2

I have 2 pfSense routers setup. one is DHCP for 172.16.2.x and one is DHCP for 172.16.1.x.

PC0 is 172.16.1.245 and I can ping PC0 from the (PC1) on the 172.16.2.x subnet.
PC1 is 172.16.2.245 but but i cant ping PC1 from (PC0) on 172.16.1.x subnet.

It seems like it checks the 172.16.1.1 DNS server and doesn't see an entry for PC1.

How ever the other subnet that server will check in the 172.16.1.1 server for the entry for PC0.

How do I tell 172.16.1.1 to look for the name resolution of PC1?

Sorry if thsi question is horrible worded (I'm a developer taking a networking class...lol)

ctrlShiftBryan
  • 131
  • 3
  • Can you ping the machines using the ip addresses? – theotherreceive Jul 28 '09 at 02:28
  • yes i can ping all ip's without problems. it just cannot figureout the ip address from the device name – ctrlShiftBryan Jul 28 '09 at 02:30
  • i'm wondering why you have two dhcp servers for two different lans on a single physical network? If it's for redundancy, then you should probably have both dhcp servers sending ips for the same logical network. – resonator Jul 28 '09 at 03:40
  • i'm just rereading your question. Can you show the topology of the network. Is it something like this: pc0 -> router -> router -> pc1, with 3 physical networks? – resonator Jul 28 '09 at 03:42

3 Answers3

2

Some techniques to get more information.

Write down what you know about the network settings on each device, draw a diagram of how things connect. As you check things and run tests consider whether this information needs adding to or if any of it is wrong.

With two DHCP servers on one subnet how do you know that all the devices will get the settings you expect? For example, if the allocation is by MAC address, check the the DHCP server settings carefully and check that PC0 and PC1 consistently get the details you planned for.

To distinguish between a DNS and a routing problem, try pinging between PC0 and PC1 and between each of these and each of the DNS servers and routers by IP address using ping -n , or its equivalent in your OS. [ping -n tells ping not to look up the names of hosts when displaying its output, by using this and pinging to an IP address we can avoid the need for DNS in this test]. Some of the responses may not happen: this could be security features on the device or security constraints working correctly or a problem: write down what you tested and what the result was and then think about it.

Check the setup of PC0 and PC1 including which nameserver(s) should they use (these must be specified as IP addresses, not as names) and domain names (if the two subnets have different domain names then these need to be specified explicitly or be in the domain search list in the client DNS setup). Check that there are no settings in the hosts files on the PCs that could clash with names that should be resolved using DNS. Try pinging between devices by name: even if the ping fails it will report whether it could resolve the name to an IP address. Use dig or nslookup to query the two DNS servers to see whether they can both respond with resolutions for the names of PC0 and PC1. These queries should be done to both nameservers from devices on both subnets (for example dig @ will attempt to use to resolve ).

Check the routing tables of PC0, PC1, the two DNS servers and the two routers. See if all have routes to the 172.16.2.x and 172.16.1.x subnets. I assume, but you should check, that these are all /24 networks (subnet mask 255.255.255.0) but you need to check that all the devices have the same subnet mask setting and that this is reflected in the routing tables.

traceroute between PC0 and PC1 (both ways) will confirm that traffic is taking the route you would expect.

Somewhere in here I would personally be using a sniffer. You might not be able to interpret the output from that yet and, hopefully, some of these simpler checks and tests will be helpful.

This should all contribute to a clearer picture of what does work, what doesn't work, whether these states are stable (i.e. it either works or doesn't rather than works sometimes) and, probably, why.

mas
  • 639
  • 5
  • 9
1

Two DHCP servers on one network are a REALLY bad idea unless they are backups for each other (i.e. they have the same/similar config and answer the same requests in exactly the same way).

your basic choices to get something working are:

  1. set up two completely separate physical networks, with one DHCP server on each.

  2. set up two different VLANs on your network, with one DHCP server on each.

  3. disable one of the DHCP servers and configure the other to serve both 172.16.1 and 172.16.2 (you will need to allocate static IP addresses by MAC address or use VLANs or separate LANs if you want dynamic IP addresses, otherwise the DHCP server has no way of knowing which clients should get which IP addresses).

  4. similar to 3 above, but with both DHCP servers running with near-identical configs, acting as backup for each other.

and several variations of the above.

cas
  • 6,783
  • 32
  • 35
0

Is this Linux or Windows?

As you have ruled out firewalls by pinging via IP, the next step I would do is making sure that PC0 is actually registered in DNS?

It could be some sort of security setting on the DNS server stopping people from adding to it, or it maybe set to only respond to a certain IP range.

William Hilsum
  • 3,536
  • 6
  • 29
  • 39