DNS the problem??

  • Thread starter Thread starter LESLIE
  • Start date Start date
Here is an update....

I've been working with the firewall team to determine the
problem. They have concluded that the problem is not the
firewall.

These is another thing that I tried.

I took one of the servers 172.16.0.3 and changed the ip
address to 10.5.11.1 and subnet and gateway to move to
our 10 network. As soon as I did that I pinged the
machine and received a consistent reply of <1ms. That
tells me that it has to be the firewall. That is the
only thing connecting the two networks. I moved
everything back and still the request time outs and 2ms,
3ms, up to 9ms

But then...(the firewall has 3 interfaces, internet,
10.5.100.1 and 172.16.0.1) Then what I tried was to ping
172.16.0.1 (which is the gateway for the 172 network)
from a pc with 10.5.x.x and the reply was a consistent
<1ms. So the problem has to be somewhere after it leaves
the firewall to the server. The only thing in between is
one switch. I put in a different switch and there is
still that delay from 172.16.0.1 to 172.16.0.3. So we
eliminated the switch completely and plugged the server
straight into the firewall and if I ping 172.16.0.1 from
a 10.5 machine I get a consistent <1ms, but if I ping the
server 172.16.0.2 from 10.5 I still get the delay and
time outs.

So the only thing that we have left is to move the
servers over to 10.5 network, since there is no delay
there.

I say its the firewall, our firewall team says its not.

???????
 
In
Leslie said:
Here is an update....

I've been working with the firewall team to determine the
problem. They have concluded that the problem is not the
firewall.

These is another thing that I tried.

I took one of the servers 172.16.0.3 and changed the ip
address to 10.5.11.1 and subnet and gateway to move to
our 10 network. As soon as I did that I pinged the
machine and received a consistent reply of <1ms. That
tells me that it has to be the firewall. That is the
only thing connecting the two networks. I moved
everything back and still the request time outs and 2ms,
3ms, up to 9ms

But then...(the firewall has 3 interfaces, internet,
10.5.100.1 and 172.16.0.1) Then what I tried was to ping
172.16.0.1 (which is the gateway for the 172 network)
from a pc with 10.5.x.x and the reply was a consistent
<1ms. So the problem has to be somewhere after it leaves
the firewall to the server. The only thing in between is
one switch. I put in a different switch and there is
still that delay from 172.16.0.1 to 172.16.0.3. So we
eliminated the switch completely and plugged the server
straight into the firewall and if I ping 172.16.0.1 from
a 10.5 machine I get a consistent <1ms, but if I ping the
server 172.16.0.2 from 10.5 I still get the delay and
time outs.

So the only thing that we have left is to move the
servers over to 10.5 network, since there is no delay
there.

I say its the firewall, our firewall team says its not.

???????
Click to expand...

And I agree with you. You;ll have to state your case with them with what you
posted here to convince them.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
One small point: you should be using tracerts and
not pings, as there can always be something
unexpected in the mix.

You've persuaded me unconditionally. So just too bad for you
that neither I nor Ace are the ones that need convincing :-)
They could always turn out to be right -- maybe its some other
dark matter, but the presumption of the evidence at this point
clearly is that they aren't. They need to positively disprove it
by suggesting the alternative. I can't think of one.

Now my suggestion -- and I did this once when I called in to troubleshoot
a not completely unsimilar problem that had festered out of control -- is to
put a Win2K workstation in place of the busted router, stick a second NIC in it, turn on
IP forwarding and prove that things work just fine that way. You can
do the same thing if you have an old router laying around, and you
probably can do it with a $80 Linksys too if you can turn off NAT in it.
(You aren't going to leave it this way, just test.)

This is really a case for managed escalation. You need
to get your management involved in getting this
item put at the top of your hosting company's log.

I think the question is still open as to whether this will fix
your NetBIOS issue -- I tend to think it will -- but either way
you have to fix it.

Steve Duff, MCSE
Ergodic Systems, Inc.
 
I have taken out my ISP's DNS servers from all the
workstations and still continue to have the problem.
 
Back
Top