Solved

NSLOOKUP Default Server suddenly is .com instead of .local

Posted on 2008-10-31
6
323 Views
Last Modified: 2012-06-27
Suddenly for no known reason all my workstations are attempting to resolve thru my .COM instead of .LOCAL. In my primary location I have my DCs running mydomain.LOCAL, all my workstations in the same standard /24 subnet are all joined to mydomain.LOCAL. I have a satellite location connect by VPN where I have mostly only servers running mydomain.COM. I do have an in & out Realm transitive trust setup between the two. Nothing major has changed in the last 2 months and then today in the middle of the day my I received complaints that sites ending in mydomain.COM were not resolving from mydomain.LOCAL workstations. A closer look into the situation I see that when I do a NSLOOKPUP on any mydomain.LOCAL workstation it says:

C:\>nslookup
Default Server:  colodc01. mydomain.COM
Address:  10.0.172.10

However, to further confuse matters all of my Servers in mydomain.LOCAL say correctly:

C:\>nslookup
Default Server:  caldc01.mydomain.LOCAL
Address:  172.27.23.34

I have a temporary fix with resolving those mydomain.COM websites simply by adding those to the colodc01.mydomain.LOCAL DNS. That's fine to do, they were never needed there because nothing should route through that satellite location.

The bigger issue is what's shown in nslookup, and it looks like I may be having some A/D issues as well relating to this. Any clue to why this happened or better yet how to fix it? I check all the basic stuff, and even those most of my workstations are using DHCP, even those that are static are also having this issue. All workstations are having this issue.
0
Comment
Question by:p1techservices
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22848316
Does the dns servers IP specified in the LOCAL clients network config match that of 10.0.172.10?
0
 

Author Comment

by:p1techservices
ID: 22850342
No, all (dot) LOCAL clients only have a DNS server of (dot) LOCAL DCs which is 172.27.23.34 & .30. As far as the. LOCAL clients are concerned they should not even know that .COM or the 10.0.172.x exist.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22850610
At a guess, sounds like you're running split-dns and it's got its knickers in a twist. Have you checked your DHCP servers scope settings? Also, are there any rogue ptr records for caldc01.mydomain.LOCAL anywhere? Has anyone added another IP or interface to a server somewhere?

You're absolutely sure that nobody has changed anything?
0
 

Author Comment

by:p1techservices
ID: 22906953
I did find the answer to this. to start with i removed the Group Policy and that did not help so i made a new policy forcing it to point everything to the right domain .local. then i got into the Active Directory and made some changes to force it to resolve suffix to .local. then i found the IP address in the reg under dns client of 10.0.172.10 which should not have been there so i fixed that. after all this gpupdate would not clear all the systems effected but this issue so i removed the systems from the domain to flush the domain policy then rejoined it to the domain so it would get the new domain policy and it works now. plus the network is in better shape now too.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 24670681
Question PAQ'd, 500 points refunded, and stored in the solution database.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question