Is this a DNS issue or something else?

Our DNS server appears to be working OK, no errors show in the DNS event
log, PTR and A records are created OK.

We have a software application that has to run on computers with a static IP
so all machines are configured this way.
The IP will be 192.168.1.xxx, subnet: 255.255.255.0 , gateway 192.168.1.1,
DNS: 192.168.1.220

All workstations work fine. We've been replacing some of the older machines
and have noticed if we reuse an IP address that has been used in the past,
the machine works fine on the LAN (it can be seen and it can see others,
access servers, network applications work fine etc) but the machine times
out when loading a web page.
If I ping google.com, it will resolve to an IP OK but we get no respose
back. If I tracert it gets to the router (192.168.1.1) then we get time
outs.
If I simply change the IP on the machine to one that has never been used
before, web pages load OK!

I figure that as the DNS server seems to be behaving (as I say all other
machines are working fine and no errors are logged in DNS) and packets are
getting to the router, is it likely that the router is dropping packets?
On the router I can see the machine name, it's IP and MAC, all are correct.

Any thoughts?

Hello Bob,

If your DNS zones doesn't use aging/scavenging or you didn't cleanup old
entries manual it can be that the ip address is listed for an old removed
machine and so the new machine cannot update the record on the zone.

So if you use an "old" ip address on a new machine make sure all records
in DNS zones are deleted and check if the new machines registers correct.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Our DNS server appears to be working OK, no errors show in the DNS
> event log, PTR and A records are created OK.
>
> We have a software application that has to run on computers with a
> static IP
> so all machines are configured this way.
> The IP will be 192.168.1.xxx, subnet: 255.255.255.0 , gateway
> 192.168.1.1,
> DNS: 192.168.1.220
> All workstations work fine. We've been replacing some of the older
> machines
> and have noticed if we reuse an IP address that has been used in the
> past,
> the machine works fine on the LAN (it can be seen and it can see
> others,
> access servers, network applications work fine etc) but the machine
> times
> out when loading a web page.
> If I ping google.com, it will resolve to an IP OK but we get no
> respose
> back. If I tracert it gets to the router (192.168.1.1) then we get
> time
> outs.
> If I simply change the IP on the machine to one that has never been
> used
> before, web pages load OK!
> I figure that as the DNS server seems to be behaving (as I say all
> other
> machines are working fine and no errors are logged in DNS) and packets
> are
> getting to the router, is it likely that the router is dropping
> packets?
> On the router I can see the machine name, it's IP and MAC, all are
> correct.
> Any thoughts?
>

>
>
> Our DNS server appears to be working OK, [...]
>
> All workstations work fine. [...]
>
So it's not a DNS issue.

> If I tracert it gets to the router (192.168.1.1) then we get time
> outs. If I simply change the IP on the machine to one that has never
> been used before, [...]
>
This is a NAT issue, and possibly also an ARP issue on your router.

Thanks for the replies...
Scavenging is set in DNS, records are updated.

So I'll focus my angst against the router!

Many thanks MW and JdB!

"Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote
in message
news: lard.localhost...
> >
>>
>> Our DNS server appears to be working OK, [...]
>>
>> All workstations work fine. [...]
>>
> So it's not a DNS issue.
>
>> If I tracert it gets to the router (192.168.1.1) then we get time outs.
>> If I simply change the IP on the machine to one that has never been used
>> before, [...]
>>
> This is a NAT issue, and possibly also an ARP issue on your router.
>

"bob" <> wrote in message
news:uOAr%...
> Thanks for the replies...
> Scavenging is set in DNS, records are updated.
>
> So I'll focus my angst against the router!
>
> Many thanks MW and JdB!
>


Bob,

What type of router/firewall is it?

Are you using ISA?

Can you post an ipconfig /all of a machine that is working and not working
after you change the IP?

When you say you are re-using an IP, are your machines configured statically
or DHCP?

If using DHCP, even if Scavenging is enabled, when a new IP is provided to a
machine, it cannot update the old IP and may cause multiple entries in DNS
so the records will remain. The machine would have to update itself, since
it owns the record. Kerberos authentication is used when a machine performs
this task with a zone set to Secure ONly updates. So if you give another
machine an IP as such, it cannot update its own record because the SID is
different, hence why Meinolf said you have to manually delete it. If using
DHCP, you have to configure DHCP with credentials and configure DHCP to
*force* all updates whether a machine can do it or not (DHCP properties, DNS
tab) in order to own the records and update any changes.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

>
>
> If using DHCP, even if Scavenging is enabled, when a new IP is
> provided to a machine, it cannot update the old IP and may cause
> multiple entries in DNS so the records will remain.
>
Symptoms of that would be various problems in local operation, though.
Xe did say that local operations over the LAN, including machines being
able to "see" one another (presumably meaning all with the correct IP
addresses), were all working just fine.

Of greater interest, perhaps, is what xe said about the router knowing
the IP addresses, MAC addresses, and domain names of machines that are
supposedly statically configured and not using DHCP.

"Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote
in message
news: lard.localhost...
> >
>>
>> If using DHCP, even if Scavenging is enabled, when a new IP is provided
>> to a machine, it cannot update the old IP and may cause multiple entries
>> in DNS so the records will remain.
>>
> Symptoms of that would be various problems in local operation, though. Xe
> did say that local operations over the LAN, including machines being able
> to "see" one another (presumably meaning all with the correct IP
> addresses), were all working just fine.
>
> Of greater interest, perhaps, is what xe said about the router knowing the
> IP addresses, MAC addresses, and domain names of machines that are
> supposedly statically configured and not using DHCP.
>


The latter paragraph worries me, for it may indicate that the router is
being used as a DNS IP address in internal machines' IP properties, however
Bob did state that the DNS address is 192.168.1.220, and the gateway
(assuming firewall), is 192.168.1.1, so I'm not too worried now.

As for tracerts timing out at the router, it indicates to me it's more than
just a router, and possibly a true firewall such as a Cisco ASA, Pix,
Sonicwall, etc. If this is the case, to allow the use of the tracert command
would require additional acces rules to be allowed, such as (going on
memory) ICMP echo, source quench, and time-exceeded and possibly
'unreachable' (however, if I remember correctly, I've found "unreachable" is
not really needed), to be added to the firewall rules.

Ace



Ace

"Jonathan de Boyne Pollard" <J.deBoynePollard-> wrote
in message
news: lard.localhost...
> Of greater interest, perhaps, is what xe said about the router knowing
> the IP addresses, MAC addresses, and domain names of machines that are
> supposedly statically configured and not using DHCP.
>
>
> The latter paragraph worries me, for it may indicate that the router is
> being used as a DNS IP address in internal machines' IP properties,
> however Bob did state that the DNS address is 192.168.1.220, and the
> gateway (assuming firewall), is 192.168.1.1, so I'm not too worried now.
>
>
> It's not the DNS server that's the most interesting. I have several
> hypotheses, one of which is that there's a DHCP server on that router,
> whose tables are fully populated with all of that information but that is
> nonetheless unused because all of the machines are statically, not
> dynamically, configured.
>
> If this is the case, to allow the use of the tracert command would
> require additional acces rules to be allowed, [...]
>
> Yes, not routing the outbound ICMP/IP traffic is one possibility. So, too,
> however, is mis-routing the inbound reply traffic, as a consequence of
> several possible things. Depending from what the device is, it could be
> doing one of a number of things.
>
>
>


Good points. I'm starting to have a feeling it is a Verizon router, the type
that comes with FIOS and some SDSL solutions. They are linux based. The
reason I have a feeling it's one of them is based on the statement that
"the router knowing the IP addresses ..." because those units compiles a
list of internal IPs based on inbound/outbound traffic. When I first had
FIOS installed, Verizon provided one of those router/firewalls. I changed it
to a PIX shortly afterwards. Looking at the router's control panel, it
showed me all my internal machines listed by IP and MAC.

Ace