Yet another post about this nslookup works but ping does not. I’ve read a handful of forum posts but could not find anything relevant to my setup and problem, of resolving external domain names on an internal only network.
My Lab:
- VMWare Workstation 11
Windows 2012 R2 Datacenter Edition servers
- DC1.ad.example.com - AD and DNS, INT NIC
- DC2.ad.example.com - AD and DNS, INT NIC
- DNS1.ad.axample.com - DNS only, not a member of AD. INT, EXT NICs.
The network is internal only for AD members. Server DNS1 is not a member of AD and contains two NICs, one internal to the AD network and the other external to the internet. DNS1 only serves as a DNS caching server, for the purpose of allowing the internal network (AD) computers to be able to resolve external IP’s. Purpose of the lab relating to this question is to learn best practices in AD deployment which includes network design, and DNS.
DNS configuration:
DC1 and DC2 both have a forwarder setup to DNS1. Queries outside of AD go there and get cached upon request from internal network computers. Nslookup confirms that using these two name servers, DC1 and DC2, we can resolve external domain names (I can see them being cached on DNS1 after requests from DC1/2).
Problem:
However, when I ping, it fails without showing the IP. Why is that? I would expect at least an IP printed and failure to reach host or some similar error. The domain name is visible in the local cache on DC1/2, but ping won’t resolve or show it.
I ended up adding an external NIC to DC2 and was able to ping no problem. Which also led me to wonder [why I’m actually trying to accomplish this external name resolution.] I would expect that there would be a "no route", or some other error from ping, but I also would expect it to resolve (or show the resolved IP) and then choke trying to find the host. However, it just fails. Can anyone explain why? Does ping just give up if it can't reach the network?
Below is a series of commands demonstrating all of this:
PS C:\Users\Administrator> ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. PS C:\Users\Administrator> ipconfig /displaydns Windows IP Configuration dc1.ad.polishpaul.net ---------------------------------------- Record Name . . . . . : dc1.ad.polishpaul.net Record Type . . . . . : 1 Time To Live . . . . : 1197 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.168.55.11 PS C:\Users\Administrator> ping google.com Ping request could not find host google.com. Please check the name and try again. PS C:\Users\Administrator> ipconfig /displaydns Windows IP Configuration dc1.ad.polishpaul.net ---------------------------------------- Record Name . . . . . : dc1.ad.polishpaul.net Record Type . . . . . : 1 Time To Live . . . . : 1186 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.168.55.11 google.com ---------------------------------------- Record Name . . . . . : google.com Record Type . . . . . : 1 Time To Live . . . . : 293 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 216.58.217.142 PS C:\Users\Administrator> nslookup Default Server: dc1.ad.polishpaul.net Address: 192.168.55.11 > google.com Server: dc1.ad.polishpaul.net Address: 192.168.55.11 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:4006:806::1005 216.58.217.142 PS C:\Users\Administrator> PS C:\Users\Administrator> # external NIC now added PS C:\Users\Administrator> ping google.com Pinging google.com [74.125.226.14] with 32 bytes of data: Reply from 74.125.226.14: bytes=32 time=11ms TTL=128
Thanks, Paul
Purpose of the lab relating to this question is to learn best practices in AD deployment which includes network design, and DNS- Nobody does this the way you're trying to do it, so you're definitely not followingbest practicein your design.