Previous Table of Contents Next Here I Ping Again You'll start off your Internet connection adventure by doing the same kinds of things ______________________________________________________________ This router or firewall is called the choke point because it's the point at which all traffic could get choked off if it malfunctions. ______________________________________________________________ you'd normally do internally. The easy part of Internet troubleshooting is that because you more than likely only have one router or firewall, it's pretty easy to point the finger at what's down if you cannot get to the Internet at all. If you cannot ping an address right outside your firewall, router, or proxy server, you have a pretty good idea that your choke point is down. Remember to ping by IP address rather than DNS name-you always want to make sure that IP connections work before dragging name resolution into the picture. (If IP connections aren't working, you can bet your bottom dollar that DNS resolution isn't working either.) How do you know what address to ping? Good question! You can ask your provider for the "far side" address of its router. (No, that's not a router with snakes, cows, chickens, ______________________________________________________________ You can also use traceroute to trace your path to your favorite WWW address while everything is working and then write down the second hop that traceroute reports. This is probably the "far side" address of your ISP's router. ______________________________________________________________ and a bizarre sense of humor. It's the router interface farthest from you-the end that isn't connected to your system.) You could also simply keep the IP addresses of several reliable Internet hosts handy. Usually, a ping will resolve a DNS name to an IP address, so just ping a couple of your favorite WWW addresses and write them down. My preference tends to be to ping my ISP first and then ping an outside address. If your ISP link is up but you can't get to anything else, your link to your ISP could be fine but the ISP's link to the outside world may be having problems. Although your ISP probably already knows that it's having problems with its link to the outside world, it couldn't hurt to call and report this. DNS Problems Suppose your IP connectivity is okay. However, although you can ping by IP addresses all day, the second you bring a domain name into the picture, your browser barfs. No problem! Let's take a look at the types of DNS problems you're likely to see: o Inside-to-outside problems-You can't see others' DNS names. o Outside-to-inside problems-Others can't see your DNS names. For either type of problem, the tool of choice is nslookup. The nslookup tool allows you to connect to a given DNS server and find out what that DNS server thinks about things. ______________________________________________________________ Using Windows 95 or 98? Bummer! Although Microsoft has an exact UNIX-like version of nslookup for NT, for some reason, it doesn't supply this program with Windows 95/98. Fret not. You can find reasonable equivalents by searching your local shareware site (www.shareware.com, www.tucows.com, and so on) for "nslookup." I can't find the exact equivalent out there, but several programs offer nslookup-like functionality, including these: o dns11.zip o nsb32-5.zip o lookup.zip o setuptk.exe ______________________________________________________________ In other words, when you ping, you're forced to use the DNS server configured into your TCP/IP stack, but nslookup allows you to bypass this and choose which server to talk to. You can specify servers by IP address (when name resolution isn't working at all) or by name (when you're trying to track down a strange problem) and tell nslookup what type of information to give back to you. The DNS Hierarchy To be able to use the nslookup tool effectively, you'll need to know the basics of the DNS hierarchy. Like your hard drive, the DNS has so many individual records that it's separated into many different levels (folders on your hard drive; zones in the DNS world). Take a look at Figure 19.6. It's drawn as a tree, and you read it from the top down (dots separate the zones). Not too bad, right? That's the way the entire DNS is organized. [19-06t.jpg] Figure 19.6 DNS zones, like the folders on your hard drive, are arranged in a tree structure. Now let's consider how this is implemented in real life. Each zone is usually handled by one primary server and several secondary servers. How does everybody know which server is responsible for which zone? Each zone also has a special record called the SOA, which stands for start of authority. Each zone's SOA record details which servers are responsible for that zone, and, among other administrative records, contain contact information for the party responsible for that zone. Although secondary servers get their information from the primary server for the zone, they otherwise act exactly like a primary server for the zone. Furthermore, the secondary servers may live at any IP address-they do not have to be geographically or physically close to the primary server. The zone is a "logical" concept and has no physical restraints. Finally, because DNS is hierarchical, if the DNS server that you use does not know the answer for a DNS query, it must kick the query "up the tree" to the zone server above it to see if it can get an answer. If it does get an answer, it stores the answer in its cache. That way, if it gets asked for the same hostname again, it can give an answer back to the DNS client without having to query the zone above it. With this information in mind, let's look at a real-world inside-to-outside DNS problem. Previous Table of Contents Next