System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

HP UX system sending ARP request to a failed windows domain controller

Deep Spring
Occasional Visitor

HP UX system sending ARP request to a failed windows domain controller

Hello!
We recently had a windows domain controller failure which was also our primary dns server for local network. The roles of that domain controller were transferred to a new windows server and the new windows server was set as a primary DNS server. We made sure that all the metadata plus DNS records (including WINS) of the failed domain controller was removed.
The problem is our HP UX system still queries the failed server to resolve DNS. This has caused the telnet session to become rather sluggish because of which an application that relied on it had terrible response time during log in.
The resolv.conf was updated with new dns servers addresses along with few other tips on reducing the recursive query time (from one of the threads in the forum). That didn't help. Engineer from HP came up with a workaround to help reduce the recursive query response time. BUT, we still see dns arp requests being sent over the network by ux client to the windows domain controller that no longer exists.
Any ideas on where the info of this failed server is stored in HP UX?
Thanks!
13 REPLIES
Johnson Punniyalingam
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

can you try "restarting" the network services ?

#/sbin/init.d/net stop
#/sbin/init.d/net start

# inetd -c

if you have downtime for the HPUX server, you use lanadmin command to reset your interface inroder to clear info of failed server stored on the "Network Layers" for HPUX Server Lan Card

or -> simple may be not recommend choice, you take reboot of the server, which narrow down problem

does your "DNS" Windows server , passing through "Fire Wall" ? if yes it would also check with "Network Team"
Problems are common to all, but attitude makes the difference
TTr
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Check and clear the ARP entry for the old Windows server.

arp -a (display all ARP entries)
Check and compare the IP address with the MAC address to see if the old server is still there.
arp -d 123.456.789.10 (delete old server entry)
Deep Spring
Occasional Visitor

Re: HP UX system sending ARP request to a failed windows domain controller

We have not rebooted the server because we could not afford a downtime then. There is no firewall between the UX device and windows DNS server.
One of the things that the support noticed was delay in time from extended inetd logging when getremotenames routine was called.

IPv6 has also been disabled.

arp -a does not show the entry of the failed domain controller.

Our packet sniffer still shows arp request being sent to the failed windows machine.

TTr
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

> Our packet sniffer still shows arp request being sent to the failed windows machine.

I assume you verified that they are coming from the HP server? Can you tell from the packet what the originating port is? If so can you trace taht port to a process on the HP-UX server? If you have tcpdump and lsof installed on the HP-UX server it will help a lot with the troubleshooting.

Is the HP-UX server running named alone or as a secondary DNS server? Or any other network services such as samba (CIFS), bootp, bootpd etc?
rick jones
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Last I was looking at it, HP-UX name resolution libraries looked at /etc/resolv.conf once and then cached the result. So, long-lived processes will not see a change to /etc/resolv.conf.

One has to restart those processes to get them to see the new server entries in /etc/resolv.conf.
there is no rest for the wicked yet the virtuous have no pillows
Michael Steele_2
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Hi

Can't reboot? Well I think you'll have to. I'm guessing that you old DNS server's hostname and ip address are still in the kernel's memory.

Check your arp -a table. See the old ip?

Another question, often time admins use a DNS server as an application server besides. Is this the case here? Was your old DNS dedicated or sharing a box?
Support Fatherhood - Stop Family Law
Michael Steele_2
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Hi Again:

Do you have a central server that pings every node on the network? Could the ip be there?
Support Fatherhood - Stop Family Law
rick jones
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

The HP-UX kernel doesn't cache anything relating to DNS. All one needs to do is restart any remaing process which launched before the change to the /etc/resolv.conf file. Of course, depending on the process one has to restart that might be no better than rebooting.
there is no rest for the wicked yet the virtuous have no pillows
Michael Steele_2
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

So, what is requesting an ip address?

Question: Do are requests get generated any other way besides an nslookup?

Cache's time out. Unless manually entered they will time out.

A) Got any static arp caches?
b) Switches and default routers are the responders to arp requests.
Support Fatherhood - Stop Family Law
rick jones
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Anything trying to send to a given IP address has the potential to cause ARP requests to be emitted to map that IP address to a MAC address. At least for an IP address that is in the same subnet(s) as "this" machine.

What could be trying to send to a given IP address? Just about any process on this machine. It could also be from the stack - say if this system wanted to send an ICMP message back to that given IP.

In this case though, based on what the author has said, it sounds like the IP address in question is no longer active, so inbound traffic from that IP address is unlikely, so it is unlikely that this system is trying to send an ICMP to the given IP address.

If one wants to see what sort of traffic a process is attempting to send to this inactive IP address, I would suggest using the arp command to stick a static mapping for that IP address to a "bogus" MAC address. That will allow the traffic to leave the system, which means one can sniff it with say tcpdump running on the system.

Presumably, if someone knew enough about nettl, one could trace at the IP level to get the traffic to that destination IP. I've never really learned how to use nettl/netfmt.

So, something like:

arp -s 01:02:03:04:05

and then:

tcpdump -i host

In that way one can see traffic and see if it is say UDP traffic to port 53 (eg DNS) or something else.
there is no rest for the wicked yet the virtuous have no pillows
Horia Chirculescu
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Hello,

You should reboot also the HP-UX system. While this system is down, re-check for ARP requests originated from the same IP address that your HP-UX system have.

Maybe there is some kind of attack (started let's say by some clever viruses) against your DNS server.

Check first your Win* stations/servers that you might have on the same network.

Best regards
Horia.
Best regards from Romania,
Horia.
Deep Spring
Occasional Visitor

Re: HP UX system sending ARP request to a failed windows domain controller

When HP support looked into the case, they did restart a whole bunch of processes. I believe when the support tried and tested everything up their sleeves, they decided to open up a second telnet service. That has been working for us.

In the meantime, I have used nettl to generate a network trace on the hp ux system and also wireshark on the windows to capture the packets simultaneously. HP support is researching the case based on the captures.

I will surely update you guys if they find anything on this.

Thank you all for your responses!
Johnson Punniyalingam
Honored Contributor

Re: HP UX system sending ARP request to a failed windows domain controller

Hope Its "ARP" Settings , anyway let wait
Problems are common to all, but attitude makes the difference