DHCP, DNS, NTP, and IP Addressing Issues
Key Takeaways
- IP addressing problems often appear as local-only connectivity, duplicate address warnings, wrong gateway behavior, or APIPA addresses.
- DHCP troubleshooting includes scopes, pools, exclusions, reservations, options, relay agents, and server reachability.
- DNS troubleshooting separates name resolution failures from actual transport or application failures.
- NTP problems can break authentication, certificates, logs, Kerberos, and event correlation even when basic connectivity works.
- A structured approach verifies client configuration, service health, path reachability, and recent changes.
DHCP, DNS, NTP, and IP Addressing
Network services create many "the network is down" reports. A user may have a good cable, strong wireless signal, and working switch port but still fail because the client has no valid address, the gateway is wrong, names do not resolve, or time is badly skewed. Domain 5 troubleshooting expects you to separate these service failures from physical and routing failures.
IP Addressing Clues
| Symptom | Likely issue |
|---|---|
| 169.254.x.x address on IPv4 client | DHCP failed and APIPA was used |
| Duplicate IP warning | Static conflict, stale reservation, or rogue DHCP behavior |
| Can reach local subnet but not remote networks | Wrong or missing default gateway |
| Can reach gateway but not specific subnet | Route, ACL, firewall, or remote service issue |
| Works by IP address but not by name | DNS issue |
| Intermittent connectivity after a move | Wrong VLAN, old static IP, or DHCP scope mismatch |
Check the actual client configuration before changing infrastructure. IP address, prefix length or subnet mask, default gateway, DNS servers, lease source, and lease expiration often reveal the problem.
DHCP Troubleshooting
DHCP supplies addresses and options. A working lease normally includes an IP address, subnet mask, default gateway, DNS servers, lease time, and sometimes domain suffix, NTP, PXE, or VoIP options.
| DHCP component | Problem clue |
|---|---|
| Scope or pool | Exhausted addresses or wrong subnet |
| Exclusion | Static device accidentally given to a client |
| Reservation | Device expected one address but receives another |
| Option | Client has address but wrong gateway, DNS, or voice VLAN setting |
| Relay agent | Clients on remote VLANs cannot reach DHCP server |
| Rogue DHCP server | Clients receive unexpected gateway or DNS settings |
A single VLAN failing DHCP while other VLANs work often points to relay, VLAN, ACL, or scope configuration. All VLANs failing may point to DHCP server health, firewall policy, or a larger routing issue.
DNS Troubleshooting
DNS maps names to records. When a service fails by name, test whether the IP path works separately. If the application works by IP address but not by hostname, DNS is likely. If neither works, DNS may not be the first problem.
| DNS clue | Likely issue |
|---|---|
| Wrong IP returned | Stale A or AAAA record, wrong zone, split DNS issue |
| Internal name fails off VPN | DNS suffix, VPN DNS assignment, or split-tunnel policy |
| Some users see old destination | Cache, TTL, resolver difference, or propagation timing |
| Reverse lookup fails | Missing or stale PTR record |
| External users cannot resolve domain | Public DNS zone, delegation, registrar, or authoritative server issue |
DNS tools should be used deliberately. Query the configured resolver, then an authoritative server if needed. Compare records from inside and outside the network when split-horizon DNS is possible.
NTP and Time Issues
Time affects more than clocks on screens. Authentication protocols, certificate validation, log correlation, backup windows, monitoring, and distributed systems depend on reasonable time synchronization.
| Time symptom | Possible impact |
|---|---|
| Workstation clock far off | Kerberos or certificate validation failure |
| Device logs out of order | Incident timeline becomes unreliable |
| Firewall and server clocks differ | Harder packet and application correlation |
| NTP blocked by ACL | Devices drift over time |
| Wrong time zone | Reports and maintenance windows appear incorrect |
Practical Troubleshooting Flow
| Step | Action |
|---|---|
| 1 | Confirm address, mask, gateway, DNS, and lease source on the client |
| 2 | Test local gateway reachability |
| 3 | Test a known IP destination and then a name-based destination |
| 4 | Verify DHCP scope, options, relay, and address availability |
| 5 | Query DNS records from the same resolver the client uses |
| 6 | Check time, NTP reachability, and clock skew for auth or log issues |
Exam Focus
For N10-009, match the clue to the service. APIPA points to DHCP failure. Wrong gateway points to addressing or DHCP options. Works by IP but not name points to DNS. Authentication or certificate errors with skewed clocks point to NTP or time configuration.
A workstation has an IPv4 address in the 169.254.0.0/16 range and cannot reach the default gateway. What is the most likely issue?
Users can reach an internal web application by IP address but not by hostname. Which service should be checked first?
Match each clue to the likely service or configuration area.
Match each item on the left with the correct item on the right