[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 760
  • Last Modified:

My nslookup queries return values of external domains with my domain appended in the end.

When I perform an nslookup from an internal machine for an external domain (e.g. hotmail.com), I get a response like this:

Non-Authoritative answer:
name:   hotmail.com.mydomain.com
address: (correct ip address)

I don-t know why it is appending mydomain to the end, but I believe this is causing me problems. Any ideias?
0
Menshen
Asked:
Menshen
  • 10
  • 9
  • 4
  • +3
1 Solution
 
midustouchCommented:
Are you in an office environment or home?

0
 
midustouchCommented:
1. It could be your DNS server or router is not configured properly

Need more information
0
 
vmaheenCommented:
Hi friend,

I think internal DNS forworder option configured to external DNS, or you are using NAT.
then this could happen.

Maheen
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
MenshenAuthor Commented:
DCs configuration:

DC1: NIC configuration DNS1 - 127.0.0.1
        DNS - Fowarders, 3 ISP DNS servers
        Do not user recursion is not checked

DC2: NIC configuration DNS1 - 127.0.0.1
         DNS - Fowarders, 3 ISP DNS servers
         Do not user recursion is not checked

The gateway for both servers is my ISA firewall, allowing all outbound traffic at this moment to minimize interference with this issue.

ISA: Internal Nick DNS1 - DC1
        Internal Nick DNS2 - DC2

        External Nick - DHCP, receives DNS from ISP. ISA does nslookups correctly.

My domain is private.domain.com and I have domain com registered but my DNS servers dont manage it (ISP does it), private.domain.com is completely private. I worked perfectly with this setting for years, but following a domain clean reinstall something is wrong.
0
 
MenshenAuthor Commented:
What is strange is that from my workstation nslookup works fine, and it is using DC1 and DC2 as it-s DNS servers, but from DC1 I get that externaldomain.com.mydomain.com answer, from DC2 I get time outs, and from a third member server configured just like the workstation I  also get answers such as externaldomain.com.mydomain.com.

Ive been flushing DNS and cleaning the cache of the DNS servers between test.
0
 
midustouchCommented:
I would focus on the ISA server
0
 
midustouchCommented:
Is your return path for DNS query blocked? Since your configuration is to use external DNS?
0
 
MenshenAuthor Commented:
I believe that the best practices is that the ISA external nick should have no ISP DNS servers, and it should have only internal DNS servers on the internal nick, he was receiving DNS servers from the ISP on the external nick, I changed it manually to the internal DNS servers on both the external and internal nicks, It made no difference apparently.
0
 
midustouchCommented:
The external NETWORK INTERFACE CARD (NIC) should point to your router or your ISP DNS.

Your clients should point to the internal domain controller holding the DNS function and those domain controllers should point to the ISA server which will then control outgoing and incoming DNS queries

Check port 53 on your ISA internal and external NICs.
0
 
northcideCommented:
run "nslookup -debug" then run the same queries and paste back the info it gives you.
0
 
MenshenAuthor Commented:
ok, Ive set my ISA as it was:

Internal nick: Internal DNS servers
External nick: ISP servers

But this is how it was originally so, no changes yet.
0
 
midustouchCommented:
Where is the ISA server's external NIC connected to? Router? Does the router have DNS capability?
0
 
MenshenAuthor Commented:
From DC1:

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.0.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.0.168.192.in-addr.arpa
        name = srvlad04.private.domain.com
        ttl = 1200 (20 mins)

------------
Default Server:  dc1.private.domain.com
Address:  192.168.0.4

From DC2:.

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        1.0.0.127.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  1.0.0.127.in-addr.arpa
        name = localhost
        ttl = 3600 (1 hour)

------------
Default Server:  localhost
Address:  127.0.0.1

From a member server:

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.0.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.0.168.192.in-addr.arpa
        name = dc1.private.domain.com
        ttl = 1200 (20 mins)

------------
Default Server:  dc1.private.domain.com
Address:  192.168.0.4

From a workstation:

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.0.168.192.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.0.168.192.in-addr.arpa
        name = dc1.private.domain com
        ttl = 1200 (20 mins)

------------
Default Server:  dc1.private.domain.com
Address:  192.168.0.4
0
 
northcideCommented:
wait a second here, you said you were trying to do a forward resolution for a public domain right?  why are those dig debugs showing PTR questions and answers?

please repost with external domain name used in the query from start to finish.

better yet, isntall dig and run a +trace query.
0
 
MenshenAuthor Commented:
I have registered domain .com, the DNS for this domain is managed by the ISP. internally I use private.domain.com, this is not visible outside and is only for consistency with the external domain, I have no  public DNS servers on my network.

What is this dig you mentioned and where can I get it?
0
 
northcideCommented:
lets stick with nslookup for the moment.  with the results you posted a few moments ago, what was the query you used?

what yous hould be doing is:

C:\>nslookup -debug
>hotmail.com a
>

post everything from start to finish here.
0
 
MenshenAuthor Commented:
This is what I get in DC01:

C:\Documents and Settings\Administrator>nslookup
Default Server:  localhost
Address:  127.0.0.1

> yahoo.com
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    yahoo.com.mydomain.com
Address:  208.69.32.139

I do get the correct IP address, but I believe it should not append mydomain.com at the end right?
0
 
northcideCommented:
well usually this happens to your OWN domain name when you dont append a . at the end of your hostname.

run...

c:\>nslookup -debug
>set nosearch
>hotmail.com
0
 
midustouchCommented:
This is definately a wrong setting on your internal DNS server. Now we need to know which is the server that's doing the name resolution and we can proceed from there.

The DNS server that does the primary name resolution should be set to forward queries to your ISP DNS server. Set that server to recursive queries and cache the queries (caching speeds up your name resolution speed for your clients)
0
 
MenshenAuthor Commented:
northcide:

That is it, by simply putting the . in the end of the external domain queries I get a correct awnser without the mydomain.com appended in the end. does this mean it s working correctly, or it should not append it if if I forget the . at the end?
0
 
midustouchCommented:
My guess is that your internal DNS server or the server that's doing the name resolution has missing root servers folder.

Once that top level domain folder is there, the problem may be resolved.
0
 
midustouchCommented:
You may want to change your FQDN to settings on your DHCP/DNS to end with "." ie private.net. <--- the dot
0
 
Walter PadrónCommented:
> Name:    yahoo.com.mydomain.com
> Address:  208.69.32.139

I did a Whois search and this is not Yahoo!

OrgName:    Freedom Networks LLC
OrgID:      FNL-6
Address:    50 Freemont St.
Address:    16 Floor
City:       San Francisco
StateProv:  CA
PostalCode: 94105
Country:    US
0
 
midustouchCommented:
wpadon; of course it isn't yahoo! It ends with mydomain.com.

Author; just to clarify - does it really end with mydomain.com or is that just an edited placeholder for your domain?
0
 
Walter PadrónCommented:
midustouch, the problem is that the dns server should not return a valid response even in case that mydomain.com was added incorrectly because www.yahoo.mydomain.com or whatever mydomain.com is do not exists. And Menshen said he get the correct IP addresses which is clearly wrong.

Menshen, also check in the DNS tab of Advanced Properties of TCP/IP if something is messed with the DNS suffixes and check in your policies too Computer / Administrative Templates / Network / DNS client
0
 
MenshenAuthor Commented:
midustouch: it's edited for privacy

wpadron: I'll see if I have some time to take a look at the things you suggested today
0
 
Computer101Commented:
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 10
  • 9
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now