Ping $(hostname) has request timeout but nslookup $(hostname) works

dnsping

Why does ping $(hostname) fail with the output below?

PING deeznuts.noodleofdeath.com (10.186.132.10): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4

same with direct IP address:

PING 10.186.132.10: 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4

but nslookup $(hostname) work with the following output?

Server:     10.153.50.27
Address:    10.153.50.27#53

Non-authoritative answer:
Name:   deeznuts.noodleofdeath.com
Address: 10.186.132.10

What do I do to make ping work? When I am on another machine on the same network, I can ping deeznuts.noodleofdeath.com successfully.

The contents of my /etc/resolv.conf is the following:

#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search noodleofdeath.com
nameserver 10.153.50.27

Best Answer

First off ping and nslookup are two totally and very different things:

  • ping is sending an ICMP packet to the specified host directly
  • nslookup is querying a DNS server for the IP address of a hostname

If the host is down (for example), ping will fail. However, if you do an nslookup it will still return the IP address of the host you're querying. Remember, DNS is essentially an address book - it translates or maps names to numbers.

Why does your ping fail?

There are any number of reasons, but these are the "big three:"

  • host can be down
  • it can be configured to not respond to ping
  • the firewall can block/reject ICMP packets - from either/or both your computer, your network; their computer, their network

When I am on another machine on the same network, I can ping deeznuts.noodleofdeath.com successfully

If others can ping it, the host is obviously up and not rejecting packets. To find out why packets on a particular machine is being dropped, you need to do a packet capture with something like Wireshark to see where the packet is going and where it's failing.

I would look at these factors (in order):

  • firewall on the local machine that could be dropping packets
  • network firewall (local network) blocking ICMP/ping packets from a particular host, range of addresses, subnets, or networks
  • firewall on the remote machine blocking/dropping packets from particular hosts
  • network firewall on the remote network blocking/dropping packets from a particular host, range, or subnet.

An easy test to see if it's related to something security like the firewall or IPS software is to assign the IP of the machine that can't ping to a different machine. If it fails, it's security related. If it works, it's your host.

I can't rule out any IDS/IPS software that may be running on the remote. For instance, if a host or firewall sees too many pings from a particular node, it will stop responding to requests from that node. This is a very common tactic in preventing DDoS attacks.

Related Question