Hey there, this is RaSko again! Time in technical support is always exciting if you are dealing with a DNS issue Laughing

We ran into a problem which we found being related to DNS. It required some checks on both client and server side. The Windows client was not able to resolve the proper IP address of the Dell KACE 1000 appliance after its hostname and IP address was recently changed. The KBOX Agent still wanted to talk to the old IP address due to bad name resolution. We received the information that the old hostname was removed from DNS and a new hostname record was created. Microsoft DNS console does not allow to change the A/host records IP address.

The below actions and examples are applicable if you are working with a Microsoft ADDS/DNS environment, however, you can find DNS everywhere

Here we go:

A) Check if the issue is on the client or server side

1. Open a cmd window and check your IP config for the preferred DNS server

  • Example
  • Command: "ipconfig /all" (without the quotes)
  • Result: "DNS Servers . . . . . . . . . . . : 192.168.44.10"

You will often see several DNS servers but the first one in the list is the one that we work with first as it is preferred. Most of the time in an Microsoft ADDS environment those DNS servers share all information using replication which means: If you have the issue on the first it will high likely has spread to the others, this all depends but I am drifting away...

2. Ping the KBOX hostname and verify you are getting a "full name" with an IP address in the very first line

  • Example
  • Command: "Ping k1000" (without the quotes)
  • Output: "Pinging k1000.domain.lab [192.168.44.102] with 32 bytes of data:"

Note that we are pinging the short name/NetBios name but we received the full qualified domain name (FQDN).
You can append the DNS suffix "domain.lab" by defining the suffix search order or by having the DNS client appending the primary domain suffix (default in an AD domain if DNS can respond properly).

The KBOX hostname was indeed the correct one but we received the wrong IP. The KBOX IP has changed to "192.168.44.101" but the client did not know. Is it a client issue? Don't know yet, let us flush the DNS client side cache to forget the names the client remembers.

  • Example
  • Command: "ipconfig /flushdns" (without the quotes)
  • Result: "Successfully flushed the DNS Resolver Cache."

Ping the KBOX NetBios name again and verified that you get the correct IP address, we did not! But we know now that this is not a client problem. The "hosts file" could be a problem here but we checked that first as it is a classic, isn't it?

 

B) Move on to the DNS server which was the preferred one and get into the Microsoft DNS console

1. RDP quickly to the DNS server and get an overview, check for the below items

  • Example
  • Command: "mstsc /v:192.168.44.10" (without the quotes)
  • Result: "Authentication window for RDP session to DNS server displayed"

Once authenticated, open the DNS console and plus out your DNS domain you are working in (domain.lab in our example). On the right hand side we confirmed that the A/host records is fine. We also connected to all other DNS servers authoritative for "domain.lab" and it was showing up fine on all of them. The KBOX IP was set to "192.168.44.101" but even from the DNS server we resolved the name to the wrong IP "192.168.44.102". So what? Keep in mind that even a ping from the DNS server is something the "DNS client" is responsible for/it goes through the same process. At the latest here we should think about the order for DNS client resolution. Name resolution for NetBios and DNS names differs slightly but without being picky let's be just a lil' bit picky and take a peak:

1. First we query the "local DNS cache"
2. Then we query the "hosts file"
3. Then it is the "DNS server" server itself we query (rather its cache and then the DNS server itself)
4. Next in the list is the "NetBios name cache"
5. The "WINS server" comes after that
6. Then we still try a "broadcast"
7. And last but not least with saying that you are already srewed, the "LMHOSTS file

So let's see, my DNS client side cache was cleared, the hosts file nightmare we covered also, the DNS server shows a good record, but, it is not the actual record that is provided first right looking at the above order. After enabling the "Advanced" view inside the Microsoft DNS console we found our old A/host record for the KBOX sitting in the "Cached Lookups" folder. Ideally you can remove this single record to still provide the perhaps big amount of other cached information/lookup to the DNS clients. We agreed to quickly delete the server cache on all systems using the Microsoft DNS console. Another quick way if you do not have so many servers that you need to script it, is to use the following command:

  • Example: "Delete the DNS server side cache on a DNS server using the command line"
  • Command: "dnscmd DNSSERVER /clearcache" (without the quotes and replace DNSERVER with a real one)
  • Result: "Command completed successfully"

We went back to one of the client computers and the DNS server now properly responded with the new name. Even the KBOX Agent was now successfull with contacting the KBOX and it received the info about the change of the network configuration.

Till the next time!

Peace,
RaSko