The Windows operating system contains a huge collection of built-in command-line utilities. Many of these utilities are holdovers from the days of DOS or perhaps Windows 3.x. In spite of such utilities remaining a part of the operating system for decades, many are still useful. One such command that I find myself using on a regular basis is IPConfig.
As its name implies, IPConfig is an IP address configuration utility. Its primary use is displaying a computer’s IP address information. Entering the IPConfig command into the command prompt window causes information such as the system’s IP address, subnet mask, and default gateway to be displayed. Newer Windows operating systems display both the IPv4 and the IPv6 configuration.
While this type of information is no doubt handy to have, the IPConfig command can display much more detailed information about the computer’s IP address configuration. All you have to do is append the /All switch to the IPConfig command.
I won’t bore you with a comprehensive list of all the pieces of information that are displayed by the IPConfig /All command, but there are a few that I want to mention because they can be very helpful.
For starters, the IPConfig /all command lists the MAC address for each of the computer’s network adapters. This can be helpful if you are trying to troubleshoot a problem on a system that has multiple network interfaces.
The IPConfig /all command also provides information about the computer’s DHCP usage. The utility gives you information such as whether the computer is configured to use a DHCP server, the IP address of the DHCP server that leased the current IP address to the computer, when the DHCP lease was obtained, and when the lease expires. Naturally, this type of information can be super useful when it comes to troubleshooting problems related to IP address leasing.
One other bit of information that the IPConfig /all command provides that tends to be really useful is the IP address of the DNS server that the computer is configured to use. (If the computer is set to use multiple DNS servers, they will all be listed.) As strange as it sounds, using the IPConfig command without the /all switch displays basic IP configuration information, but the DNS server configuration is not among the information that is listed. If you want to find out which DNS server the computer is using, you will have to use the /all switch.
One of the best use cases for the IPConfig command is that of troubleshooting DNS problems. As previously mentioned, using the IPConfig command with the /All switch will show you the IP address of the DNS server that the computer is currently using. I have seen situations, for example, in which a server was accidentally configured to use an external DNS server rather than an internal DNS server, and that prevented the server from being able to resolve the names of the other hosts on the internal network. However, the IPConfig command can help with DNS troubleshooting in other ways.
When a Windows device uses a DNS server to resolve a domain name, the name resolution is added to an internal cache. If the resource is modified before the cache entry expires, then the device may be unable to locate that resource. Similarly, malware authors have been known to perform DNS-poisoning attacks in which invalid DNS entries are inserted into the DNS resolver cache in an effort to either block access to a resource, or to redirect the PC to a malicious resource. For example, the DNS cache may be modified so that the IP address that is associated with a popular search engine is replaced with the address of a malicious website.
You can use the IPConfig command to display the contents of the DNS resolver cache. To do so, just enter the IPConfig command, followed by the /DisplayDNS switch. You can see a partial output shown in the screenshot below.
If you happen to see something in the DNS resolver cache that should not be there, you can use the IPConfig command to purge the cache. Simply enter the IPConfig command, followed by the /FlushDNS switch.
IP address lease troubleshooting
The IPConfig command tends to also be really useful when it comes to troubleshooting problems with IP address leases. Over the years, I have encountered a few situations in which Windows connected to the wrong DHCP server, and received an invalid IP address as a result. Not that long ago, for example, I had a configuration problem on my network, and as a result a virtual machine on my lab network managed to contact a DHCP server on my production network. The end result was the virtual machine being assigned an IP address that was inappropriate for the way that the VM was to be used.
Needless to say, this VM was unable to communicate with the resources that I needed for it to talk to. One of my first troubleshooting steps was to use the IPConfig /all command. This command not only showed me that the computer had been assigned an IP address from the wrong DHCP scope, it also showed me which DHCP server had created the lease.
The question then becomes, what can you do about this type of problem? Well, the IPConfig command can help with that, too. The command contains a /Release switch that you can use to jettison the computer’s IP address. Upon doing so, you can reboot the computer to get a new DHCP lease.
Incidentally, the IPConfig command also contains a /Renew switch that can also be used to get an IP address. However, this switch is really intended to renew a DHCP lease, and my experience has been that if you attempt a renewal after releasing an IP address, the computer will usually end up being reassigned the same address that it just released. You can see an example of this below.
In spite of its age, the IPConfig utility remains very useful. Not only does it make light work of determining a computer’s IP address, it can also be used to troubleshoot a variety of DHCP and DNS issues.