6.1 DNS

This section provides the following troubleshooting information for DNS:

6.1.1 Troubleshooting Checkpoints

If you experience problems related to DNS or TCP/IP, try the following:

  • Run the WINIPCFG utility (Windows 95/98) or enter ipconfig at the command prompt (Windows NT, 2000, XP) to determine your IP address, then ping your address from a functioning client.

    If you do not receive a response, your client’s TCP/IP stack is not functioning. One of the following problems might exist:

    • The client’s TCP/IP stack might be incorrectly configured.

    • The client did not properly receive an IP address from DHCP.

    • The IP address is already in use by another client.

  • Ping an IP address on your local network.

    If this approach fails, one of the following conditions might exist:

    • The client you pinged is not operational.

    • The LAN is experiencing problems.

    • Your client’s TCP/IP stack is experiencing problems.

  • Ping an address on a different network or on the Internet.

    If this approach fails but the preceding steps were successful, the problem is probably related to your router or your client’s default router. If you are using DHCP, the default router configured for the DHCP server for each client is probably configured incorrectly.

  • Verify name resolution within your network. Ping a domain name within your company’s network.

    If this approach fails, the default DNS server configured for your TCP/IP stack is invalid, or the DNS server is not functioning. If you are using DHCP, the DNS server that is configured on the DHCP server is not properly configured.

  • Verify name resolution through the Internet. Ping a host on the Internet, such as novell.com.

    If this approach fails, your company’s DNS server (that forwards DNS requests to the Internet) is not functioning, or the Internet DNS server to which your DNS server forwards requests is not functioning.

In addition to using ping to troubleshoot DNS configuration problems, you can also use the nslookup utility at your server. For information on using this utility, see Nslookup in the NetWare 6.5 Utilities Reference.

6.1.2 Common Installation and Upgrade Problems

The following problems could occur during an installation or upgrade:

The installation for DNS/DHCP services completed with one of the following error messages:


The DNS master file RootSrvr.dat is invalid. The RootSrvrInfo zone object will be created with default values for the root servers’ information.



The DNS master file RootSrvr.dat could not be found. The RootSrvrInfo zone object will be created with default values for the root server’s information.

Cause: The RootSrvr.dat file, which is copied to the sys:\etc\dns directory during the installation, is corrupted or missing. This data file contains information about the DNS root servers and is required to populate the root server's information in the RootSrvrInfo zone object.

Solution: If the installation program cannot find or use this file, it creates the required zone object with default values. The installation process uses the default values for the DNS root servers. The contents of RootSrvrInfo zone object should be compared with the most recent information on the root server. Changes to this information can be made in the RootSrvrInfo zone object by using the DNS/DHCP management utilities.

The installation for DNS/DHCP services completed with one of the following error messages:


The preferences data file NDDPrefs.dat is invalid. The Locator object will be created with default values for the configuration preferences.



The preferences data file NDDPrefs.dat could not be found. The Locator object will be created with default values for the configuration preferences.

Cause: The data file NDDPrefs.dat, which is copied to the sys:\system\ directory during the installation, is corrupted or is missing. This data file contains information for global configuration preferences. Currently, only the DHCP global options are configured by using this data file.

Solution: If the installation program is unable to find or use this file, it creates the Locator object with default values for these options. This information can be edited by using the management utilities. In the Management Console, edit this option by selecting DHCP Service > Global Preferences. This page allows you to delete and modify the existing DHCP options and to add new DHCP options.

In the iManager utility, edit these options by clicking DHCP under Roles and Tasks. Then click Global DHCP Configuration > View/Set Global Preferences from the drop-down list and click OK. The Global DHCP Options, DHCP Options, and DHCP Options Table pages allow you to delete and modify the existing DHCP options and to add new DHCP options.

After you upgrade to NetWare 6.5, the DNS Server does not come up when you load the DNS Server with the ncf file

Cause: While upgrading to NetWare® 6.5, if you have the command load named in the existing autoexec.ncf file, with any option that is not supported by NetWare 6.5, the DNS Server does not load automatically when the autoexec.ncf is executed after upgrading.

If you have an unsupported option in the autoexec.ncf file, the usage details are displayed on the logger screen.

Solution: In order to avoid this, before upgrading to NetWare 6.5, ensure that the autoexec.ncf file does not contain the -m, -u, -l, -r, -f, -a, -b, -pc, -strict [on|off], -s, -v, or -q options. For information on DNS server options, see Section 4.7, NAMED Command Line Options.

6.1.3 Common Configuration Problems

If you experience problems with DNS, check for the following configuration problems.

  • Check the consistency of glue records that are shared between parent and child zones. Make sure that the name server (NS) and Address (A) records within the parent zone match those in the child zone.

  • Update the IP addresses of the root name servers configured in the RootServerInfo zone. Changes to this information are not automatically propagated through a domain; you must update them manually. The most recent update of root name server information is available through FTP at ftp://rs.internic.net/domain/named.root.

  • Check the consistency between pointer records in the IN-ADDR.ARPA domain and other domains.

  • If you change the IP address of a name server, ensure that the parent zone reflects that change.

  • Verify that you have configured a name server to correctly service every zone.

  • Verify that the zone transfers are occurring properly. Ensure that the secondary name server can identify the primary name server.

  • If you cannot access a particular host, verify that the PTR records exist. When you create a zone, always select Yes when prompted to create a companion zone. If you have created a companion zone, verify that the IP address and hostname are correct.

Merging DNS-DHCP Services

You can use the DSMerge utility to merge two trees into a single tree. However, the merged tree continues to have two DNS/DHCP setups represented by two sets of DNS-DHCP base objects.

Each DNS-DHCP setup contains the following base objects:

  • RootServerInfo: Contains information about all top-level domains.

  • Locator: Contains lists of all the DNS and DHCP servers, zones (including RootServerInfo), subnets, and subnet pools, as well as the global definitions and configuration for the DHCP server.

  • Group: Enables the DNS and DHCP servers to read/write data from/to eDirectory™. All DNS-DHCP objects have this Group object assigned as a trustee. The NCP™ server hosting the DNS or DHCP Services has a membership to the Group object.

A proper DNS-DHCP setup should have exactly one instance for each of the base objects.

You can use ConsoleOne® or iManager to merge the DNS-DHCP Services. If you choose to use iManager, complete the following steps:

  1. From the Roles and Tasks menu, select eDirectory Administration.

  2. Identify the set of final base objects (RootServerInfo, Locator, and Group objects) that are to be retained.

    Retain the RootServerInfo that has latest information about the top-level domains. Retain the Locator object that has references to larger number of zones and subnets. Also, retain the Group object that is referenced by this Locator.

    When you first select the final Locator object, it contains lists of references to some of the DNS-DHCP objects. The remaining DNS-DHCP objects are being referenced by the other locator object.

  3. Copy the remaining references into the corresponding lists of the final Locator object.

    1. Copy the DNS Server references from the DNIP:DNSServers attribute of the other Locator object to the DNIP:DNSServers attribute of the final Locator object.

    2. Copy the DHCP Server references from the DNIP:DHCPServers attribute of the other Locator object to the DNIP:DHCPServers attribute of the final Locator object.

    3. Copy the Zone object references from the DNIP:DNSZone attribute of the other Locator object to the DNIP:DNSZone attribute of the final Locator object.

    4. Copy the Subnet object references from the DNIP:Subnet Attr attribute of the other Locator object to the DNIP:Subnet Attr attribute of the final Locator object.

    5. Copy the Subnet Pool object references from the DNIP:Subnet Pool List attribute of the other Locator object to the DNIP:Subnet Pool List attribute of the final Locator object.

  4. For all DNS Servers, DHCP Servers, and Subnet Pool objects whose references were copied in Step 3a, Step 3b, and Step 3e, assign the final Group object as a trustee with the following rights:

    • All Attributes Rights: Supervisor

    • Entry Rights: Browse, Delete

  5. For all DNS Zones and Subnet objects whose references were copied in Step 3c and Step 3d, assign the final Group object as a trustee with the following rights:

    • All Attributes Rights: Supervisor rights that can be inherited

    • Entry Rights: Browse, Create, and Delete rights that can be inherited

  6. For the final Locator object, assign the final Group object as a trustee with the following rights:

    • All Attributes Rights: Supervisor

    • Entry Rights: Browse

  7. For the final RootServerInfo object, assign the final Group object as a trustee with the following rights:

    • All Attributes Rights: Supervisor rights that can be inherited

    • Entry Rights: Browse rights that can be inherited

  8. For all NCP Servers that have a reference to the other Locator object, you must change the reference to the final Locator object.

  9. In the final Locator object, set the desired Global Preferences in the following attributes:

    • DNIP:Included MAC

    • DNIP:Excluded MAC

    • DNIP:Config Options

    • DNIP:CfgPreferences (this is required to be merged only if there are any user-defined options)

  10. Delete the base objects that are not part of the final set of base objects identified in Step 2.

Potential Issues

  • If subnets corresponding to private IP addresses exist and there is an overlap among these subnets across the trees, the administrator must decide how to merge these subnets.

  • If both the Locator objects have some user-defined DHCP options with the same option codes, and these options are configured at the Locator/Subnet/IP Address level, the administrator must make sure that the interpretation of these options do not change even after the merge.

DNS/DHCP iManager Utility

The following configuration problems might occur while using the DNS/DHCP iManager utility:

  • If you encounter the Cannot access the LDAP server error while configuring the Novell exteNd Director™ 4.1 Standard Edition by entering http://server ip address/nps/servlet/configure in the browser, ensure that the LDAP server is running. Also, set the ldapTLSRequired option to false.

  • If you encounter the HTTP Status 500 - Server Internal Error error near the end of configuring exteNd Director 4.1 Standard Edition, stop Tomcat and Apache by entering tc4stop and ap2webdn at the server console. Restart Tomcat and Apache by entering tomcat4 and ap2webup at the server console. Access iManager 2.5 by entering http://serveripaddress:8080/nps/index.html in the browser and click the iManager link at the top of the page.

6.1.4 Common Operational Problems

Internet RFC 1912 provides information about common errors found in both the operation of DNS servers and the data the DNS servers contain. The following information describes the most common operational errors.

DNS Server Memory utilization increases over a period of time

Cause: The Maximum Memory Cache size is by default set to 0, referring to an unlimited cache size. This indicates that records are purged from the cache only when the TTL for these records expires. The default value for the server to cache the ordinary or positive query cache (max-cache-ttl) is set to 7days and for negative query cache (max-ncache-ttl) it is set to 3 days. So depending on size of the zones being served by DNS Server and the query cache size, memory utilization increases over a period of time.

Solution 1: An increase in memory utilization can be prevented by configuring an adequate size for Maximum Memory Cache size, so that when the amount of data in the cache reaches the specified limit, the records in cache expire and the cache limit is not exceeded. By configuring a smaller value for the memory configuration options such as max-cache-ttl, max-ncache-ttl, and cleaning-interval, memory utilization can be controlled.These memory options can be configured by using iManager or the Java-Based Management Console.

To configure memory options by using iManager:

  1. Click DNS > DNS Server Management to open the DNS Server Management window.

  2. Select View/Modify Server from the list, then click OK.

  3. All the configured DNS Servers are shown in the list. Select a DNS Server, then click OK.

  4. Skip the Zone Information screen by clicking Next. The Forward List Information screen and the No Forward List Information screen can be skipped in the same manner.

  5. Specify the size in Maximum Cache Size field. The size can be specified in terms of KB, MB, and bytes. Click Next.

  6. Select the additional options to be modified and Click Modify.

  7. To add an attribute to selected additional options, select the attribute from Available Additional Option(s) list and click Add.

    Select cleaning-interval, click Add, then specify the desired value. Repeat the process for the max-cache-ttl and max-ncache-ttl attributes.

  8. Click Done.

To configure memory options by using the Java-Based Management Console:

  1. Log in to the tree and launch the Management Console. The DNS Service tab is selected by default.

  2. Select the server for which auditing must be performed, then click the Options tab.

  3. Specify the size in Maximum Cache Size field. The size can be specified in terms of MB, KB, and bytes.

  4. Click the Advanced tab. All the server attributes, along with their default value and configured value, are listed.

  5. Select cleaning-interval, click modify and specify the desired value. Click OK to confirm.

    Repeat the process for max-cache-ttl and max-ncache-ttl attributes.

  6. Click Save to save.

Solution 2: Use command named -pa periodically on system console to purge the contents of the cache. This command cleans the cache and reduces the memory utilization.

Hosts cannot access a particular system. You change the IP address for this system recently, but the secondary name server has not yet been updated

Cause: The Start of Authority (SOA) record’s serial number was not properly incremented. Without the serial number increment, the secondary name server does not recognize when a change has been made. This is usually not a problem with DNS based on Novell® eDirectory™ because the serial number is incremented automatically. With UNIX* systems, failure to increment the serial number is the most common cause of DNS errors. The secondary server does not automatically test for changes in the SOA record. Any changes in the SOA record must be accompanied by a change in the SOA record serial number.

Solution: Do not change the SOA record serial number manually with DNS based on eDirectory. If the primary server is not eDirectory based, you might need to change the serial number manually in order for the secondary server to recognize that a change has occurred.

DHCP updates from a Novell DHCP server fail

Cause: The receiving DNS server is not a Designated Primary for the reverse/forward zones.

Solution: For dynamic updates from Novell DHCP servers, the targeted forward zone and its corresponding reverse zone should be serviced by the same DNS server in Designated Primary mode. This is to ensure that the DNS server is authoritative for both the forward and the reverse zones.

You cannot access a particular host

Cause 1: When you created a new zone, the PTR records were not created or the PTR records have been deleted or changed.

Solution 1: When you configure a zone, always select Yes when prompted to create a companion zone. If you created a companion zone, verify that the IP address and hostname are correct. Checkers can easily catch neglected PTRs. For additional information, refer to RFCs 1537 and 1713.

Cause 2: The host is down or is unreachable.

Solution 2: Use the ping utility to locate the connectivity problem. If the problem exists in your domain, make the necessary repairs to restore connectivity.

Cause 3: The name server for that domain is not configured with information for the host.

Solution 3: Configure the name server for that domain with information for the host.

You cannot access a host in a different domain by using its domain name, but you can access it by using its IP address

Cause: The IP address or CNAME alias entry of the host’s primary or secondary name server was changed, but the parent domain was not informed of the change. The address information in the glue record maintained by the parent domain has become invalid. Another possible cause is that the original address information in the glue record for the local zone is invalid or missing.

Solution: When you configure a new zone, always specify the IP address when prompted. Verify that all parent zones have the same address information.

Nonlocal hosts cannot find the primary domain server for a subdomain and, therefore, cannot access hosts in that subdomain

Cause: The IP address of a subdomain’s primary server does not match the hostname and IP address configured in the parent domain for the subdomain’s primary server.

Solution: Verify that the hostname and IP address for the subdomain’s primary server configured in the parent domain is valid and matches the information configured in the subdomain.

A particular host cannot access other hosts

Cause: The resolv.cfg file (or equivalent) of the host does not contain the correct domain name or name server address.

Solution: Specify the correct domain name or name server address in the hosts’s resolv.cfg file (or equivalent).

Hosts cannot access an entire external domain

Cause 1: The root name server information is invalid; therefore, the root servers are unreachable. For non-eDirectory systems running DNS, changes to this information are not automatically propagated through a domain; you must enter the changes manually.

Solution 1: Verify that the IP addresses of the root name servers configured in the RootServerInfo zone are correct. The most recent update of root name server information is available through FTP at ftp://rs.internic.net/domain/named.root.

Cause 2: The hostname or IP address was not resolved because the delegation to the zone is incorrect.

Solution 2: Configure the correct hostname or IP address information for the zone in eDirectory.

Cause 3: The hostname or IP address was resolved to the wrong value.

Solution 3: Change the hostname or IP address information for the zone to the correct value in eDirectory.

Cause 4: The name server information of the primary name server of the domain is incorrect or missing in the root name servers.

Solution 4: Verify that the domain is properly registered with the INTERNIC, which is the organization that configures the name server information of the domain.

Cause 5: The name server for the domain is down or is unreachable.

Solution 5: Use the ping utility to locate the connectivity problem. If the problem exists in your domain, make the necessary repairs to restore connectivity.

Cause 6: The root name server for the domain is down or is unreachable.

Solution 6: Use the ping utility to locate the connectivity problem. If the problem exists in your domain, make the necessary repairs to restore connectivity.

Cause 7: You do not have sufficient rights to access the zone.

Solution 7: Contact the network administrator for the zone and obtain sufficient rights to access the zone.

A resource Record object change is not reflected in the server cache and the zone transfer fails

Cause 1: The Zone SOA serial number is not automatically updated after the change is made.

Solution 1: After you modify the Resource Record, change the Zone SOA serial number manually.

Cause 2: The server cache is not automatically refreshed after changes are made.

Solution 2: Unload the named.nlm module and reload it to refresh the DNS server settings.

The client is not assigned an IP address

Cause: The DHCP server object is not properly configured.

Solution: Make sure you have created the DHCP server object, and at least one Subnet object and Subnet Address Range object each. Verify that when you load the DHCP server module, dhcpsrvr.nlm, a message from the NetWare® system console indicates that the IP database is loaded

Problem in dynamic reconfiguration of DNS server (DNIP:DNS server object configuration changes in eDirectory. Add/remove zones (update zone data out-of-band) in eDirectory does not get updated to the server in-memory)

Cause 1: Frequently changing the server roles to passive primary from designated secondary.

Solution 1: Do not change the server roles to passive primary from designated secondary when the server is running. Although the server can recognize the changes in roles, there are some issues in synchronizing these roles.

Cause 2: The dynamic reconfiguration interval is not set properly.

Solution 2: Make sure that the dynamic reconfiguration interval is not set too high (20-24 hours) because this slows down the synchronizing mechanism. Also, setting this interval very low (less than 10 minutes) slows down the DNS query/update/transfer mechanism. The recommended value for this option is 15 minutes. The dynamic reconfiguration interval can be set through the management utilities.

Dynamic update request (2136) sent from a non-Novell DHCP server failed

Cause: The value for the update filter is not set properly.

Solution: Set the ACL value of the update filter to the IP address of the DHCP server, or set the value to any. The value is set to none by default and all dynamic updates are refused by the DNS server. This can be set through the management utilities.

Dynamic Update (Novell proprietary update) sent from Novell DHCP servers failed

Cause: A reverse (IN-ADDR.ARPA) zone does not exist for the corresponding forward zone update.

Solution: Verify that the reverse (IN-ADDR.ARPA) zone exists for the corresponding forward zone update. The logic for a Novell update is to first create/update the data (PTR resource record) in the reverse zone and then create the corresponding A record in the forward zone. If the reverse zone does not exist, the response is negative for a dynamic update request.

Zone-out fails — Ten A type resource records are created in the abc.xyz.com zone hosted by a Novell primary DNS server (DNS server version 6.0 and above). The user waited for the time specified in the Novell Dynamic Reconfiguration option. The query to a Novell secondary server (prior versions DNS servers 6.0) for the newly created resource records is unsuccessful.

Cause: The notify and transfer-format values are not set properly.

Solution: Ensure that the value for the notify option is set to Yes and the value for the transfer-format option is set to one-answer in the primary server (older versions of DNS servers support only the one-answer format of zone transfer).

The server does not listen to any incoming requests

Cause 1: The address list in the query filter option is not configured properly.

Solution 1: Ensure that this attribute is configured properly in the DNS server and the DNS zone (the value specified in the DNS zone overrides the value specified in the DNS server). If this attribute is not set with any value, the default behavior of the server is to allow queries from all hosts. Ensure that the address of the specific client (the client that has requested the server) is set explicitly so that the address falls in an address range as specified in this attribute, or that the attribute value is set to any.

Cause 2: A query from a client fails because the client is unrecognized.

Solution 2: Ensure that the address of this client is not listed in the Blacklist server attribute.

DNS server exits while loading

Cause: The DNS server is not registered with a valid IP address and port.

Solution: Make sure that the IP address and port combination allocated for the DNS server does not conflict with any other services running on the NetWare server.

DNS server exits in a clustered environment

Cause: ncssdk.nlm is not loaded on the NetWare server (this NLM™ provides all of the required APIs for cluster support).

Solution: Load the ncssdk.nlm by entering NCSSDK at the server console.

Error in creating, modifying, or deleting DNS-DHCP objects through the iManager utility for the first time (after exteNd Director 4.1 Standard Edition configuration)

Cause: The DNS-DHCP schema DNS-DHCP base objects (Locator, DNS-DHCP Group, RootServerZone Info) does not exist in eDirectory.

Solution: Extend the DNS-DHCP schema and create the base objects in eDirectory by entering DNIPINST at the server console.

Novell Border Manager error when performing any DNS/DHCP operation using the iManager utility

Cause: Memory-intensive operations such as deleting a large zone, deleting a large number (1000 or more) of zones at the same time, or deleting 1,0,00,000 or more resource records at the same time.

Solution: Wait for a period of time to let these long operations complete. Use the ndstrace utility to track these operations. If no changes occur, click the Refresh button on the browser.

Disordered pages in DNS/DHCP iManager utility

Cause: The display settings or resolution are not correct on the client's machine.

Solution: The typical screen resolution for running the DNS/DHCP iManager utility is 1024 x 768 or more.

DNS/DHCP java-based console does not come up

Cause: The display settings or resolution are not correct on the client's machine.

Solution: The minimum screen resolution for running the DNS/DHCP Java-based console is 600 x 800 with at least 256 colors.

Forward Zones configured using iManager are not listed

Cause: There is no support for Forward Zones in Java-Based Management.

Error Messages with error codes 35082, 35088, 35323 and 35087

Cause :The reason could be eDirectory errors. For instance, the Remote eDirectory could be down when the DNS server tries to get zone data.

Solution: No action is required. The DNS server automatically recovers after eDirectory access is restored.

Malformed Transaction messages on the server

Cause: This error is caused because of a heavy load during zone in. The error message is displayed on the designated secondary server.

Solution: This error message is informational and can be ignored. The server continues to function normally.

For example, error: malformed transaction: testzone.db.jnl last serial 20030412127 != transaction first serial 20030412192. This error message can be ignored.

6.1.5 Troubleshooting Windows 95 TCP/IP Problems

This section provides information about troubleshooting TCP/IP problems on Windows 95 clients. You should have a basic understanding of TCP/IP and how it is configured for Windows 95.

Using WINIPCFG

The WINIPCFG utility displays a client’s current TCP/IP configuration. To execute this utility, click Start > Run, type winipcfg, then click Enter.

If the client’s IP address was statically assigned and configured, the information that was entered under TCP/IP Protocols in the control panel’s Network settings is displayed.

If the client was configured to obtain an address by using DHCP, the information displayed was received from the DHCP server that assigned the IP address.

WINIPCFG provides the following information about the client:

  • Network adapter address

  • Assigned IP address

  • Subnet mask

  • Default gateway (default router)

  • Hostname

  • DNS Server

If the client has obtained an address from a DHCP server, click More Info to identify the DHCP server when the lease began, and when it expires. Four additional buttons provide the following functions:

  • Renew: Sends a DHCPREQUEST to the DHCP server, updates the lease, and updates any assigned values such as a default gateway or DNS server.

  • Release: Sends a DHCPRELEASE to the DHCP server, indicating that the client is giving up its IP address and that the server is free to assign that address to another client.

  • Renew All: Sends a DHCPREQUEST to all network interfaces to which the Windows 95 client is configured.

  • Release All: Sends a DHCPRELEASE to all network interfaces to which the Windows 95 client is configured.

If you want another IP address to be assigned to the client, select RELEASE, then select RENEW.

Using Ping

Ping is the most basic utility available to test, verify, and troubleshoot TCP/IP connectivity within a network. Ping sends an ICMP packet to a specific host with a small amount of data and expects that host to respond with the same data packet. If you receive a response, both TCP/IP and connectivity between the two hosts are operational. If you do not receive a response, one of the following conditions exists:

  • The host is not up.

  • A router between the connections is not up.

  • The client’s TCP/IP stack is not functioning.

To run Ping, go to the command prompt and enter the command followed by a hostname or IP address, such as the following:

C:\> ping www.novell.com >

If TCP/IP is operational and connectivity exists between the hosts, you receive the following type of response:

Pinging www.novell.com [137.65.2.5] with 32 bytes of data: Reply from 137.65.2.5: bytes=32 time=27ms TTL=59 Reply from 137.65.2.5: bytes=32 time=22ms TTL=59 Reply from 137.65.2.5: bytes=32 time=31ms TTL=59

If you are using the IP address of the host, you receive the same type of reply.

Using the host’s domain name is a good way to determine the host’s IP address, and doing so also causes the client to request DNS name resolution before sending the ICMP packet. This approach is an excellent way to determine if DNS name resolution is working. If it is not working, you receive a message such as the following:

Unable to resolve www.novell.com.

If DNS name resolution is not working, one of the following conditions might exist:

  • The DNS server or DNS domain name is not configured properly on the client.

  • If you are using DHCP, the DNS server and domain name are not properly configured on the DHCP server.

  • The DNS server to which you send DNS name resolution requests is not functioning.

The Ping command has the following syntax:

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host] | [-k host-list]] [-w timeout] destination list

The following table explains the use of the Ping options.

Table 6-1 Ping Options

Option

Meaning

-t

Ping the specified host until interrupted

-a

Resolve addresses to hostnames

-n count

Number of echo requests to send

-l size

Send buffer size

-f

Set the Don’t Fragment flag in the packet

-i TTL

Time-To-Live value

-v TOS

Type of service

-r count

Record route for count hops

-s count

Time stamp for count hops

-j host-list

Loose source route along host-list

-k host-list

Strict source route along host-list

-w timeout

Timeout in milliseconds to wait for each reply

NOTE:You can find unauthorized addresses in an exported DHCP configuration by searching for IP Address objects with an Assignment Type value of 32. Use the Find feature in a text editor to quickly identify addresses that have been marked as unauthorized.

Using Tracert

Tracert can be very useful when you are resolving network-wide TCP/IP problems. Tracert traces the route to a specific host and displays all hops that occur to search for the target host.

To run Tracert, go to a command prompt and enter the command followed by a hostname or IP address, such as the following:

C:\> tracert www.novell.com

The Tracert command has the following syntax:

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

The following table explains the use of the Tracert options.

Table 6-2 Tracert Options

Option

Meaning

-d

Do not resolve addresses to hostnames

-h maximum_hops

Maximum number of hops to search for target

-j host-list

Loose source route along host-list

-w timeout

Timeout in milliseconds to wait for each reply

Using ARP

Arp is an advanced utility that should be used only by those who have a detailed understanding of TCP/IP and who must troubleshoot complex problems. The Arp command enables you to display and modify the Arp cache of a client.

Following are three examples of use of the ARP command: 


Arp -s inet_addr eth_addr [if_addr]



Arp -d inet_addr [if_addr]



Arp -a [inet_addr] [-N if_addr]

The following table explains the use of the ARP options.

Table 6-3 ARP Options

Option

Meaning

-a

Displays current Arp entries by interrogating the current protocol data. If inet_addr is specified, the IP and physical addresses for the specified host are displayed.

-g

Displays current Arp entries by interrogating the current protocol data. If inet_addr is specified, the IP and physical addresses for the specified host are displayed.

inet_addr

Specifies an Internet address.

-N if_addr

Displays the Arp entries for the network interface specified by if_addr.

-d

Deletes the host specified by inet_addr.

-s

Adds the host and associates the internet address inet_addr with the physical address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent.

eth_addr

Specifies a physical address.

if_addr

If present, specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface is used.

Using Netstat

Netstat is an advanced utility that should be used only by those who have a detailed understanding of TCP/IP and who must troubleshoot very complex problems. Netstat displays protocol statistics and current TCP/IP network connections.

The Netstat command has the following syntax:

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

The following table explains the use of the Netstat options.

Table 6-4 Metstat Options

Option

Meaning

-a

Displays all connections and listening ports, but not those on the server.

-e

Displays Ethernet statistics. This might be combined with the –s option.

-n

Displays addresses and port numbers in numerical form.

-p proto

Shows connections for the protocol specified by proto (either TCP or UDP). If used with the –s option to display per protocol statistics, proto can be TCP, UDP, or IP.

-r

Displays the contents of the routing table.

-s

Displays per protocol statistics. By default, statistics are shown for TCP, UDP, and IP. The –p option can be used to specify a subset of the default.

interval

Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. If this option is omitted, Netstat prints the current configuration information once.

If you suspect that a LAN card is malfunctioning, use the -e option while troubleshooting. The -e option displays Ethernet statistics, including discards and errors.

The -a option provides a detailed display of the active TCP connections of the port number and network host communicating with that port. This information is useful when you are attempting to relate TCP port numbers of the various servers with which the client is communicating.

6.1.6 Using the -F Command Line Option for Dnipinst.nlm

The dnipinst.nlm program is a backup method of extending the schema and creating the DNS/DHCP Locator and Group objects and the RootSrvrInfo zone. Dnipinst.nlm can be used if problems occurred during the NetWare 6.5 installation process. Most administrators do not need to use this NLM program.

You can use the -F command line option in the dnipinst.nlm to re-create the DNS/DHCP configuration objects if the initial attempt to set up Novell DNS/DHCP Services fails during the configuration object creation stage.

When a failure occurs during the object creation phase, we recommend that you delete the DNS-DHCP (DNS/DHCP Locator), DNSDHCP-GROUP (DNS/DHCP Group), and the RootSrvrInfo objects (if they have been created), then use dnipinst.nlm with the -F flag. When the -F command line option is specified, an initial console message confirms the action and the eDirectory login window appears. After a successful login, the object eDirectory context query window is displayed. You can enter the data and create the objects. If a schema extension error occurs, execute dnipinst.nlm in the regular mode.

6.1.7 Server Access to DNS/DHCP Locator Object Not Required

The requirement that the DNS and DHCP servers always have access to the DNS/DHCP Locator object has been relaxed.

The first time the server loads, it requires access to the DNS/DHCP Locator object to obtain a copy of any global configuration from the object. The DHCP server saves a copy of the global configuration in sys:\etc\dhcp\dhcploc.tab.

In subsequent loads, the DHCP server tries to obtain the global configuration information from the DNS/DHCP Locator object. If the information is not available, the DHCP server reads the information from the last saved copy of sys:\etc\dhcp\dhcploc.tab. Each time the DHCP server loads and the DNS/DHCP Locator object is available, the DHCP server updates the dhcploc.tab file.

The DNS server also does not require access to the DNS/DHCP Locator object. It has been enhanced to require access to the DNS/DHCP Locator object only if the named command line arguments are specified to create zones in eDirectory. The DNS server no longer requires access to the RootSrvrInfo zone stored in eDirectory. The DNS server now first tries to find the RootSrvrInfo zone in eDirectory, but if it is not available, the DNS server uses the copy of the information found in sys:\etc\dns\rootsrvr.dat.