"Rogue" IP address?

[Jim Wray]

I've tried without success to figure this out...perhaps one of you network
guru's can help.

I have four computers on my Windows 2000 home network connected by a switch
behind a firewall appliance. I can see all of the computers by their machine
name on NETWORK PLACES. I can ping them all from the command line using
their IP addresses. I can ping three of them from the command line using
their machine name. BUT, when I try to ping the fourth by it's machine name
(heather) I get the following message: Pinging heather.earthlink.net
[204.250.137.xxx] with 32 bytes of data: followed by four request timed out
messages. Earthlink is in fact my ISP.

Pinging the machines that work I get a slightly different message format:
Pinging ashley [192.168.1.xxx] with 32 bytes of data followed by four
successful ping responses.

On the machine that's not working, why does it respond with "earthlink.net
[204.250.137.xxx]" appended to the machine name...is that the expected
response format for a failed ping and more importantly where is that
204.250.137.xxx address coming from...that is a public address that I have
no idea what it is doing there and why it is being associated with an
internal machine.

Obviously this is not causing any real problems - the computer works
perfectly and communicates with the internet as it should - but I am at a
loss to explain it and since I'm trying to learn something about networks I
think I need to understand what is causing this situation.


I'd be most appreciative for any feedback.

 

[Phillip Windell]

I am assuming this is a simple home network,...no domain,...no DNS

On all the machines go into the TCP/IP Properties, click the Advanced
Button, go to the DNS Tab,

Remove any Suffixes listed in "Append these DNS Suffixes (in order"
Clear out the "DNS suffix for this connection"
Uncheck "Use this connection's DNS Suffix in DNS registration"

It should be ok to have enabled:
1. "Append primary and connection specific DNS suffixes", and the
checkbox below that.
2. "Register this connection's address in DNS"

Thse are the Default Settings and mine is working just fine with them.

 

[Jim Wray]

Thanks for the response. All of the settings on all of the machines were set
as you described so there's no change in the issue I described.

 

[Doug Sherman [MVP]]

Hmmm - apparently there really is a machine called heather.earthlink.net
with a public IP of 204.250.137.110, and earthlink indeed owns this address.

Try:

1. Configure heather with a static IP.

2. Use Notepad to open C:\WINNT\System32\drivers\etc\hosts

3. Add this line: <IPaddressofHeather> heather

4. Save the file - if it gets saved as hosts.txt, rename it to hosts with
no extension.

5. Run ipconfig /flushdns

6. Ping heather

Doug Sherman
MCSE, MCSA, MCP+I, MVP

 

[Jim Wray]

Well, that makes sense and it's the last thing I would have thought of. A
further question - why doesn't the local name and IP resolve first? I know
the name resolution process will check the host file first and I would have
thought it would look wherever it looks for local computers not in the host
file second. Of course I don't have a DNS machine on my little LAN - is that
the reason? I suppose all I'm using is the name resolution netbios provides?
If so, I suppose that means there are no machines on earthlink that have the
same name as my other computers.
thanks
--


<Smith&Wesson...the original point and click interface>

Hmmm - apparently there really is a machine called heather.earthlink.net
with a public IP of 204.250.137.110, and earthlink indeed owns this address.

Try:

1. Configure heather with a static IP.

2. Use Notepad to open C:\WINNT\System32\drivers\etc\hosts

3. Add this line: <IPaddressofHeather> heather

4. Save the file - if it gets saved as hosts.txt, rename it to hosts with
no extension.

5. Run ipconfig /flushdns

6. Ping heather

Doug Sherman
MCSE, MCSA, MCP+I, MVP

I've tried without success to figure this out...perhaps one of you network
guru's can help.

I have four computers on my Windows 2000 home network connected by a switch
behind a firewall appliance. I can see all of the computers by their machine
name on NETWORK PLACES. I can ping them all from the command line using
their IP addresses. I can ping three of them from the command line using
their machine name. BUT, when I try to ping the fourth by it's machine name
(heather) I get the following message: Pinging heather.earthlink.net
[204.250.137.xxx] with 32 bytes of data: followed by four request timed out
messages. Earthlink is in fact my ISP.

Pinging the machines that work I get a slightly different message format:
Pinging ashley [192.168.1.xxx] with 32 bytes of data followed by four
successful ping responses.

On the machine that's not working, why does it respond with "earthlink.net
[204.250.137.xxx]" appended to the machine name...is that the expected
response format for a failed ping and more importantly where is that
204.250.137.xxx address coming from...that is a public address that I have
no idea what it is doing there and why it is being associated with an
internal machine.

Obviously this is not causing any real problems - the computer works
perfectly and communicates with the internet as it should - but I am at a
loss to explain it and since I'm trying to learn something about

networks

I
think I need to understand what is causing this situation.


I'd be most appreciative for any feedback.

 

[Kurt]

Many ISPs provide their own domain suffix to a host (in your case your
router) when it gets it's DHCP configuration. There probably is a computer
at earthlink with that name. XP and 2000 both atempt to resolve names
through DNS by default. If you're not running your own DNS server, and your
router is acting as a proxy, it will query it's DNS server using the domain
suffix provided in it's configuration info. Try "nslookup heather" and see
which DNS server resolves the name.

....kurt

 

[Jim Wray]

Very good...that helps me see what is actually happening. when I nslookup
heather it does in fact identify heather.earthlink.net using an earthlink
DNS machine. If I nslookup one of the other computers it uses the same
earthlink DNS machine but can't find the computer which is exactly what I'd
expect based on this and previous answers.

Many thanks for helping me understand a bit more of the wonderful world of
networks.

--


<Smith&Wesson...the original point and click interface>

Many ISPs provide their own domain suffix to a host (in your case your
router) when it gets it's DHCP configuration. There probably is a computer
at earthlink with that name. XP and 2000 both atempt to resolve names
through DNS by default. If you're not running your own DNS server, and your
router is acting as a proxy, it will query it's DNS server using the domain
suffix provided in it's configuration info. Try "nslookup heather" and see
which DNS server resolves the name.

...kurt

I've tried without success to figure this out...perhaps one of you network
guru's can help.

I have four computers on my Windows 2000 home network connected by a
switch
behind a firewall appliance. I can see all of the computers by their
machine
name on NETWORK PLACES. I can ping them all from the command line using
their IP addresses. I can ping three of them from the command line using
their machine name. BUT, when I try to ping the fourth by it's machine
name
(heather) I get the following message: Pinging heather.earthlink.net
[204.250.137.xxx] with 32 bytes of data: followed by four request timed
out
messages. Earthlink is in fact my ISP.

Pinging the machines that work I get a slightly different message format:
Pinging ashley [192.168.1.xxx] with 32 bytes of data followed by four
successful ping responses.

On the machine that's not working, why does it respond with "earthlink.net
[204.250.137.xxx]" appended to the machine name...is that the expected
response format for a failed ping and more importantly where is that
204.250.137.xxx address coming from...that is a public address that I have
no idea what it is doing there and why it is being associated with an
internal machine.

Obviously this is not causing any real problems - the computer works
perfectly and communicates with the internet as it should - but I am at a
loss to explain it and since I'm trying to learn something about networks
I
think I need to understand what is causing this situation.


I'd be most appreciative for any feedback.

 

[Phillip Windell]

Well, that makes sense and it's the last thing I would have thought of. A
further question - why doesn't the local name and IP resolve first?

There is no such thing as "local" with DNS.
DNS simply reports what is in its database,...and you are using Earthlink's
DNS Server,...hence you get what is stored in its database.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------