TCP/IP Commands Using the Wrong IP Address
A remote server system has been recently moved to a new IP address. The NSLOOKUP or DIG commands show the correct (new) IP address. However, attempts to connect to that server continue to use the old IP address.
It is possible that there is a local host file in the search order that still has the old address in it. But the more likely cause is that the entry containing the old address has not yet aged out of the Resolver Cache.
Diagnosing the problem
A NETSTAT RESCACHE DETAIL (HOSTNAME full.host.name command issued from TSO (or a DISPLAY TCPIP,,RESCACHE,DETAIL,HOSTNAME=full.host.name issued from the operator console) will show the current cached entry, listing the (old) IP address and when it will expire (note that this time may be UCT/GMT, see TechNote 1140187 for more information).
Use a Resolver Trace to verify the source of the incorrect information. For simple commands, this is most easily collected by defining a SYSTCPT DD (directed to the terminal, SYSOUT, or a data set). See the z/OS Communications Server: IP Diagnosis Guide for more information.
Resolving the problem
Use a MODIFY RESOLVER,FLUSH,ALL command to clear the cache. This will force all entries (including the errant one) to expire, causing it to be refreshed with the new information on its next reference.
To avoid this problem with future planned server moves, best practice is to have the administrator of the authoritative DNS server for the server's domain perform the following actions:
- Two days before the move (or at least twice the current TTL for the domain), specify a TTL of 3600 (one hour) on the specific entry(s) for this server.
- Two hours before the move, change the TTL to 5 seconds.
- While the move is actually being performed, update the entry with the new IP address and remove the TTL override.
This practice will avoid the problem for many client platforms (not just z/OS systems that use a Resolver Cache) and all DNS servers that are not authoritative for this domain.