Two General Question

[David]

I am an entrance-level system administrator. I have two
questions that need help:

1). when I use "nslookup PCName", how come I don't get
the IP address associate with the PC called "PCName"? I
got this error message:

C:\>nslookup PCName
Server: caprd.dcaccs.com
Address: 89.0.10.50

*** caprd.dcaccs.com can't find PCName: Non-existent domain

Is there any services (like WIN server, etc) I should
install on the Win 2k server inorder for this to work?

2). I found there's a PC in our network using an IP
address that we system administrator never assigned to.
We can ping the IP address, but we just can't figure where
this PC is. Is there any way we can find out the physical
location of this PC without just disactivate this IP from
the server?

Thank you for your advice.

 

[William Stacey]

Check your search list in nslookup or use fqdn such as "nslookup
pcname.mydomain.com.".
Start nslookup in interactive mode. type in "set all" and view the srchlist
entry. This will be appended to all non-fqdns.
--wjs

 

[Herb Martin]

I am an entrance-level system administrator. I have two
questions that need help:

ENTRY-level -- You probably don't stand around the

1). when I use "nslookup PCName", how come I don't get
the IP address associate with the PC called "PCName"? I
got this error message:

C:\>nslookup PCName
Server: caprd.dcaccs.com
Address: 89.0.10.50

*** caprd.dcaccs.com can't find PCName: Non-existent domain

It's a FAQ but unforntunately there is no easy way to tell
this to all new admins -- it's an artifcact (feature or bug) of
the way NSLookup works. Generally ignore it.

NSLookup tries toe "reverse" the IP of the DNS server before
it actually does the lookup (even if you give a DNS server NAME).
If this fails, you receive a big, scary ERROR NOTICE for something
you probably didn't even care about.

Below this, you will find your actual query answered OR the actual
problem (like nothing found....)

Is there any services (like WIN server, etc) I should
install on the Win 2k server inorder for this to work?

You could install a reverse zone and address/name PTR
record for the server (if you control the zone) but it is easier
to just ignore the error.

[It is most annoying in "phone support" when you cannot get
the other person to stop looking at and reading that error to

2). I found there's a PC in our network using an IP
address that we system administrator never assigned to.
We can ping the IP address, but we just can't figure where
this PC is. Is there any way we can find out the physical
location of this PC without just disactivate this IP from
the server?

First, that PC must be on a segment with other machines of
the same Subnet -- so presuming you use a subnet of "Class
C" size or smaller, e.g., 192.168.2.x you only have ONE
segment and at most 254 machines to check.

It won't ping correctly unless it is on that segment.

Then if you use something like NMap to scan this range and
identify (perhaps with reverse lookups) all the "authorized"
machines you can pair it down.

NMap is a free download from Insecure.org

 

[William Stacey]

This does not look like the typical reverse error on server name. It looks
like nslookup did do the reverse on server name ok as shown by the IP. It
gave him an NXDOMAIN msg on the name supplied. Therefore, I would check the
suffix to see what query nslookup is sending and then check that zone.

--
William Stacey, DNS MVP

I am an entrance-level system administrator. I have two
questions that need help:

ENTRY-level -- You probably don't stand around the

1). when I use "nslookup PCName", how come I don't get
the IP address associate with the PC called "PCName"? I
got this error message:

C:\>nslookup PCName
Server: caprd.dcaccs.com
Address: 89.0.10.50

*** caprd.dcaccs.com can't find PCName: Non-existent domain

It's a FAQ but unforntunately there is no easy way to tell
this to all new admins -- it's an artifcact (feature or bug) of
the way NSLookup works. Generally ignore it.

NSLookup tries toe "reverse" the IP of the DNS server before
it actually does the lookup (even if you give a DNS server NAME).
If this fails, you receive a big, scary ERROR NOTICE for something
you probably didn't even care about.

Below this, you will find your actual query answered OR the actual
problem (like nothing found....)

Is there any services (like WIN server, etc) I should
install on the Win 2k server inorder for this to work?

You could install a reverse zone and address/name PTR
record for the server (if you control the zone) but it is easier
to just ignore the error.

[It is most annoying in "phone support" when you cannot get
the other person to stop looking at and reading that error to

2). I found there's a PC in our network using an IP
address that we system administrator never assigned to.
We can ping the IP address, but we just can't figure where
this PC is. Is there any way we can find out the physical
location of this PC without just disactivate this IP from
the server?

First, that PC must be on a segment with other machines of
the same Subnet -- so presuming you use a subnet of "Class
C" size or smaller, e.g., 192.168.2.x you only have ONE
segment and at most 254 machines to check.

It won't ping correctly unless it is on that segment.

Then if you use something like NMap to scan this range and
identify (perhaps with reverse lookups) all the "authorized"
machines you can pair it down.

NMap is a free download from Insecure.org

 

[Herb Martin]

This does not look like the typical reverse error on server name. It looks
like nslookup did do the reverse on server name ok as shown by the IP. It
gave him an NXDOMAIN msg on the name supplied. Therefore, I would check the
suffix to see what query nslookup is sending and then check that zone.

I believe you are correct -- my mistake.

 

[Ace Fekay [MVP]]

In

I believe you are correct -- my mistake.

As far as searching the ghost IP, ping the IP, then do an arp -a and it will
show the MAC address, then if there's a switch in place, you can go into the
switch's adminstrative program and determine what port it's sitting on.
Assuming all this, and that each port is mapped to a specific RJ45 jack, you
can trace the machine down by the jack.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory