Avatar of concordit
 asked on

NSLOOKUP will not work unless I add in a trailing period...

I am having an issue with dns lookups. The setup it a bit complex, so I will explain here briefly. We have a product called "Campus Manager", it basically switches around client machines to different VLANS based on if you have antivirus and MS updates installed. The two VLANS where users are placed initially are for registration and remediation. The "Campus Manager" box is a linux box with their application running on it. Its has a standard dhcpd and named install on it to service the two VLANS. The named config will only allow it to go to certain domain names, and in the zone file all the domains are forwards to the Active directory name server we have running. The issue that I am having is that while on these two VLANS I cannot perform an nslookup properly unless I put in a trailing period. For example,

nslookup microsoft.com will produce
and the IP of the VLAN interface on the Campus Manager box

nslookup microsoft.com. will produce
and all the IP's that it resolves to

Not sure whats going on, any help would be appreciated....


NetworkingDNSNetwork Operations

Avatar of undefined
Last Comment
Amit Bhatnagar

8/22/2022 - Mon

Do you have a "." zone configured on your DNS server.

Or does it have only one zone for your domain only.


Might help -
The appending of ".mydomain.com" is a feature if no trailing period is provided - however when I use "nslookup xyz" I get the default domain appended (because it is taken as a machine name) but if I do "nslookup xyz.com" I don't get the domain appended and I don't think I have a "." zone defined

If it is what i think, it would only occure when nslooking up zones locally hostes, right? Then nslookup www.somethingelse.com is ok without trailling dot?

In the zone config, there is 2 way to set a "A" record. With implicit or explicit domain name.

www IN A
www.domain.com. IN A

the second one need a dot, the first one doesn't.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Amit Bhatnagar

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

On 2nd thoughts I might be tempted to guess that the "Campus Manager" software runs in such a way that certain domain names are resolved by their DNS server depending on what state the machine is in and hence what VLAN they are assigned to.
So "microsoft.com" is defined in their DNS server for 1 VLAN but not for the other VLAN.
Exactly why this has been done can only really be answered by their technical bods but I think it could be a feasible answer as they can then prevent machines from accessing outside sources by forcing DNS lookups to resolve to their own machine which might be a proxy for such sites as "microsoft.com" and therefore they can monitor when a machine is updated and ready to be moved up the chain.

Sorry guys, none of this helped. Basically to simplfy it a bit, I am working on an issue where the DNS server is appending the DNS suffix of the local machine. There is one machine not on an active directory domain and its gets the hostname that the DHCP server is assigning it appened to all nslookups. The machine thats on the active directory domain gets the domain suffixes from the AD domain appended to it, as well as the hostname that the DHCP server is giving it. The DHCP server mind you is on the Campus Manager box, its not the DHCP server on the active directory domain. Unless I put a trailing period I do not get proper returns from nslookup.


My answer concern the campus manager box running linux, not the AD server.  

When you do an nslookup request, specify the IP of the DNS server to force a specific one to provide the info. Do the same test with each server to find out which one cause the problem. The take a look to its own local zone if there is any.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Thats what I did. Local zone is configured with a *. as the A record. Not sure if that has anything to do with it.
Amit Bhatnagar

OK. First, I got confused as in who is the owner of this question...:)..Anyways, your last comment kinda says the same thing that I think I said about the wild card entry and it may be causing it. Is this wild card entry pointing to some internal webite or something. Also, remove it if possible and see if that takes care of the issue.