DNS

This section provides the following troubleshooting information for DNS:


Troubleshooting Checkpoints

If you experience problems related to DNS or TCP/IP, you can use the following steps to begin troubleshooting.

  1. Run the WINIPCFG utility to determine your IP address, then ping your address from a functioning client.

    If you do not receive a response, your client's TCP/IP stack is not functioning. One of the following problems might be the cause:

  2. Ping an IP address on your local network.

    If this approach fails, one of the following conditions might be the cause:

  3. Ping an address on a different network or on the internet.

    If this approach fails but the preceding steps were successful, the problem is probably related to your router or your client's default router. If you are using DHCP, the default router configured for the DHCP server for each client is probably incorrectly configured.

  4. Verify name resolution within your network. Ping a domain name within your company's network.

    If this approach fails, the default DNS server configured for your TCP/IP stack is invalid, or the DNS server is not functioning. If you are using DHCP, the DNS server that is configured on the DHCP server is not properly configured.

  5. Verify name resolution through the internet. Ping a host on the internet, such as novell.com.

    If this approach fails, your company's DNS server (that forwards DNS requests to the Internet) is not functioning, or the Internet DNS server to which your DNS server forwards requests is not functioning.

In addition to using ping to troubleshoot DNS configuration problems, you can also use the NSLOOKUP utility at your server. For information on using this utility, see NSLOOKUP in Utilities Reference.


Common Configuration Problems

If you experience problems with DNS, check the following configuration problems.

  1. Check the consistency of glue records that are shared between parent and child zones. Make sure that Name Server (NS) and Address (A) records within the parent zone match those in the child zone.
  2. Keep the IP addresses of the root name servers configured in the RootServerInfo zone updated. Changes to this information are not automatically propagated through a domain; you must enter them manually. The most recent update of root name server information is available through FTP at ftp://rs.internic.net/domain/named.root.
  3. Verify consistency between Pointer records in the IN-ADDR.ARPA domain and other domains.
  4. If you change the IP address of a name server, ensure that the parent zone reflects that change.
  5. Verify that you have configured a name server to correctly serve every zone.
  6. Verify that zone transfers are occurring properly. Ensure that the secondary name server can identify the primary name server.
  7. If you cannot access a particular host, verify that PTR records exist. When you create a zone, always select Yes when prompted to create a companion zone. If you created a companion zone, verify that the IP address and hostname are correct.

Common Operational Problems

Internet RFC 1912 provides information about common operational errors found in both the operation of DNS servers and the data the DNS servers contain. The following list describes the most common operational errors that occur.


Troubleshooting Windows 95 TCP/IP Problems

This section provides assistance for those troubleshooting TCP/IP problems on Windows 95* clients. You should have a basic understanding of TCP/IP and how it is configured for Windows 95.


Using WINIPCFG

The WINIPCFG utility displays a client's current TCP/IP configuration. To execute this utility, click Start > Run, enter winipcfg, and click Enter.

If the client's IP address was statically assigned and configured, the information that was entered under TCP/IP Protocols in the control panel's Network settings is displayed.

If the client was configured to obtain an address using DHCP, the information displayed was received from the DHCP server that assigned the IP address.

WINIPCFG provides the following information about the client:

If the client has obtained an address from a DHCP server, click More Info to identify the DHCP server, when the lease began, and when it expires. Four additional buttons provide the following functions:

If you want another IP address to be assigned to the client, select RELEASE, then select RENEW.


Using PING

PING is the most basic utility available to test, verify, and troubleshoot TCP/IP connectivity within a network. PING sends an ICMP packet to a specific host with a small amount of data and expects that host to respond with the same data packet. If you receive a response, both TCP/IP and connectivity between the two hosts are operational. If you do not receive a response, one of the following conditions exists:

To run PING, from a DOS prompt enter the command followed by a hostname or IP address, such as the following:

C:\> ping www.novell.com >

If TCP/IP is operational and connectivity exists between the hosts, you will receive the following type of response:

Pinging www.novell.com [137.65.2.5] with 32 bytes of data:Reply from 137.65.2.5: bytes=32 time=27ms TTL=59Reply from 137.65.2.5: bytes=32 time=22ms TTL=59Reply from 137.65.2.5: bytes=32 time=31ms TTL=59

If you use the IP address of the host, you will receive the same type of reply.

Using the host's domain name is a good way to determine the host's IP address, and doing so also causes the client to request DNS name resolution before sending the ICMP packet. This approach is an excellent way to determine if DNS name resolution is working. If it is not working, you will receive a message such as the following:

Unable to resolve www.novell.com.

If DNS name resolution is not working, one of the following conditions might be the cause:

The PING command has the following syntax:

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host] | [-k host-list]] [-w timeout] destination list

Table , PING Options explains the use of the PING options.


Table . PING Options

Option Meaning

-t

Ping specified host until interrupted

-a

Resolve addresses to hostnames

-n count

Number of echo requests to send

-l size

Send buffer size

-f

Set Don't Fragment flag in packet

-i TTL

Time-To-Live value

-v TOS

Type of service

-r count

Record route for count hops

-s count

Time stamp for count hops

-j host-list

Loose source route along host-list

-k host-list

Strict source route along host-list

-w timeout

Timeout in milliseconds to wait for each reply

NOTE:   You can find unauthorized addresses in an exported DHCP configuration by searching for IP Address objects with an Assignment Type value of 32. Use FIND in a text editor to quickly identify addresses that have been marked as unauthorized.


Using TRACERT

TRACERT can be very useful when you are resolving network-wide TCP/IP problems. TRACERT traces the route to a specific host and displays all hops that occur to search for the target host.

To run TRACERT, from a DOS prompt enter the command followed by a hostname or IP address, such as the following:

C:\> tracert www.novell.com

The TRACERT command has the following syntax:

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Table , TRACERT Options explains the use of the TRACERT options.


Table . TRACERT Options

Option Meaning

-d

Do not resolve addresses to host names

-h maximum_hops

Maximum number of hops to search for target

-j host-list

Loose source route along host-list

-w timeout

Timeout in milliseconds to wait for each reply


Using ARP

ARP is an advanced utility that should be used only by those who have a detailed understanding of TCP/IP and must troubleshoot complex problems. The ARP command enables you to display and modify the ARP cache of a client.

Following are three examples of use of the ARP command:

ARP -s inet_addr eth_addr [if_addr]ARP -d inet_addr [if_addr]ARP -a [inet_addr] [-N if_addr]

Table , ARP Options explains the use of the ARP options.


Table . ARP Options

Option Meaning

-a

Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and physical addresses for the specified host are displayed.

-g

Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and physical addresses for the specified host are displayed.

inet_addr

Specifies an Internet address.

-N if_addr

Displays the ARP entries for the network interface specified by if_addr.

-d

Deletes the host specified by inet_addr.

-s

Adds the host and associates the internet address inet_addr with the physical address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent.

eth_addr

Specifies a physical address.

if_addr

If present, specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface is used.


Using NETSTAT

NETSTAT is an advanced utility that should be used only by those who have a detailed understanding of TCP/IP and must troubleshoot very complex problems. NETSTAT displays protocol statistics and current TCP/IP network connections.

The NETSTAT command has the following syntax:

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

Table , NETSTAT Options explains the use of the NETSTAT options.


Table . NETSTAT Options

Option Meaning

-a

Displays all connections and listening ports, but not those of the server side.

-e

Displays Ethernet statistics. This might be combined with the -s option.

-n

Displays addresses and port numbers in numerical form.

-p proto

Shows connections for the protocol specified by proto (either TCP or UDP). If used with the -s option to display per protocol statistics, proto can be TCP, UDP, or IP.

-r

Displays the contents of the routing table.

-s

Displays per protocol statistics. By default, statistics are shown for TCP, UDP, and IP. The -p option can be used to specify a subset of the default.

interval

Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. If omitted, NETSTAT prints the current configuration information once.

If you suspect that a LAN card is malfunctioning, use the -e option while troubleshooting. The -e option displays Ethernet statistics, including discards and errors.

The -a option provides a detailed display of the active TCP connections of the port number and network host communicating with that port. This information is useful when you are attempting to relate TCP port numbers of the various servers with which the client is communicating.


Using the "-F" Command Line Option for DNIPINST.NLM

DNIPINST.NLM is a backup method of extending the schema and creating the DNS/DHCP Locator and Group objects and the RootSrvrInfo zone. DNIPINST.NLM can be used if problems occurred during the NetWare® 6 installation process. Most administrators will not need to use this NLM.

You can use the "-F" command line option in the DNIPINST.NLM to re-create the DNS/DHCP configuration objects if the initial attempt to set up Novell® DNS/DHCP Services fails during the configuration object creation stage.

When a failure occurs during the object creation phase, we recommend that you delete the DNS-DHCP (DNS/DHCP Locator), DNSDHCP-GROUP (DNS/DHCP Group), and the RootSrvrInfo objects (if they have been created), then use DNIPINST.NLM with the "-F" flag. When the "-F" command line option is specified, an initial console message confirms the action and the eDirectory login window appears. After a successful login, the object eDirectory context query window is displayed. You can enter the data and create the objects. If a schema extension error occurs, execute DNIPINST.NLM in the regular mode.


Server Access to DNS/DHCP Locator Object Not Required

The requirement that the DNS and DHCP servers always have access to the DNS/DHCP Locator object has been relaxed.

The DHCP server can load without having access to the DNS/DHCP Locator object. However, the first time the server loads it requires access to the DNS/DHCP Locator object to obtain a copy of any global configuration from the object. The DHCP server saves a copy of the global configuration in SYS:\ETC\DHCP\DHCPLOC.TAB.

In subsequent loads, the DHCP server will try to obtain the global configuration information from the DNS/DHCP Locator object. If the information is not available, the DHCP server will read the information from the last saved copy of SYS:\ETC\DHCP\DHCPLOC.TAB. Each time the DHCP server loads and the DNS/DHCP Locator object is available, the DHCP server updates the DHCPLOC.TAB file.

The DNS server also does not require access to the DNS/DHCP Locator object. It has been enhanced to require access to the DNS/DHCP Locator object only if the NAMED command line arguments are specified to create zones in eDirectory. The DNS server no longer requires access to the RootSrvrInfo zone stored in eDirectory. The DNS server now first tries to find the RootSrvrInfo zone in eDirectory, but if it is not available, the DNS server uses the copy of the information found in SYS:\ETC\DNS\ROOTSRVR.DAT.