You are here: Blog Ping Results are Different Than NSLOOKUP

Ping Results are Different Than NSLOOKUP

We are on a large network with multiple subnets.

Our client device it called: COMPUTER-26

If you ping COMPUTER-26, you get:

If you NSLOOKUP COMPUTER-26, you get:

What gives?


Well it all starts with the dns-record. The client computer owns the dns-record, not the dns server. That is kinda strange in my thinking but so be it.

Since the client computer owns the record, the client computer need to register the dns record with the dns server. This should happen automatically in the dhcp but if you need to register the dns-record manually, you can do the following on the client-computer:

ipconfig /registerdns


Great. Now when you NSLOOKUP a record from a second computer, it should return the correct result as per the client-computer.

nslookup computer-26


When you PING a device, it goes through several steps to find the device. The steps are as follows:

  1. checks if the host name is the same as the local host name.
  2. searches the DNS client resolver cache.
  3. sends DNS Name Query Request messages to its configured DNS servers.
  4. converts the host name to a NetBIOS name and checks its local NetBIOS name cache.
  5. contacts WINS servers.
  6. broadcasts NetBIOS Name Query Request messages on the directly attached subnet.
  7. searches the local Lmhosts file.

So if it finds the name in the local cache file, it doesn't go any further. This is why the results are different.

If you need to manually update the cache, you can:

ipconfig /flushdns

Now do an NSLOOKUP to get the newest results from DNS.

nslookup computer-26

Now when you PING, the correct result will show:

ping computer-26


This usually happens when the DNS records are changing on the DHCP server. The new record the client computer has might not register in the DNS server. Or if they do register, there are 2 records in the DNS server from the same computer.

This happens when the records are not being scavenged correctly. The scavenge time is longer then the DHCP lease time.

Here is a linear scenario:

  • -the lease time is 1-day in DHCP.
  • -the scavenge time is set for 4-days in DNS.
  • -on the second day, the record is renewed with another address.
  • -that new record is registered in the DNS server.
  • -now the DNS server has 2 records with the same name.
  • -the first record is not scavenged because the time to do so is still 3 days away.
  • -when pinging the system by name, the first record returns the incorrect address.
  • -this happens because the first record has not gone stale.


Follow the DNS scavenging settings here: http://www.daknetworks.com/blog/433-dns-scavenging

Contact Dak Networks

Please contact us at the following.