Under what conditions with NSLOOKUP and PING return different IP addresses on windows XP?

Question

Inside our firewall at work, my machine frequently resolves to the wrong IP for some of our domains. We have a DNS server that is our primary DNS to resolve external domains to internal IP addresses (192.X.X.X instead of the public IP).

Sometimes I will get resolved to the public IP, which won't route correctly through our firewall. When this happens, I run:

ipconfig /flushdns
nslookup code.mydomain.com  - I get the right DNS server and the right internal IP
ping code.mydomain.com - I get the wrong external IP address.

Firefox also resolves to the wrong IP when this is happening. This will happen intermittently throughout the day.

Answer 1

nslookup uses only DNS, while ping will first look in hosts file.

Example:

nslookup localhost
Server:         208.67.220.220
Address:        208.67.220.220#53

Non-authoritative answer:
Name:   localhost.local.lan
Address: 67.215.65.132

67.215.65.132 means non-existent domain OpenDNS (hit-nxdomain.opendns.com)

ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
...

Answer 2

Run a copy of wireshark on your machine and trace the DNS queries that are leaving your system and see what's different between them.

Bear in mind that nslookup by definition only queries the DNS. Other applications will use alternative lookup mechanisms (e.g. the hosts file).

Answer 3

From your ipconfig example, I am assuming you using Windows.

nslookup is DNS only.

hosts will use the normal resolution process on your system. This could include (but is not limited to: hosts, Windows naming, and DNS).

How are you getting the IP address that Firefox uses? If it appears in the URL, you should ignore that, many things could be happening at that level.