1 00:00:00,180 --> 00:00:01,650 In this video, we're going to discuss 2 00:00:01,650 --> 00:00:04,500 how to troubleshoot DNS and NTP issues. 3 00:00:04,500 --> 00:00:06,810 First, let's focus on DNS. 4 00:00:06,810 --> 00:00:09,420 Remember, DNS is used to match the domain names 5 00:00:09,420 --> 00:00:10,980 with the corresponding IP addresses 6 00:00:10,980 --> 00:00:12,390 that are used by a server. 7 00:00:12,390 --> 00:00:14,490 This allows us to use memorable domain names 8 00:00:14,490 --> 00:00:16,350 while our computers can access the information 9 00:00:16,350 --> 00:00:18,000 using those IP addresses. 10 00:00:18,000 --> 00:00:19,500 If your network clients are unable 11 00:00:19,500 --> 00:00:21,870 to resolve their domain names to IP addresses, 12 00:00:21,870 --> 00:00:24,240 such as figuring out that diontraining.com is supposed 13 00:00:24,240 --> 00:00:28,620 to point to 45.79.184.180 for example, 14 00:00:28,620 --> 00:00:31,320 then you most likely have a DNS issue. 15 00:00:31,320 --> 00:00:33,870 So first, you need to determine if the issue is occurring 16 00:00:33,870 --> 00:00:35,220 on a single network client, 17 00:00:35,220 --> 00:00:39,360 or is it a larger wide-scale DNS issue on your network. 18 00:00:39,360 --> 00:00:41,040 If it's only affecting one client, 19 00:00:41,040 --> 00:00:42,480 then it's most likely going to be an issue 20 00:00:42,480 --> 00:00:44,970 with that client's TCP/IP settings. 21 00:00:44,970 --> 00:00:48,060 By running the IP, ifconfig or IP commands, 22 00:00:48,060 --> 00:00:51,540 you can determine the IP address of the assigned DNS server. 23 00:00:51,540 --> 00:00:54,150 Once you have that IP, you should verify connectivity 24 00:00:54,150 --> 00:00:56,340 between your client and that DNS server. 25 00:00:56,340 --> 00:00:58,260 If there's no connectivity between them, 26 00:00:58,260 --> 00:00:59,610 then you need to troubleshoot the connection 27 00:00:59,610 --> 00:01:02,940 at layer one, layer two, or layer three of the OSI model 28 00:01:02,940 --> 00:01:04,530 to fix this DNS issue, 29 00:01:04,530 --> 00:01:07,380 because your client simply can't reach the DNS server. 30 00:01:07,380 --> 00:01:09,480 If your client can reach the DNS server, 31 00:01:09,480 --> 00:01:11,670 but there's still a DNS issue, then you need 32 00:01:11,670 --> 00:01:13,890 to either flush the DNS cache on the client 33 00:01:13,890 --> 00:01:16,230 or change the configuration to allow the client 34 00:01:16,230 --> 00:01:17,730 to use a different DNS server, 35 00:01:17,730 --> 00:01:19,890 something like Google's DNS servers located 36 00:01:19,890 --> 00:01:23,310 at 8.8.8.8 and 8.8.4.4. 37 00:01:23,310 --> 00:01:25,140 On the other hand, if a client doesn't seem 38 00:01:25,140 --> 00:01:27,120 to be having an issue with their configuration, 39 00:01:27,120 --> 00:01:30,480 it may be your DNS server itself is not properly responding. 40 00:01:30,480 --> 00:01:33,390 In this case, you're going to troubleshoot your DNS server. 41 00:01:33,390 --> 00:01:35,490 Now, this is usually going to be an issue specifically 42 00:01:35,490 --> 00:01:37,320 for people who run their own websites 43 00:01:37,320 --> 00:01:39,450 and control their own DNS records. 44 00:01:39,450 --> 00:01:42,180 In these cases, you need to verify that your A records 45 00:01:42,180 --> 00:01:44,760 and your CNAME records were properly created. 46 00:01:44,760 --> 00:01:45,900 With an A record, 47 00:01:45,900 --> 00:01:48,390 you need to ensure the domain name is typed in properly 48 00:01:48,390 --> 00:01:50,880 and the IP address has been entered correctly. 49 00:01:50,880 --> 00:01:53,550 A simple typo in either of these two parts of the A record 50 00:01:53,550 --> 00:01:56,250 will cause users to not be able to locate your servers, 51 00:01:56,250 --> 00:01:57,660 and they won't be able to access them 52 00:01:57,660 --> 00:01:59,220 using your domain name. 53 00:01:59,220 --> 00:02:02,250 For your CNAME or canonical name records, you need to ensure 54 00:02:02,250 --> 00:02:04,980 that the domain name used as the source and destination 55 00:02:04,980 --> 00:02:06,540 are both spelled properly. 56 00:02:06,540 --> 00:02:09,389 Otherwise, you can be redirecting users to the wrong server 57 00:02:09,389 --> 00:02:11,640 or to someplace that doesn't exist. 58 00:02:11,640 --> 00:02:13,800 To verify your A name and CNAME records, 59 00:02:13,800 --> 00:02:16,020 you can use the nslookup command. 60 00:02:16,020 --> 00:02:18,960 Another common issue with DNS records is the time to live 61 00:02:18,960 --> 00:02:21,570 or TTL might be set incorrectly. 62 00:02:21,570 --> 00:02:23,400 If the time to live is set too high, 63 00:02:23,400 --> 00:02:25,530 the old DNS records will remain cached 64 00:02:25,530 --> 00:02:27,390 until the time to live expires. 65 00:02:27,390 --> 00:02:31,260 So if you have a time to live of 86,400 seconds, 66 00:02:31,260 --> 00:02:33,510 your DNS server records won't expire 67 00:02:33,510 --> 00:02:35,310 or be refreshed by a DNS cache 68 00:02:35,310 --> 00:02:37,560 until at least one day has elapsed. 69 00:02:37,560 --> 00:02:39,690 In general, I like to keep my time to live 70 00:02:39,690 --> 00:02:42,420 on my DNS server records at a pretty short interval, 71 00:02:42,420 --> 00:02:45,780 something like 300 seconds, which is about five minutes. 72 00:02:45,780 --> 00:02:47,430 This avoids any caching issues 73 00:02:47,430 --> 00:02:48,660 if I'm making frequent changes 74 00:02:48,660 --> 00:02:50,640 to my networks or my websites. 75 00:02:50,640 --> 00:02:52,950 Now, another issue with DNS that occurs is one 76 00:02:52,950 --> 00:02:54,270 of high latency. 77 00:02:54,270 --> 00:02:57,180 If your DNS records are hosted far away from your users, 78 00:02:57,180 --> 00:02:59,220 that's going to take more time and more delay 79 00:02:59,220 --> 00:03:00,660 for them to access those records 80 00:03:00,660 --> 00:03:02,760 when they're looking up a particular domain. 81 00:03:02,760 --> 00:03:04,890 This is known as DNS latency. 82 00:03:04,890 --> 00:03:06,300 To reduce DNS latency 83 00:03:06,300 --> 00:03:08,730 and improve the overall network performance for your users, 84 00:03:08,730 --> 00:03:10,110 you should use DNS servers 85 00:03:10,110 --> 00:03:12,420 that are located closer to your users, such as one 86 00:03:12,420 --> 00:03:15,030 that you host yourself within your DMZ or screen subnet, 87 00:03:15,030 --> 00:03:18,390 or one hosted by your internet service provider directly. 88 00:03:18,390 --> 00:03:22,200 Next, we're going to discuss NTP or the Network Time Protocol, 89 00:03:22,200 --> 00:03:24,210 and there's some issues around this as well. 90 00:03:24,210 --> 00:03:27,510 Remember, NTP is a protocol that allows the synchronization 91 00:03:27,510 --> 00:03:29,520 of system clocks between different layers 92 00:03:29,520 --> 00:03:32,700 of a hierarchical semi-layered system of time sources. 93 00:03:32,700 --> 00:03:33,533 This is important 94 00:03:33,533 --> 00:03:35,520 because many of our distributed applications 95 00:03:35,520 --> 00:03:37,170 such as network authentication, 96 00:03:37,170 --> 00:03:39,780 they're going to rely on proper synchronization of time 97 00:03:39,780 --> 00:03:41,280 between your client and a server, 98 00:03:41,280 --> 00:03:44,490 and our networks use NTP to do all of that. 99 00:03:44,490 --> 00:03:46,680 In general, issues with NTP are caused 100 00:03:46,680 --> 00:03:49,350 by the NTP packets not being received, 101 00:03:49,350 --> 00:03:51,150 NTP packets may not be processed, 102 00:03:51,150 --> 00:03:54,600 or the NTP packets have errors or packet loss. 103 00:03:54,600 --> 00:03:56,880 If the NTP packets are not being received, 104 00:03:56,880 --> 00:03:59,730 this needs to be trouble shot to determine the root cause. 105 00:03:59,730 --> 00:04:01,350 You need to begin at the physical layer 106 00:04:01,350 --> 00:04:03,600 and ensure your clients and servers are properly connected 107 00:04:03,600 --> 00:04:05,100 and cabled to your network. 108 00:04:05,100 --> 00:04:08,100 Then if the NTP server is on your local area network, 109 00:04:08,100 --> 00:04:09,480 you need to verify it's communicating 110 00:04:09,480 --> 00:04:11,040 between the client and the server, 111 00:04:11,040 --> 00:04:13,020 using their MAC addresses properly. 112 00:04:13,020 --> 00:04:15,900 If the NTP server is locate outside the local area network, 113 00:04:15,900 --> 00:04:17,820 you need to verify that the client can communicate 114 00:04:17,820 --> 00:04:20,640 to that server using layer three IP addresses 115 00:04:20,640 --> 00:04:21,930 for that server. 116 00:04:21,930 --> 00:04:25,200 Now, in general, if NTP packets are not being received, 117 00:04:25,200 --> 00:04:27,660 this is more of a general network communication issue 118 00:04:27,660 --> 00:04:29,910 at layer one, layer two, layer three, 119 00:04:29,910 --> 00:04:32,820 or possibly a DNS server issue, if you're referring 120 00:04:32,820 --> 00:04:35,190 to that NTP server using its domain name 121 00:04:35,190 --> 00:04:36,810 and not its IP address. 122 00:04:36,810 --> 00:04:39,180 Now, if the NTP packets are being received 123 00:04:39,180 --> 00:04:41,250 but they're not being processed properly, 124 00:04:41,250 --> 00:04:44,220 you need to look at the network client or the NTP server 125 00:04:44,220 --> 00:04:46,440 to ensure they're operating the NTP service 126 00:04:46,440 --> 00:04:48,750 to read and process those NTP packets 127 00:04:48,750 --> 00:04:51,180 that are being sent and received by these devices. 128 00:04:51,180 --> 00:04:53,850 If the NTP process or service doesn't act 129 00:04:53,850 --> 00:04:55,800 on the NTP packets being received, 130 00:04:55,800 --> 00:04:57,540 there's going to be network communication issues 131 00:04:57,540 --> 00:05:00,240 with other services, things like HTTPS 132 00:05:00,240 --> 00:05:02,430 and network authentication processes. 133 00:05:02,430 --> 00:05:05,340 Now, if the NTP packets are processed but there's errors 134 00:05:05,340 --> 00:05:07,890 or packet loss in them, there's going to be a loss 135 00:05:07,890 --> 00:05:09,960 of time synchronization that can occur. 136 00:05:09,960 --> 00:05:12,600 The loss of synchronization might occur if dispersion 137 00:05:12,600 --> 00:05:15,390 or a delayed value for a server goes really high. 138 00:05:15,390 --> 00:05:18,240 High values indicate that packets are taking way too long 139 00:05:18,240 --> 00:05:20,100 to get to the client from the server 140 00:05:20,100 --> 00:05:21,870 in reference to the root of the clock. 141 00:05:21,870 --> 00:05:24,480 So the local machine cannot trust the accuracy 142 00:05:24,480 --> 00:05:26,940 of the time present in the packet because it doesn't know 143 00:05:26,940 --> 00:05:29,010 how long it took the packet to get there. 144 00:05:29,010 --> 00:05:30,210 If there's a saturated link 145 00:05:30,210 --> 00:05:32,010 or buffering is occurring along the way, 146 00:05:32,010 --> 00:05:35,130 the packets can get delayed as they come to the NTP client. 147 00:05:35,130 --> 00:05:38,340 Now, the timestamp contained within a subsequent NTP packet 148 00:05:38,340 --> 00:05:39,930 can occasionally vary a lot, 149 00:05:39,930 --> 00:05:42,990 and the local client cannot really adjust for that variance. 150 00:05:42,990 --> 00:05:46,410 So if you're seeing errors or lost packets with NTP, 151 00:05:46,410 --> 00:05:48,930 that's going to cause a lot of loss to synchronization for you, 152 00:05:48,930 --> 00:05:50,850 and you need to ensure there's no saturation 153 00:05:50,850 --> 00:05:52,140 in your network connections 154 00:05:52,140 --> 00:05:53,443 and that your network connectivity is adequate 155 00:05:53,443 --> 00:05:56,733 to be able to send the NTP packets in a timely manner.