Windows 2000 includes a caching DNS resolver service, which is enabled by default. For troubleshooting purposes, this service can be viewed, stopped, and started like any other Windows service. The caching resolver reduces DNS network traffic and speeds name resolution by providing a local cache for DNS queries. Name query responses are cached for the TTL specified in the response (not to exceed the value specified in the MaxCacheEntryTtlLimit parameter), and future queries are answered from the cache, when possible. One interesting feature of the DNS Resolver Cache Service is that it supports negative caching. For example, if a query is made to a DNS server for a given host name and the response is negative, succeeding queries for the same name are answered (negatively) from the cache for NegativeCacheTime seconds (the default is 300). Another example of negative caching is that if all DNS servers are queried and none are available, for NetFailureCacheTime seconds (the default is 30) all succeeding name queries fail instantly, instead of timing out. This feature can save time for services that query the DNS during the boot process, especially when the client is booted from the network.
The DNS Resolver Cache Service has a number of other adjustable registry parameters, which are documented in Appendix C.
Many network troubleshooting tools are available for Windows. Most are included in the product or the Windows 2000 Server Resource Kit. Microsoft Network Monitor is an excellent network-tracing tool. The full version is part of the Microsoft Systems Management Server product, and a more limited version is included in the Windows 2000 Server product.
When troubleshooting any problem, it is helpful to use a logical approach. Some questions to ask are:
-
What does work?
-
What does not work?
-
How are the things that do and do not work related?
-
Have the things that do not work ever worked on this computer/network?
-
If so, what has changed since it last worked?
Troubleshooting a problem from the bottom up is often a good way to isolate the problem quickly. The tools listed below are organized for this approach.
IPConfig Tool
IPConfig is a command-line utility that prints out the TCP/IP-related configuration of a host. When used with the /all switch, it produces a detailed configuration report for all interfaces, including any configured serial ports (RAS). Output can be redirected to a file and pasted into other documents:
C:\>ipconfig /all
Windows 2000 IP configuration:
Host Name . . . . . . . . . . . . : DAVEMAC2
Primary DNS Suffix . . . . . . . : mytest.microsoft.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : microsoft.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink III EISA (3C579-TP)
Physical Address. . . . . . . . . : 00-20-AF-1D-2B-91
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.57.8.190
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.57.9.254
Primary WINS Server . . . . . . . : 10.57.9.254
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AMD Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-80-5F-88-60-9A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 199.199.40.22
Autoconfiguration Enabled . . . . : Yes
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 199.199.40.1
DNS Servers . . . . . . . . . . . : 199.199.40.254
Primary WINS Server . . . . . . . : 199.199.40.254
Ping Tool
Ping is a tool that helps to verify IP-level reachability. The ping command can be used to send an ICMP echo request to a target name or IP address. First, ping the IP address of the target host to see if it responds because this is the simplest test. If that succeeds, try pinging the name. Ping uses Windows Sockets-style name resolution to resolve the name to an address; therefore, if pinging by address succeeds but pinging by name fails, the problem lies in name resolution, not network connectivity.
Type ping -? to see what command-line options are available. Ping allows you to specify the size of packets to use, how many to send, whether to record the route used, what TTL value to use, and whether to set the don’t fragment flag. See the PMTU discovery section of this document for details on using ping to manually determine the PMTU between two computers.
The following example illustrates how to send two pings, each 1450 bytes in size, to address 10.99.99.2:
C:\>ping -n 2 -l 1450 10.99.99.2
Pinging 10.99.99.2 with 1450 bytes of data:
Reply from 10.99.99.2: bytes=1450 time<10ms TTL=32
Reply from 10.99.99.2: bytes=1450 time<10ms TTL=32
Ping statistics for 10.99.99.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
By default, ping waits one second for each response to be returned before timing out. If the remote system being pinged is across a high-delay link, such as a satellite link, responses could take longer to be returned. The -w (wait) switch can be used to specify a longer time-out. Computers using IPSec may require several seconds to set up a security association before they respond to a ping.
10ms>10ms>
Share with your friends: |