How do I track down which server is resolving my DNS query?

[Guest]

I have node that I recently removed. While it was up, I could get good name
resolution if I pinged it with FQDN. If I pinged it with just the host name,
the IP address came back with an incorrect ip address(in truth the ip address
was one that the node was given by the DHCP server while it was being built,
but it was changed to a static address once the node was completed.) I have
now removed the node from the network. Now when I ping it via FQDN, it says
to check the name and try again(which is correct and what I was expecting),
but if I ping just the host name, it resolves to an IP address that was the
original IP address given out by DHCP when the node was being built and of
course fails the ping since there is nothing at that address.

We removed WINS from our domain. cccc.bbbb.com Our parent domain bbbb.com
still uses WINS.

How can I determine 'who' is replying to my resolution query when I just
ping the node by host name? I need to know where this incorrect ip
information is coming from.

 

[Herb Martin]

I have node that I recently removed. While it was up, I could get good name
resolution if I pinged it with FQDN. If I pinged it with just the host name,
the IP address came back with an incorrect ip address(in truth the ip address
was one that the node was given by the DHCP server while it was being built,
but it was changed to a static address once the node was completed.) I have
now removed the node from the network. Now when I ping it via FQDN, it says
to check the name and try again(which is correct and what I was expecting),
but if I ping just the host name, it resolves to an IP address that was the
original IP address given out by DHCP when the node was being built and of
course fails the ping since there is nothing at that address.

We removed WINS from our domain. cccc.bbbb.com Our parent domain bbbb.com
still uses WINS.

It's unclear what you actual problem is -- I got lost
reading "it" too many times in the above paragraphs.

But I can probably direct you to the toolset for figuring this out.
See below...


One a side note:

Although this may sound silly, one IMPORTANT method in troubleshooting
(thinking) is to remove ALL "pronoun's" from the description and replace
all generic verb phrases (broken, not working, etc) with very specific
-- as specific as possible -- words, e.g., "responds with xyz", "timeout
with no response...

How can I determine 'who' is replying to my resolution query when I just
ping the node by host name? I need to know where this incorrect ip
information is coming from.

There are four general resolution locations, and a few variations:

DNS Server
lmhosts file
WINS Server
hosts file (might be overriding DNS especially with a partial used)

Varitions include:

Broadcasts might resolve NetBIOS names (and even be used by a DNS
queries but it is wstill a NetBIOS broadcast), and caching also
enters into both DNS and NetBIOS name resolution.

NSLookup lets you check EACH DNS server indvidually.

nslookup NAME DNS_SERVER_IP_ToUSE

NBTStat -r lets you check NetBIOS names resolve by either broadcast or
WINS request

IPConfig /displayDNS checks the DNS client side cache

Putting even one dot in a name disables the use of NetBIOS METHODS
to resolve DNS, so one possibility with a "short name" is that the
broadcast is doing the resolution (since you removed WINS.)

BTW, if you have more than one SUBNET (e.g., interal routers) then
you likely NEED WINS Server and need every machine to be a WINS
client.

 

[Kevin D. Goodknecht Sr. [MVP]]

I have node that I recently removed. While it was up, I could get
good name resolution if I pinged it with FQDN. If I pinged it with
just the host name, the IP address came back with an incorrect ip
address(in truth the ip address was one that the node was given by
the DHCP server while it was being built, but it was changed to a
static address once the node was completed.) I have now removed the
node from the network. Now when I ping it via FQDN, it says to check
the name and try again(which is correct and what I was expecting),
but if I ping just the host name, it resolves to an IP address that
was the original IP address given out by DHCP when the node was being
built and of course fails the ping since there is nothing at that
address.

We removed WINS from our domain. cccc.bbbb.com Our parent domain
bbbb.com still uses WINS.

How can I determine 'who' is replying to my resolution query when I
just ping the node by host name? I need to know where this incorrect
ip information is coming from.

Search your WINS database for the IP address to find the record that has the
IP, you have to use the find IP with the search tool. Just looking in the UI
you may not see the record, WINS records can have mutltiple IP addresses.
Find the record, Tombsone it, then run nbtstat -RR on the machine with the
bad record. You may find several records like that delete and re-register
them all.