]   6    18 ms    18 ms    18 ms  nrfkdsrc02-gew03010999.rd.hr.cox.net [68.1.0.31]   7    27 ms    24 ms    18 ms  ashbbbpc01pos0100.r2.as.cox.net [68.1.1.19]   8    23 ms    16 ms    28 ms  68.105.30.70   9    60 ms    53 ms    61 ms  hrndva1wcx2-pos0-0.wcg.net [64.200.89.1]  10    80 ms    54 ms    61 ms  drvlga1wcx2-pos4-0.wcg.net [64.200.232.125]  11    60 ms    51 ms    54 ms  drvlga1wcx1-oc48.wcg.net [64.200.127.49]  12    53 ms    61 ms    56 ms  dllstx1wcx3-oc48.wcg.net [64.200.240.21]  13    62 ms    61 ms    58 ms  dllstx1wcx2-pos10-0.wcg.net [64.200.110.133]  14    63 ms    56 ms    58 ms  hstntx1wce2-pos4-0.wcg.net [64.200.240.74]  15   124 ms    67 ms    56 ms hstntx1wce2-everyonesinternet-gige.wcg.net [65.77.93.54]  16    74 ms    55 ms    55 ms  39.ev1.net [207.218.245.39]  17    62 ms    56 ms    56 ms  www.mcseworld.com [207.44.182.13] Trace complete. 

pathping

The pathping command is a new tool first introduced in Windows 2000 that combines the capabilities of ping and tracert into one tool. pathping is used to gather information about network latency and network loss at the intermediate hops between the source and destination. It accomplishes this by sending multiple ICMP messages to each router between the source and destination over a period of time and then computing results based on the packets returned from each router. pathping can thus be used to quickly determine the operational status of each router or subnet the packets must cross. A pathping output is presented here:

 
[View full width]
 
[View full width]
C:\>pathping mcseworld.com Tracing route to mcseworld.com [207.44.182.13] over a maximum of 30 hops: 0 a51svr3142.lab1.area51partners.com [192.168.0.123] 1 ip68-0-16-1.hr.hr.cox.net [68.0.16.1] 2 ip68-0-16-1.hr.hr.cox.net [68.0.16.1] 3 nrfksysr02-atm151103.hr.hr.cox.net [68.10.8.53] 4 nrfkdsrc02-gew0304.rd.hr.cox.net [68.10.14.17] 5 nrfkbbrc02-pos0101.rd.hr.cox.net [68.1.0.26] 6 nrfkdsrc02-gew03010999.rd.hr.cox.net [68.1.0.31] 7 ashbbbpc01pos0100.r2.as.cox.net [68.1.1.19] 8 68.105.30.70 9 hrndva1wcx2-pos0-0.wcg.net [64.200.89.1] 10 drvlga1wcx2-pos4-0.wcg.net [64.200.232.125] 11 drvlga1wcx1-oc48.wcg.net [64.200.127.49] 12 dllstx1wcx3-oc48.wcg.net [64.200.240.21] 13 dllstx1wcx2-pos10-0.wcg.net [64.200.110.133] 14 hstntx1wce2-pos4-0.wcg.net [64.200.240.74] 15 hstntx1wce2-everyonesinternet-gige.wcg.net [65.77.93.54] 16 39.ev1.net [207.218.245.39] 17 host6.wfdns.com [207.44.182.13] Computing statistics for 425 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 a51svr3142.lab1.area51partners.com [192.168 .0.123] 0/ 100 = 0% 1 22ms 0/ 100 = 0% 0/ 100 = 0% ip68-0-16-1.hr.hr.cox.net [68.0.16.1] 0/ 100 = 0% 2 22ms 0/ 100 = 0% 0/ 100 = 0% ip68-0-16-1.hr.hr.cox.net [68.0.16.1] 0/ 100 = 0% 3 17ms 18/ 100 = 18% 18/ 100 = 18% nrfksysr02-atm151103.hr.hr.cox.net [68.10.8.53] 0/ 100 = 0% 4 20ms 0/ 100 = 0% 0/ 100 = 0% nrfkdsrc02-gew0304.rd.hr.cox.net [68.10.14.17] 0/ 100 = 0% 5 17ms 1/ 100 = 1% 1/ 100 = 1% nrfkbbrc02-pos0101.rd.hr.cox.net [68.1.0.26] 0/ 100 = 0% 6 23ms 2/ 100 = 2% 2/ 100 = 2% nrfkdsrc02-gew03010999.rd.hr.cox.net [68.1.0.31] 0/ 100 = 0% 7 26ms 1/ 100 = 1% 1/ 100 = 1% ashbbbpc01pos0100.r2.as.cox.net [68.1.1.19] 0/ 100 = 0% 8 24ms 0/ 100 = 0% 0/ 100 = 0% 68.105.30.70 0/ 100 = 0% 9 23ms 0/ 100 = 0% 0/ 100 = 0% hrndva1wcx2-pos0-0.wcg.net [64.200.89.1] 0/ 100 = 0% 10 35ms 0/ 100 = 0% 0/ 100 = 0% drvlga1wcx2-pos4-0.wcg.net [64.200.232.125] 0/ 100 = 0% 11 35ms 1/ 100 = 1% 1/ 100 = 1% drvlga1wcx1-oc48.wcg.net [64.200.127.49] 0/ 100 = 0% 12 53ms 1/ 100 = 1% 1/ 100 = 1% dllstx1wcx3-oc48.wcg.net [64.200.240.21] 0/ 100 = 0% 13 52ms 2/ 100 = 2% 2/ 100 = 2% dllstx1wcx2-pos10-0.wcg.net [64.200.110.133] 0/ 100 = 0% 14 58ms 0/ 100 = 0% 0/ 100 = 0% hstntx1wce2-pos4-0.wcg.net [64.200.240.74] 0/ 100 = 0% 15 59ms 0/ 100 = 0% 0/ 100 = 0% hstntx1wce2-everyonesinternet-gige.wcg.net [65.77.93.54] 0/ 100 = 0% 16 58ms 1/ 100 = 1% 1/ 100 = 1% 39.ev1.net [207.218.245.39] 0/ 100 = 0% 17 59ms 0/ 100 = 0% 0/ 100 = 0% mcseworld.com [207.44.182.13] Trace complete.

As you can see from this pathping output, the network connectivity between source and destination is overall very good. The only (small) problem appears to be that the router located at 68.10.8.53 is dropping about 18% of the packets sent to it; this, however, does not appear to be adversely affecting the transmission as a whole.

nslookup

The nslookup command can be used to look up and display information for troubleshooting DNS issues. nslookup , however, is not a simple tool that you can jump right into with a fair amount of DNS knowledge. Unlike other troubleshooting tools, nslookup has an interactive and noninteractive usage mode ”much the same as the netsh command.

When looking up a single item, you would be best off using the noninteractive mode by issuing a command similar to the following:

 
 nslookup mcseworld.com 192.168.0.100 

In this example, the first parameter specifies the DNS name or IP address of the computer you want to look up, and the second parameter specifies the DNS name or IP address of the DNS server you want to use. If you do not specify a DNS server, the default DNS server for the requesting computer will be used. This sample nslookup query might return a result such as this:

 
 U:\>nslookup mcseworld.com 192.168.0.100 Server:  w2ksvr001.dontpanic.local Address:  192.168.0.100 Non-authoritative answer: Name:    mcseworld.com Address:  207.44.182.13 

If you need to look up multiple pieces of information or more complex information, such as information about specific resource records contained in a zone, you need to use nslookup in interactive mode. You can see how interactive mode can be used to gain more advanced information, such as the list of all name servers (NS resource record) and mail exchangers (MX resource record) for the microsoft.com zone.

 
 U:\>nslookup Default Server:  w2ksvr001.dontpanic.local Address:  192.168.0.100 > server ns2.hr.cox.net Default Server:  ns2.hr.cox.net Address:  68.10.16.25 > set type=ns > microsoft.com Server:  ns2.hr.cox.net Address:  68.10.16.25 Non-authoritative answer: microsoft.com   nameserver = dns1.tk.msft.net microsoft.com   nameserver = dns3.uk.msft.net microsoft.com   nameserver = dns1.cp.msft.net microsoft.com   nameserver = dns1.sj.msft.net dns1.cp.msft.net        internet address = 207.46.138.20 dns1.sj.msft.net        internet address = 65.54.248.222 dns1.tk.msft.net        internet address = 207.46.245.230 dns3.uk.msft.net        internet address = 213.199.144.151 > set type=mx > microsoft.com Server:  ns2.hr.cox.net Address:  68.10.16.25 : microsoft.com   MX preference = 10, mail exchanger = mailb.microsoft.com microsoft.com   MX preference = 10, mail exchanger = mailc.microsoft.com microsoft.com   MX preference = 10, mail exchanger = maila.microsoft.com microsoft.com   nameserver = dns1.cp.msft.net microsoft.com   nameserver = dns1.sj.msft.net microsoft.com   nameserver = dns1.tk.msft.net microsoft.com   nameserver = dns3.uk.msft.net maila.microsoft.com     internet address = 131.107.3.124 maila.microsoft.com     internet address = 131.107.3.125 mailb.microsoft.com     internet address = 131.107.3.123 mailb.microsoft.com     internet address = 131.107.3.122 mailc.microsoft.com     internet address = 131.107.3.121 mailc.microsoft.com     internet address = 131.107.3.126 dns1.cp.msft.net        internet address = 207.46.138.20 dns1.sj.msft.net        internet address = 65.54.248.222 dns1.tk.msft.net        internet address = 207.46.245.230 dns3.uk.msft.net        internet address = 213.199.144.151 > 

The Non-authoritative answer label indicates that this information was retrieved from the selected DNS server's local cache and was not directly queried as a result of the nslookup query.

You can exit interactive mode at any time by typing exit .

The nslookup command has an extremely large feature set, too large to do justice to it here in this space. You can get more information on the full use and functionality of nslookup at www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/standard/nslookup.asp.



MCSE Windows Server 2003 Network Infrastructure (Exam 70-293)
MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)
ISBN: 0789736500
EAN: 2147483647
Year: 2003
Pages: 151
Authors: Will Schmied

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net