Monday, December 23, 2013

Basic DNS Client Troubleshooting or How to Solve Name Resolution Problems

Sometimes, the network is up, all the link lights are on, pings by IP address work fine, but you still can't connect to a website. A likely culprit is name resolution.

The Name Resolution Process

Suppose you need to connect to www.soundtraining.net. Here's what happens when you type that URL into your browser:
  • Your computer has to find a way to associate www.soundtraining.net with an IP address. It's a lot like looking up a phone number in an old-fashioned phone book.
  • In the early days of the Internet, every host had a hosts file which held the hostname-to-IP address mapping for every host on the Internet. Although most systems today use DNS, all computers still contain a hosts file which usually takes precedence over other name resolution methods. On computers running modern Windows operating systems such as Windows 7 or 8, the hosts file is located in c:\windows\system32\drivers\etc.
  • Most computers maintain a local DNS cache containing the hostname-to-IP address mappings from previous lookups. A computer first checks its DNS cache to see if there's an entry for it from a previous connection attempt or from a static entry in the hosts file. (Computers running modern versions of the Windows operating system pre-load entries from hosts files into the DNS cache. Other operating systems may handle hosts file entries differently.)  On computers running the Windows operating system, you can view the contents of the DNS cache with the command ipconfig /displaydns. (Hint: You can filter the output using PowerShell's select-string capability. For example, the output of ipconfig /displaydns can get pretty lengthy. If you want to check for the existence of a particular text string, such as soundtraining.net, use the following syntax in PowerShell:
    ipconfig /displaydns | select-string -pattern "soundtraining.net".)
  • If the requested hostname doesn't exist in the DNS cache, the DNS resolver (the client) queries DNS servers in the order listed in the computer's configuration.
  • If the DNS server(s) is not reachable or can't resolve the hostname to an IP address, an error is returned.

Troubleshooting DNS and Name Resolution

Here are some steps to help you perform basic troubleshooting of name resolution issues.
  1. Confirm that name resolution is the issue by pinging the target host first by hostname, such as www.soundtraining.net, then by IP address. If the ping by hostname fails, but the ping by IP address is successful, the problem is most likely a name resolution issue.
  2. Determine the scope of the issue. If local name resolution works, but Internet name resolution doesn't, the problem is most likely with the service provider's DNS server. Try changing to the Google DNS servers (8.8.8.8 or 8.8.4.4) or OpenDNS servers (208.67.222.222 and 208.67.220.220) as a way of testing. If, on the other hand, Internet name resolution works, but local resolution doesn't the problem is most likely on the local DNS server.
  3. Check the TCP/IP settings on the local computer. If the problem exists on only a single computer, check its TCP/IP settings.
  4. Use the nslookup tool (it's included with most operating systems) to test connectivity with a DNS server. It's a powerful tool with many options, but it can also be used to perform a simple DNS query using the following syntax:
    nslookup soundtraining.net
    A simple query such as this will tell you whether name resolution is working at all and, if it is, which DNS server is being queried first. If nslookup returns an error stating that the server can't be reached, check for connectivity issues with the DNS server. If it returns an error stating that the domain or host doesn't exist, there's a problem with the DNS server configuration. If it returns what you believe to be a correct response, the problem may be an incorrect entry in the DNS cache or even an incorrectly configured hosts file.
  5. Check to see how widespread the problem is. If it's just users on a single subnet, it could be a misconfigured DHCP server providing incorrect IP settings.
  6. Check for malicious software. If the user is being directed to questionable websites, their computer may have been compromised with software that intercepts name resolution requests and redirects them to undesirable websites.
  7. Check the DNS cache with the command ipconfig /displaydns for incorrect entries or just do a precautionary clearing of the DNS cache with the command ipconfig /flushdns (administrator privileges are required to clear the DNS cache).
  8. Check for an incorrect entry in the hosts file. (This is not very likely, but it has happened to me when I made changes in the hosts file for testing purposes and forgot to change it back.)
  9. Try a reboot. As with most things digital, sometimes the problem can't be identified, but it can be solved with a reboot. This is especially true if you're using consumer grade routers that act as DNS forwarders, which is most of them. Just power-cycle the router or DNS server to see if the problem goes away.

DNS Troubleshooting Tools

The following tools and websites may also be helpful in name resolution troubleshooting.
BIND is the most commonly used DNS server. A download of BIND includes the dig utility which provides similar functionality to nslookup. You can download BIND from http://www.isc.org/downloads/.

For More Resources for I.T. Pros

You'll find books on Cisco and Linux technologies at my bookstore at soundtraining.net/bookstore. Also, check out my video channel at soundtraining.net/videos.

Please Leave a Comment

If you find this tutorial helpful or if you notice something that needs to be corrected, please leave a comment.
Posted by at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)