tracert problem with DNS

[misterydns]

We are in a clustered Windows XP environment on a Cisco
network and I have the following problem: If we run
tracert using and IP number I get different machine names
back for the same IP number but in the DNS authority list
these other machine names do not exist or are past names
that were once assigned to this number but are no longer
assigned to it. Can someone help as out system
administrator says this isn't a problem but our networking
people are having trouble finding machines that have
viruses.

 

[Robert L [MS-MVP]]

do you have WINS server? The wins server may have old records.

--
For more and other information, go to http://www.ms-mvps.com

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ms-mvps.com
This posting is provided "AS IS" with no warranties.

 

[Ron Lowe]

We are in a clustered Windows XP environment on a Cisco
network and I have the following problem: If we run
tracert using and IP number I get different machine names
back for the same IP number but in the DNS authority list
these other machine names do not exist or are past names
that were once assigned to this number but are no longer
assigned to it. Can someone help as out system
administrator says this isn't a problem but our networking
people are having trouble finding machines that have
viruses.

Sounds like reverse DNS needs updating.

Here's a traceroute from my PC:

tracert www.google.com

Tracing route to www.google.akadns.net [216.239.59.104]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms router.homenet.local [81.187.191.65]
2 26 ms 26 ms 26 ms aa1-hg3.ilford.broadband.bt.net
[217.47.56.74]
<snip>

Now where did it get the name 'router.homenet.local' from the first-hop
gateway address [81.187.191.65] ( my router )?

Simple - it did a Reverse DNS lookup on my DNS server.

If tracert is giving wrong machine names against IP addresses, then you need
to:
1) Determine which DNS server is being queried by default;
2) go to the DNS server;
3) Go to the reverse lookup zones, and delete the stale records.

If your DNS server is NT4 or win2k or win 2k3, and you need directions on
how to do this on the server, post back.

 

[misterydns]

Ron,

It is a win 2k3 server and any information would be
appreciated. I will have to give the information to the
admin to check out and it would help if I had some
documentation on what needs done as I don't know the lingo
on the server stuff.

Thanks

-----Original Message-----

We are in a clustered Windows XP environment on a Cisco
network and I have the following problem: If we run
tracert using and IP number I get different machine names
back for the same IP number but in the DNS authority list
these other machine names do not exist or are past names
that were once assigned to this number but are no longer
assigned to it. Can someone help as out system
administrator says this isn't a problem but our networking
people are having trouble finding machines that have
viruses.

Sounds like reverse DNS needs updating.

Here's a traceroute from my PC:

tracert www.google.com

Tracing route to www.google.akadns.net [216.239.59.104]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms router.homenet.local [81.187.191.65]
2 26 ms 26 ms 26 ms aa1- hg3.ilford.broadband.bt.net
[217.47.56.74]
<snip>

Now where did it get the name 'router.homenet.local' from the first-hop
gateway address [81.187.191.65] ( my router )?

Simple - it did a Reverse DNS lookup on my DNS server.

If tracert is giving wrong machine names against IP addresses, then you need
to:
1) Determine which DNS server is being queried by default;
2) go to the DNS server;
3) Go to the reverse lookup zones, and delete the stale records.

If your DNS server is NT4 or win2k or win 2k3, and you need directions on
how to do this on the server, post back.


--
Best Regards,
Ron Lowe
MS-MVP Windows Networking


.

 

[Ron Lowe]

Ron,

It is a win 2k3 server and any information would be
appreciated. I will have to give the information to the
admin to check out and it would help if I had some
documentation on what needs done as I don't know the lingo
on the server stuff.

Thanks

On the server, go to:

Start | Admin. Tools ( Right side of start menu, below Control Panel )
Choose DNS.

In the dnsmgmt window that comes up, the Left pane should contain :

DNS
+-Server-Name
+-Forward Lookup Zones
+-Revese Lokup Zones
+0.in-addr.arpa
+127.in-addr.arpa
+xxx.yyy.zzz.in-addr.arpa

( where xxx.yyy.zzz is your IP address range spelt backwards. )
( suggestions of devil worship! ?? )

Select the xxx.yyy.zzz.in-addr.arpa zone.

there you will find entries like:

65 Pointer(PTR) router.homenet.local

(This means zzz.yyy.xxx.65 = router.homenet.local )

Delete the stale entries here.