FreeNAS 11.1-U6; ping <domain> from ssh connection pings obsolete IP address
I installed FreeNAS 11.0-U4 a few weeks ago, and today I upgraded to 11.1-U6. I would like to integrate the FreeNAS server with our Active Directory domain which is called "corp.kns.com".
On the day when I did the initial installation, the NS records on our Domain Controllers included one obsolete record, which used IP address 10.41.31.4. A week ago, our Windows Admin removed the invalid NS record from our domain controllers. Now, if I issue the command "ping corp.kns.com" from any server other than our FreeNAS server, one of the current and valid / live Domain Controllers gets pinged.
However, if I open an SSH connection to our FreeNAS server and run command "ping corp.kns.com", it tries to ping the IP address 10.41.31.4. This result persisted after today's upgrade and reboots. So it seems as though the old and invalid IP address is cached somewhere.
In case it is relevant, here is our the /etc/resolv.conf file on our FreeNAS server. 10.40.10.3 and 10.40.10.4 are indeed the current local Domain Controllers:
# Generated by resolvconf search corp.kns.com nameserver 10.40.10.3 nameserver 10.40.10.4
Is there a way for me to purge the apparently cached invalid IP address for our domain?
- Status changed from Unscreened to Blocked
- Reason for Blocked set to Need additional information from Author
FreeNAS does not cache any NS request permanently. This seems unlikely.
What is the output of the following:
dig @10.40.10.3 corp.kns.com
Hello William -Your questions led me down a long and winding road. To summarize:
- If I issue command "dig @<domaincontoller> -t NS corp.kns.com" to any of our domain controllers, the result is a list of current and valid comain controllers.
- But if I issue command "dig @<domaincontroller> corp.kns.com" to any of our domain controllers, the answer includes the address record "corp.kns.com. 600 IN A 10.41.31.4" which refers to the decommissioned domain controller.
I'm a mostly Unix admin, so my conclusion or jargon may be a bit off, but it seems that our Windows Admin may have demoted the old Domain Controller in a way that left residual data. When I search the registry of some of our Domain Controllers, I find entries that include "FTWDC2.corp.kns.com" (which at one time had IP address 10.41.31.4).
I will take up this issue with our Windows Admin. Thanks very much for your response, and I think you can close this out as "not really a bug".