#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2011
    Posts
    1
    Rep Power
    0

    Bad DNS record getting into DNS Client Cache


    Hello,

    my question
    Is there a way to check or record from where the Windows XP pro workstation is getting the wrong IP address and placing it into its DNS cache?

    Scenario
    We are connected to a multiple forest/domain network. All of our user workstations run Windows XP using DHCP and DNS Client. There are two databases our users access that are not on our domain. Through DHCP we append these DNS suffixes:
    OurCompany.net
    OurCompany.com
    Company_A.com
    Company_B.net
    Company_B.com

    About 100 of our users must access a database multiple times a day on Company_A.com network.
    Company_A is not on a trusted domain. Via group policies we map a V. to \\databaseserver1.Company_A.com\DatabaseRecord
    We also have OBDC setup to access the database above.

    Our users are accessing records and images of documents on the database above. Most of the time there is no problem accessing the images. About 5 times a week we get a call from one of our users where they no longer can access the images on this server. The user have already looked at 3 document images in the last 2 minutes and when they go to look at image 4 nothing happens.
    We have discovered if we flush the DNS cache the user can start accessing the images on this database.
    For example purposes the correct IP address for the server above would be 172.16.99.100 but when the workstation starts having the problem and we ping databaseserver1 it is sending the ping request from 198.140.240.14 .
    Is there a way to check or record from where the Windows XP pro workstation is getting the wrong IP address and placing it into its DNS cache?

    Thanks for your assistance,
    Greg
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Location
    Florida
    Posts
    248
    Rep Power
    4
    The tool best used in Windows would be "nslookup" on the command line. It can be used to simulate queries to the name servers. You can find the name servers the PC is using by the "ipconfig /all" command.

    The Windows resolver will only query the name servers listed in the ipconfig section. If none are listed, queries are broadcasted, so that can cause some confusion if DHCP was not set up properly and missing DNS data. That can also cause conflicting or inconsistent answers. Now if a program is set to query a specific server, that will bypass what Windows has for DNS servers altogether.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2011
    Posts
    15
    Rep Power
    0
    If you really want to see queries and responses at the network level you should use a packet capture/analysis tool like wireshark.

    This will show you exactly what is being queried for and where the response is coming from. Wireshark is a very good protocol decoder and should display your DNS packets in a meaningful way.

IMN logo majestic logo threadwatch logo seochat tools logo