troubleshooting Question

Trying to understand Microsoft Name Resolution

Avatar of pseudocyber
pseudocyber asked on
NetworkingDNSTCP/IP
14 Comments3 Solutions330 ViewsLast Modified:
Hi all.

First, as ya'll may know - I'm NOT on the Windows Engineering team - so I have no access as a Domain Admin or anything.  I am on the Network Engineering team - so I have access to switches, routers, etc.  

Unfortunately, we manage DHCP and DNS. ;)

Inside DNS is on Windows 2003 servers which are not in the domain, for old political reasons.  This is on the to do list to rectify.

This weekend, I had to change the IP address of some A Records in support of a change.  I changed the server - called Target - to a new 10. scheme IP.  In DNS, everything is fine.

Under the main domain, mycompany.com, there is another "container" which only has domain controllers in it - called corp.

If I try to do an nslookup on the Target server, I get the old IP address - x.x.x.198, and it appears the .corp is being prepended to the domain name so that it is resolving target.corp.mycompany.com.  If in nslookup, I specify the fqdn - target.mycompany.com, I get the correct 10. address.

I believe this has something to do with the fact we're still running WINS in support of legacy netbios apps.  However, I don't know - I'm not a Winders expert.

Could anybody take a look @ this d2 & debug nslookup paste and help me figure this out?  Also some nice links to informative MS articles on how WINS & DNS interact would be great.  I've heard the Windows guys talking about flushing WINS entries on domain controllers or something ...

---------paste ----------------

> set d2
> set debug
> target
Server:  dnsserver.mycompany.com
Address:  10.32.2.53

------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        target.corp.mycompany.com, type = A, class = IN

------------
------------
Got answer (64 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        target.corp.mycompany.com, type = A, class = IN
    ANSWERS:
    ->  target.corp.mycompany.com
        type = A, class = IN, dlen = 4
        internet address = x.x.x.198
        ttl = 115 (1 min 55 secs)

------------
Non-authoritative answer:
Name:    target.corp.mycompany.com
Address:  x.x.x.198

> target.mycompany.com
Server:  dnsserver.mycompany.com
Address:  10.32.2.53

------------
SendRequest(), len 63
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        target.mycompany.com.corp.mycompany.com, type = A, class = IN

------------
------------
Got answer (143 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        target.mycompany.com.corp.mycompany.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  corp.mycompany.com
        type = SOA, class = IN, dlen = 49
        ttl = 3600 (1 hour)
        primary name server = dc1.corp.mycompany.com
        responsible mail addr = hostmaster.corp.mycompany.com
        serial  = 48168
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 58
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        target.mycompany.com.mycompany.com, type = A, class = IN

------------
------------
Got answer (128 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        target.mycompany.com.mycompany.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mycompany.com
        type = SOA, class = IN, dlen = 44
        ttl = 3600 (1 hour)
        primary name server = dnsserver.mycompany.com
        responsible mail addr = hostmaster
        serial  = 200872
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 900 (15 mins)

------------
------------
SendRequest(), len 43
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        target.mycompany.com, type = A, class = IN

------------
------------
Got answer (59 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        target.mycompany.com, type = A, class = IN
    ANSWERS:
    ->  target.mycompany.com
        type = A, class = IN, dlen = 4
        internet address = 10.32.6.116
        ttl = 3600 (1 hour)

------------
Name:    target.mycompany.com
Address:  10.32.6.116

>
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 3 Answers and 14 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 14 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros