Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: DNS Entry Cached

DNS Entry Cached 10 years 1 month ago #15970

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
I have a problem with a VPN Client program where address I enter seems to get cached. Using a Windows XP program.

I enter something like:

ping www.fts.com

and get an address of something like:

67.100.12.15.

I then fire up my VPN program which will make my machine look like it is on the local network. At that point, if I type in the same ping statment, I should get something like:

10.0.0.15.

But instead I still get 67.100.12.15.

This only happens when I do the ping before starting my VPN program.

If I reboot the machine, then everything is OK. I assume that www.fts.com with the IP address is cached somewhere.

If this is the case, where would it be and how do I see it and delete it?
Thanks,

Tom
The administrator has disabled public write access.

Re: DNS Entry Cached 10 years 1 month ago #15972

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
tfs:

Isn't it cached on the Local Machine's DNS Resolver Cache?
ipconfig /displaydns would show you the entries in the Resolver Cache.
ipconfig /flushdns usually clears the entries in the Resolver Cache on the Local Machine.

Pardon me, if my post doesn't answer your question.

Thanks
FallenZer0
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: DNS Entry Cached 10 years 1 month ago #15983

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
In addition to Fallenzero's advice, you can turn off that fucntionality.

Disable the 'DNS Client' service and your system will always query your nameservers, instead of checking the cache first.

As an added bonus, you should see improved network performance.
The administrator has disabled public write access.

Re: DNS Entry Cached 10 years 1 month ago #15998

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
That was the problem.

I also found out when researching the problem that if a DNS has 2 entries for the same server (in my case, mars.fts.com had both 10.0.1.4 and 10.0.2.4) and you had the DNS Client Service off, the DNS would hand out the address in a round robin fashion (10.0.1.4 first then 10.0.2.4 then 10.0.1.4 ...).

This was driving me crazy. I was testing this with 4 machines at home and 3 machines would always get the same address (either 10.0.1.4 or 10.0.2.4). The 4th machine would do the round robin bit.

I finally figure out what was happening.

The 3 machines that always had the same address were XP or W2K Pro machines and the DNS Client was on. When I did a ipconfig /displaydns, I would get the following:

C:\Documents and Settings\ts>ipconfig /displaydns

Windows IP Configuration

1.0.0.127.in-addr.arpa
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 351708
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


mars.fts.com
Record Name . . . . . : mars.fts.com
Record Type . . . . . : 1
Time To Live . . . . : 1195
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 10.0.1.4


Record Name . . . . . : mars.fts.com
Record Type . . . . . : 1
Time To Live . . . . : 1195
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 10.0.2.4

As you can see you can see both addresses. If a machine was getting mars.fts.com resolved to 10.0.2.4, the order would be reversed. It apparently always uses the first in the list.

Once you have this in the cache, you would always get the same IP (the first one).

But if you have the DNS Cache off, it will always go to the DNS to get it. And each time the order would reverse.

The reason I only had one machine doing this is that that machine happended to be a W2K Server. I assume the Server has this turned off by default as there really would be no reason to have it on. If I turned it on, it behaved like the workstations did.

I am just curious about the DNS reversing the order of the IPs each time it gets sent out. Is this a normal behavior?
Thanks,

Tom
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup