Yet another post about this nslookup works but ping does not. I’ve read a handful of forum posts but could not find anything relevant to my setup and problem, of resolving external domain names on an internal only network.
My Lab:
- VMWare Workstation 11
-
Windows 2012 R2 Datacenter Edition servers
- DC1.ad.example.com – AD and DNS, INT NIC
- DC2.ad.example.com – AD and DNS, INT NIC
- DNS1.ad.axample.com – DNS only, not a member of AD. INT, EXT NICs.
The network is internal only for AD members. Server DNS1 is not a member of AD and contains two NICs, one internal to the AD network and the other external to the internet. DNS1 only serves as a DNS caching server, for the purpose of allowing the internal network (AD) computers to be able to resolve external IP’s. Purpose of the lab relating to this question is to learn best practices in AD deployment which includes network design, and DNS.
DNS configuration:
DC1 and DC2 both have a forwarder setup to DNS1. Queries outside of AD go there and get cached upon request from internal network computers. Nslookup confirms that using these two name servers, DC1 and DC2, we can resolve external domain names (I can see them being cached on DNS1 after requests from DC1/2).
Problem:
However, when I ping, it fails without showing the IP. Why is that? I would expect at least an IP printed and failure to reach host or some similar error. The domain name is visible in the local cache on DC1/2, but ping won’t resolve or show it.
I ended up adding an external NIC to DC2 and was able to ping no problem. Which also led me to wonder [why I’m actually trying to accomplish this external name resolution.]
I would expect that there would be a "no route", or some other error from ping, but I also would expect it to resolve (or show the resolved IP) and then choke trying to find the host. However, it just fails. Can anyone explain why? Does ping just give up if it can't reach the network?
Below is a series of commands demonstrating all of this:
PS C:\Users\Administrator> ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
PS C:\Users\Administrator> ipconfig /displaydns
Windows IP Configuration
dc1.ad.polishpaul.net
----------------------------------------
Record Name . . . . . : dc1.ad.polishpaul.net
Record Type . . . . . : 1
Time To Live . . . . : 1197
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.55.11
PS C:\Users\Administrator> ping google.com
Ping request could not find host google.com. Please check the name and try again.
PS C:\Users\Administrator> ipconfig /displaydns
Windows IP Configuration
dc1.ad.polishpaul.net
----------------------------------------
Record Name . . . . . : dc1.ad.polishpaul.net
Record Type . . . . . : 1
Time To Live . . . . : 1186
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.55.11
google.com
----------------------------------------
Record Name . . . . . : google.com
Record Type . . . . . : 1
Time To Live . . . . : 293
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 216.58.217.142
PS C:\Users\Administrator> nslookup
Default Server: dc1.ad.polishpaul.net
Address: 192.168.55.11
> google.com
Server: dc1.ad.polishpaul.net
Address: 192.168.55.11
Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4006:806::1005
216.58.217.142
PS C:\Users\Administrator>
PS C:\Users\Administrator> # external NIC now added
PS C:\Users\Administrator> ping google.com
Pinging google.com [74.125.226.14] with 32 bytes of data:
Reply from 74.125.226.14: bytes=32 time=11ms TTL=128
Thanks,
Paul
Best Answer
I have found that although the name resolution works with nslookup or the domain name resolution is cached locally, if one does not have a route to the destination ping will fail and never show the IP.
I encountered this issue in another lab without multi-homing. Removing the default gateway would cause ping to fail with "cauld not find host" when pinging a domain name and when pinging the IP, it would show a "transmit failed" error: