ping -a reverse lookup of local IP

msmenne17 · ‎06-13-2007

This is more of a Windows (2000 and 2003) problem, but I can duplicate it in a VM and a Physical environment.

Two NICs (different IPs/subnets)

One for production, the other for backups

hostname: testserver.example.com

DNS Name: testserver.example.com

Production IP Address: 10.1.1.2

Backcup IP Address: 192.168.1.2

DNS Name for backup testserverbk.example.com

Here is the problem:

We're using Commvault for our backup product. Commvault's agent on the server verifies the IP address and DNS name match by using something similar to ping -a.

On the server/vm itself:

ping -a 10.1.1.2 results in the following:

C:\>ping -a 10.1.24.161

Pinging testserver.example.com \[10.1.1.2] with 32 bytes of data:

Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2: bytes=32 time<1ms TTL=128
Reply from 10.1.1.2.: bytes=32 time<1ms TTL=128

C:\>ipconfig /flushdns

Here's where the problem comes in:
C:\>ping -a 192.168.1.2

Pinging testserver.example.com \[192.168.1.2] with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
C:\>nslookup testserverbk.example.com

C:\>nslookup 192.168.1.2

Server: ns1.example.com

Address: 10.1.1.1

Name: testserverbk.example.com

Address: 192.168.1.2

If I use a HOSTS file entry, all is well and good. Only trouble is I have 2000 servers to deploy that to. It's an option, but not ideal.

I did find the host name resolution priorities, but changing them (and rebooting in between) produced the same results.

HKLM\System\CurrentControlSet\Services\TCPIP\ServiceProvider

http://support.microsoft.com/kb/139270/EN-US/

The article only references Win95 and NT4, but the reg keys are still there. I don't know if they have any effect or not. Everything I've tested so far suggests that they have no effect.

It seems that no matter what the rules are, Windows always returns the FQDN of the hostname when I try to ping a local address.

I did a couple network traces with Network Monitor. I do not see that ping -a even tries to query the DNS server. I do see traffic in Network Monitor if I do an nslookup for that server or IP though.

Any ideas (other than HOSTS file)?

masaki · ‎06-15-2007

DNS can't balance entries so you have to use different subdomains for each ip if you want to resolve them.

So:

Server: ns1.example.example1.com

Address: 10.1.1.1

Name: testserverbk.example.example2.com

Address: 192.168.1.2

avarcher · ‎06-15-2007

I'm sure that if you configure your DNS for reverse lookups and have the the hostnames in the DNS reflect the ones you want to use it will work. Or investigate if Commvault can do an alternative discovery.

peetz · ‎06-15-2007

It looks like there is a reverse lookup entry for 192.168.1.2 pointing to testserver.example.com on your DNS server(s). Clean this up.

Configure the backup NIC to NOT register its IP with the DNS server.

Then define the name (A) and the reverse lookup (PTR) entry for this NIC manually on the DNS server.

\- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de

msmenne17 · ‎06-15-2007

All of our DNS entries ARE configured for A (forward ) and PTR (reverse) lookups.

If you look at the example provided, I did an nslookup on the IP. It came back with the correct name.

As a verification, I disabled the second NIC (so that Windows knows nothing about the IP). Issuing a ping -a at that point returns the correct name (with no reply of course). As soon as I re-enable the NIC, it returns the host name. The name returned has the EXACT capitalization of the hostname as defined in the Computer Name tab in My Computer .. Properties (TESTSERVER.Example.Com).

The backup NIC is not configured to regsiter with DNS. Doing nslookup verifies that the DNS A and PTR records are correct. The backup NIC has no gateway and the network is isolated.

msmenne17 · ‎06-15-2007

I just opened a case with Microsoft. I spoke with them for about an hour and they are able to reproduce the problem without doing anything different.

Now begs the question of what their response is. My guess is "it's by design". I don't buy that answer so we'll see what comes of it.

FredPeterson · ‎06-15-2007

You're not using WINS by chance are you? If so, get it the heck out of your network design!

msmenne17 · ‎06-18-2007

We are using WINS (old NT4 leftovers), but that's not the issue.

If WINS was responding, it would respond with only the HOSTNAME (TEST) and not TEST.Example.Com. It is a fullty qualified domain name and the capitalization happens to correspond to the hostname under My Computer ... Properites under the Computer Name tab.