captony
asked on
Strange DNS
OK this is a strange one. I recently changed internet providers for our company. Everything went well and things checkout fine with DNSSTUFF.
The problem I am having is whenever someone internal tries to go to a bad address or mistyped address it defaults to our website. This wouldn’t be a big deal but I’m getting complaints, and I would rather have the unavailable error screen come up. So it seems that my DNS has decided that if it can’t find something then they must be looking for the website address.
I made no changes that should be causing this; all I did is change providers.
The problem I am having is whenever someone internal tries to go to a bad address or mistyped address it defaults to our website. This wouldn’t be a big deal but I’m getting complaints, and I would rather have the unavailable error screen come up. So it seems that my DNS has decided that if it can’t find something then they must be looking for the website address.
I made no changes that should be causing this; all I did is change providers.
ASKER
Ya if I run "res://shdoclc.dll.dnserro
I can't for the life of me figure out how I pulled that off.. This happens on all systems inside my network.
I can't for the life of me figure out how I pulled that off.. This happens on all systems inside my network.
If you run an nslookup and search for lkjdsahflkjh.ddd Do you get an answer from the server, if so, what is the response. Is it the IP for your website?
Could it be cache related? Clear out all the cache in your DNS server? Both DNS' if you have more than 1 dns server. Any change with that?
I'm curious as to the nslookup results...
Could it be cache related? Clear out all the cache in your DNS server? Both DNS' if you have more than 1 dns server. Any change with that?
I'm curious as to the nslookup results...
ASKER
yup I get a non-autoritative from my dns server with the address of my webserver
Is your server Microsoft DNS or a version of BIND?
ASKER
It's MS DNS running on windows 2000 server. I'm starting to think this might be my new service provider. Is there somthing they could have set that would make lost pages default to my website?
Very odd. Since the nslookup should have returned a ** Non-existant domain ** message instead.
A few more tests:
1) Do you have a Forwarder setup in your MS DNS setup? If so are these your new ISP's DNS servers? Curious to see what happens if you try another ISP's DNS (i.e. ATT DNS Servers 12.127.16.67 and 12.127.17.71)
2) If your machine is setup as a DNS server for your Domain name? Or do you rely on an ISP for your website's hostname resolution?
3) If you try a NSLOOKUP and use 'SERVER 12.127.16.67' (this ip is ATT, you should use your ISP's DNS servers here also). This sets the server to the ISPs DNS , not yours. Try a lookup for slkjdfsls.aaa and see if you get your website or the Non existant domain message.
A few more tests:
1) Do you have a Forwarder setup in your MS DNS setup? If so are these your new ISP's DNS servers? Curious to see what happens if you try another ISP's DNS (i.e. ATT DNS Servers 12.127.16.67 and 12.127.17.71)
2) If your machine is setup as a DNS server for your Domain name? Or do you rely on an ISP for your website's hostname resolution?
3) If you try a NSLOOKUP and use 'SERVER 12.127.16.67' (this ip is ATT, you should use your ISP's DNS servers here also). This sets the server to the ISPs DNS , not yours. Try a lookup for slkjdfsls.aaa and see if you get your website or the Non existant domain message.
ASKER
Yes, I had forwarders setup but turned them of while having this issue.
Our PDC is the DNS server for our Domain.
When I do an nslookup using the other server I still get our website for sdfsdfsfd.aaa, which I find very odd....
Our PDC is the DNS server for our Domain.
When I do an nslookup using the other server I still get our website for sdfsdfsfd.aaa, which I find very odd....
Did I understand you right - nslookup, changed server to att's DNS, used garbage for a hostname and ATT returned the Non-autoritative answer of your website's IP??
ASKER
You got it. Don't ask me how...
ASKER
One thing I find odd is that anytime I do a lookup it tags our domain on the end. for example lets say I'm google.com and I do a lookup for sadsdf.aaa, what I get is
name: sadsdf.aaa.google.com
address: the address of our webserver
So something is putting our domain name on the end of the searches, is that supposed to be happening?
name: sadsdf.aaa.google.com
address: the address of our webserver
So something is putting our domain name on the end of the searches, is that supposed to be happening?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds like someone has modified the DNSError webpage that is displayed for this type of error.
If you START-RUN and type in "res://shdoclc.dll.dnserro
If you get the homepage, then the DLL has been edited somehow, probably with a redirect or forward?
If you get the standard page not displayed error, then this is not the cause of your issue.
Try that and come back with the results....