Announcement

Collapse
No announcement yet.

Routing? DNS? What the hell?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Routing? DNS? What the hell?

    Ok, I have never seen this before so I hope somebody can help.

    I was troubleshooting Group Policy Drive map problems when I saw an error that indicated the laptop in question couldn't connect to a domain controller. The first thing to check is that it's on the domain and network so I did an ipconfig and a ping.

    The ipconfig came back OK with an IP address in the the right subnet, correct gateway, DHCP Server, DNS Servers etc.

    The ping however came back thus:

    C:\Windows\System32\drivers\etc>ping srv-sbs

    Pinging srv-sbs [10.168.34.3] with 32 bytes of data:
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.

    Ping statistics for 10.168.34.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


    now as you can see the name resolved correctly to 10.186.34.3 but the reply came from 188.39.1.26

    just to confirm DNS is working i did

    ipconfig /flushdns

    nslookup srv-sbs

    the reponse was:

    C:\Windows\System32\drivers\etc>nslookup srv-sbs
    Server: srv-sbs.ubbink.office
    Address: 10.186.34.3

    Name: srv-sbs.UBBINK.OFFICE
    Address: 10.186.34.3


    so it can get to the server for DHCP (it got the correct DNS suffix, an IP address in the correct range and the correct DNS servers) it can complete DNS queries using this server, but not ping it...

    a tracert gave this output:

    C:\Windows\System32\drivers\etc>tracert srv-sbs

    Tracing route to srv-sbs [10.168.34.3]
    over a maximum of 30 hops:

    1 3 ms 1 ms 1 ms peplink.ubbink.office [10.186.34.6]
    2 3 ms 1 ms 1 ms 78-33-183-49.static.enta.net [78.33.183.49]
    3 28 ms 27 ms 26 ms lns17.inx.dsl.enta.net [188.39.1.26]
    4 lns17.inx.dsl.enta.net [188.39.1.26] reports: Destination host unreachabl
    .

    Trace complete.


    10.186.34.6 is the default gateway - so why is an internal IP address being directed to the gateway?

    Route PRINT gave this:

    C:\Windows\System32\drivers\etc>route print
    ================================================== =========================
    Interface List
    13...5c ac 4c fb ee 9c ......Bluetooth Device (Personal Area Network)
    12...f0 4d a2 a4 74 9b ......Broadcom NetXtreme 57xx Gigabit Controller
    11...58 94 6b 0e 9d 70 ......Intel(R) Centrino(R) Advanced-N 6200 AGN
    1...........................Software Loopback Interface 1
    15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
    22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
    17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ================================================== =========================

    IPv4 Route Table
    ================================================== =========================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.186.34.6 10.186.34.41 25
    10.186.34.0 255.255.255.0 On-link 10.186.34.41 281
    10.186.34.41 255.255.255.255 On-link 10.186.34.41 281
    10.186.34.255 255.255.255.255 On-link 10.186.34.41 281
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 10.186.34.41 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 10.186.34.41 281
    ================================================== =========================
    Persistent Routes:
    None

    IPv6 Route Table
    ================================================== =========================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ================================================== =========================
    Persistent Routes:
    None


    Nothing untoward there that I can see.....10.186.34.0/24 has its gateway as "On-Link"

    All other laptops, desktops etc. are working as they should.

    AV doesn't report anything unusual

    there is nothing in either Hosts or LMHosts file

    I have tried this on both the wired and wirelesss NIC's

    so my questions are:

    How can it obtain a DHCP address, resolve the host name correctly, but it can't ping the server and what directs the ping through the default gateway?

    Any ideas anyone?

  • #2
    Re: Routing? DNS? What the hell?

    Originally posted by sailingbikeruk View Post
    The ping however came back thus:

    C:\Windows\System32\drivers\etc>ping srv-sbs

    Pinging srv-sbs [10.168.34.3] with 32 bytes of data:
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.
    Reply from 188.39.1.26: Destination host unreachable.

    Ping statistics for 10.168.34.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


    <snip>
    C:\Windows\System32\drivers\etc>tracert srv-sbs

    Tracing route to srv-sbs [10.168.34.3]
    over a maximum of 30 hops:

    1 3 ms 1 ms 1 ms peplink.ubbink.office [10.186.34.6]
    2 3 ms 1 ms 1 ms 78-33-183-49.static.enta.net [78.33.183.49]
    3 28 ms 27 ms 26 ms lns17.inx.dsl.enta.net [188.39.1.26]
    4 lns17.inx.dsl.enta.net [188.39.1.26] reports: Destination host unreachabl
    .

    Trace complete.

    <snip>
    Are these outputs cut and pasted? NSlookup is returning a 10.186.34.x address and the routing table relates to that subnet but ping and tracert are going to 10.168.34.x. Could of course be a typo if you didn't cut and paste.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Routing? DNS? What the hell?

      The only reason to send a packet to the default gateway is if the destination is on a different subnet. The local routing table confirms this. Your pings, traceroute and nslookup don't make sense either as nslookup resolves differently than your tracert via the hostname, like cruachan has pointed out.

      Active Routes:
      Network Destination Netmask Gateway Interface Metric
      0.0.0.0 0.0.0.0 10.186.34.6 10.186.34.41 25
      10.186.34.0 255.255.255.0 On-link 10.186.34.41 281
      10.186.34.41 255.255.255.255 On-link 10.186.34.41 281
      10.186.34.255 255.255.255.255 On-link 10.186.34.41 281
      127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
      127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
      127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
      224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
      224.0.0.0 240.0.0.0 On-link 10.186.34.41 281
      255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
      255.255.255.255 255.255.255.255 On-link 10.186.34.41 281
      Last edited by auglan; 24th July 2012, 19:26.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment


      • #4
        Re: Routing? DNS? What the hell?

        Well spotted guys I hadn't noticed that. Now all i have to do is figure out why would nslookup return one value and ping/tracert return another

        I'll have another look when I'm back in the office tomorrow.

        Comment


        • #5
          Re: Routing? DNS? What the hell?

          Ok, many thanks for your help guys, what a difference a fresh pair of eyes made (or two in this case).

          Simply I just hadn't spotted the 186 vs 168 in the IP addresses which then led me on a wild goose chase.

          When I got in this morning I checked everything I did yesterday again as I clearly hadn't done it well, it turned out to be an entry in the hosts file which I thought I'd cleared - windows 7 - need to open notepad as an administraor to change the hosts file and save the changes.

          So deleted all entried in the hosts file - saved it properly, tried ping again and got the CORRECT IP address and replies, restarted machine and Group Policy all applied as expected.

          Thanks for your help and sorry to block the forums with such a silly and careless error on my part.

          Comment


          • #6
            Re: Routing? DNS? What the hell?

            Thanks for letting us know. I've done similar things myself in the past, a fresh pair of eyes almost always helps.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment

            Working...
            X