Monday, January 21, 2013

Ping fails, NSLookup works fine - Windows Quirk

Hey all!

So I've been fighting tooth and nail with a problem on my network with DNS. The problem is this: users couldn't access some things by domain name. Sometimes. Not all the time.

When I'd use NSLookup on their machines, everything would resolve fine. And then ping would work -- probably due to the name being added to the cached network names on the computer.

The problem only affected Windows -- my Mac machines were able to resolve all things fine.

The DNS servers on these affected machines (handed out via DHCP) were as follows:
Primary DNS:
Secondary DNS:

We added the public DNS as the secondary DNS in the event that our company's DNS servers were ever down -- the machines could still connect to the internet, even if internal queries wouldn't be answered.

And that's where the problem lies. The Windows implementation of ping uses a round-robin selection method of DNS server (random), whereas NSLookup uses the ordered lookup method (ordered - 1, then 2).

When requests were randomly using the public DNS server, they had no idea what was, and failed the pings.

So in the future -- make sure you have all valid internal DNS servers on your company machines - Windows' non-standard implementation of "Ping" will cause you great pain and intermittent DNS failures.


Thursday, January 3, 2013

Physical Access is Data Access

I have a good friend that is focused on data security within networks, and he is constantly telling me: "Physical access is data access."

And I never believed it. We have encryption, firewalls, many of our servers are virtualized, etc. - I thought we were reasonably secure.

But today I got the opportunity to eat my own words -- I got the opportunity to break into a fully patched Windows 2008R2 server which was acting as a primary domain controller, ftp server, file-server, etc. for a small, very private network segment.

The scenario is this: I inherited a server set up for some very secure data. The local administrator password was lost, but it never mattered much -- until someone really needed some private data off of it.

In the course of 45 minutes -- 15 minutes of research and 30 minutes of hacking (if you could even call it that), I was able to gain complete administrative access to this (very private) windows server.

I followed instructions here:

Check it out for yourself -- but I would certainly recommend using a non-production machine, unlike this SysAdmin.