We’ve been chasing an issue lately and learned a few things, so we thought we’d document them for posterity.

 

When you use the Windows ping command line utility, you give it an IP address or host name, it resolves the host name if needed, pings the address, and gives you the results. Simple, right?

 

There are also a few options, one of which is -4, which tells ping to use resolve a host name to an IPv4 address if possible.  In the example below, a ‘bare’ ping comes up with an IPv6 address, and ping -4 gives us an IPv4 address.  Nice!

 

 

But that’s not the entire story.  It turns out one other difference between ping and ping -4 is the -4 version will use the local Windows DNS cache.  This is the cache you flush when you run ipconfig /flushdns

 

It turns out you can look at what is inside that cache with ipconfig /displaydns

 

 

This cache is where trouble can lurk.  Sometimes this cache will record a DNS lookup error, so it’s possible the cache will say a host can’t be found for a while (the Time To Live entry determines how long).  This means ping myhost might work fine, while ping -4 myhost will indicate the host can’t be found.

 

The Ping Monitor in PA Server Monitor uses the Windows API WSAStringToAddress to resolve addresses, which works like ping -4, meaning it uses the internal Windows DNS cache.  So if you want to test that a name resolves with DNS, it is best to use the DNS Monitor instead of the Ping monitor.

 

Doug N

More about me on Google+

Share →

Leave a Reply

Your email address will not be published.

(ec2)