Understanding Host Name Resolution

Jennifer Taylor – Software Test Manager, FabGuard Product Group, Newton MA

In TCP/IP based networks, internet packets that are transmitted over a network contain two IP addresses: the IP address of the computer sending the packet, and the IP address of the destination computer intended to receive the packet. Since the IP addresses are used to forward packets between the computers, the IP addresses must be both unique and correct for communication to occur. IP addresses are typically in the format “10.1.1.10.”

What is a host name? A host name is assigned to a computer in a TCP/IP network to identify that host by an alphanumeric name, and not by a set of numbers. The host name acts like an alias that is assigned to a node in order to identify it. A host name can also be part of a domain name, which is a structured name set by the network administrator that adheres to Internet standards. In the following host name example, computer 1 is part of domain 1, “CNAME1.domain1.net.”

In a Windows environment, TCP/IP applications use the IP address of the host name when establishing a connection. Host name resolution is not needed when IP addresses are used directly. Because host names are simpler to remember than numeric IP addresses, host names are typically used instead of IP addresses.

When the host name is used and not the IP address, the host name must be resolved to its IP address for IP communication to occur. This is known as host name resolution. A host name must have a corresponding IP address located in a HOSTS file or in a Domain Name System (DNS) server database.

Host Name Resolution in Windows

Each network needs a mechanism that can resolve host names to IP addresses. Name resolution has to occur whenever the host name is used to connect to a computer. For example, when a server name “http://CNAME1” is used to access a resource, the computer resolves that name to an IP address “http://10.1.1.10.” Host name resolution is the process that resolves the host name to an IP address. This has to occur so that the IP address can be resolved to the hardware address (MAC address) for TCP/IP based communication to proceed.

Common methods used to resolve host names are listed below:

  • HOSTS file: This is a text file that includes the mappings of host names to IP addresses. The HOSTS file is stored locally on the computer
  • DNS server: DNS resolves host names and fully qualified domain names (FQDNs) to IP addresses in TCP/IP networks. The DNS server manages a database of mappings of host names to IP addresses on the network. This is the primary method used for name resolution in Windows

The HOSTS File

Figure 1: Example of a hosts file in folder C:\Windows\System32\drivers\etc\.

This is a text based file which contains host names to IP addresses mappings. TCP/IP applications mainly use a HOSTS file when a host name needs to be mapped to an IP address and no DNS server exists. The file can also be used to resolve NetBIOS names. The HOSTS file is stored locally on a system, and is located on each computer (Figure 1).

  • Multiple host names can be assigned to the same IP address
  • Each entry in the HOSTS file has an IP address that is associated with one or multiple host names
  • Host name localhost is a default entry in the HOSTS file
  • Frequently used names should be entered at the top of the list
  • Entries in the HOSTS file for are case-insensitive

How host names are resolved with a HOSTS file

  1. A user utilizes a host name to connect to a TCP/IP application, such as entering a URL in a web browser → http://CNAME1/FabGuard/Fgweb.htm.
  2. The system checks whether the host name is the same as the local host name.
  3. The name is resolved if the two names match.
  4. The HOSTS file is parsed if the host name is not the same as the local host name.
  5. The host name is resolved to its associated IP address if it is found in the HOSTS file.
  6. The IP address of the destination host is then resolved to its hardware address (MAC Address).
  7. If the destination host is located on the local network, either of the following methods is used to obtain the hardware address:
    • The hardware address is retrieved from the ARP cache. The ARP cache (Address Resolution Protocol) is a table of recently resolved IP addresses and their corresponding hardware address (MAC address)
    • The IP address of the host is broadcast for its hardware address
  8. If the destination host is located on a remote network, the hardware address of a router is obtained so that the request can be routed.

When host name resolution using a HOSTS file is the only method configured, instances where the host name cannot be resolved to an IP address using the HOSTS file returns an error message to the user that initiated the request.

DNS Server

Figure 2: Example of a DNS Server configuration using the IPCONFIG /ALL command in a Command Prompt.

In most cases, it is not necessary to manually configure the DNS if it’s in an Active Directory. If dynamic IP addressing (DHCP) is used on the network, the DNS server will be configured automatically with a local DNS server, and most likely with an ISP DNS server also. If the network requires a static IP address instead of DHCP, the DNS Server will need to be manually configured.

How host names are resolved with a DNS server

  1. When a user enters a host name in a TCP/IP application, such as entering a URL in a web browser:
    http://CNAME1/FabGuard/Fgweb.htm

    or entering a fully qualified domain name (FQDN):
    http://CNAME1.INFICON.COM

    host name resolution is attempted using the HOSTS file.
  2. If the host name could not be resolved to an IP address using the HOSTS file, the DNS server is used.
  3. The request is transmitted to the local DNS server to perform a lookup of the name in its database and resolve it to an IP address.
  4. If the local DNS server does not have the host name in its database, it will pass the host name to the ISP’s server to find the name using root nameservers on the internet. See https://en.wikipedia.org/wiki/Domain_Name_System for a more detailed explanation on DNS Name resolution with ISP servers.
  5. The local or ISP DNS server resolves the host name to IP address.
  6. The IP address of the destination host is then resolved to its hardware address.
  7. If the destination host is located on the local network, either of the following methods is used to obtain the hardware address:
    • The hardware address is retrieved from the ARP cache
    • The IP address of the host is broadcast for its hardware address
  8. 8. If the destination host is located on a remote network, the hardware address of a router is obtained so that the request can be routed.

In instances where the DNS server does not respond to the initial request, communication to the DNS server is retried at 1, 2, 2, and 4 second intervals. If these attempts fail, and no other host name resolution mechanisms exist, an error message is returned to the user that initiated the request.

Troubleshooting host name resolution

Cannot Find Name or IP address

When using a DNS server, the response “Unknown host from Ping” means the DNS server did not find the requested name or IP address.

  1. Check that the client computers have a valid IP configuration.
  2. To check IP configuration, type ipconfig /all at the command prompt. In the command-line output, verify that the IP address, subnet mask, and default gateway are correct.
  3. Query the name using the tool Nslookup. At the command prompt with Run as Administrator, type the following:

    Nslookup <query address> <IP address of DNS server>

    where <IP address of DNS server> is the IP address of the configured DNS server and <query address> is the name you are attempting to resolve. If you get the message "Server failed" or "Request to server timed out," there is an issue involving a broken delegation. Contact the network administrator.

    – Or –

    If the response is an incorrect answer or the message "Non-existent domain," proceed to the next steps.

    1. Flush the resolver cache at command prompt. At the command prompt with Run as Administrator, type the following:

      Ipconfig /flushdns
      Ipconfig /registerdns

    2. At the command prompt with Run as Administrator, type the following:

      Nslookup <query address> <IP address of server>

      where <IP address of DNS server> is the IP address of the configured DNS server and <query address> is the name you are attempting to resolve. If the answer is correct, the problem was a stale cache entry, and your problem is solved.

      – Or –

      If the answer is still not correct, there is a problem with authoritative data. Contact the network administrator.

Answer is Incorrect

The response from a ping using a DNS server is incorrect.

  1. Flush the resolver cache and re-register. At the command prompt with Run as Administrator, type the following:

    Ipconfig /flushdns
    Ipconfig /registerdns

  2. At the command prompt with Run as Administrator, type the following:

    Nslookup <query address> <IP address of server>

    where <IP address of DNS server> is the IP address of the configured DNS server and <query address> is the name you are attempting to resolve. If the answer is correct, the problem was a stale cache entry, and your problem is solved.