Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Search the record in DNS

Posted on 2009-04-09
11
192 Views
Last Modified: 2012-05-06
I would like to know if there is a way to find where the record for a specified DNS hoset is located.
When I use <Nslookup computername>,    it gives me the server where the host is, it also gives me the IP address of the host. But it doesn't give me which container it s located.

I will have to expand all the containers in DNS in order to find it.

Any better way to search and find where a certain record is located?

Thanks
0
Comment
Question by:jskfan
  • 6
  • 5
11 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24107573

Hey,

On an Active Directory domain, the DNS records for workstations will be in one location and one location anyway - Forward Lookup Zones, (your domain name). ALL the DNS records will be contained there.

If there is any subfolders, you will see this in the DNS name. For example, assuming domain.com is the Active Directory domain, the record server.host.domain.com will be located within the 'host' subfolder of the domain.com forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24108346
I have a DNS zone Mydomain.com, it has many containers under
I was trying to look for a record of a server1
I typed <NSLookup computer name>

I got:

Server:DC.Mydomain.com
address: 10.1.1.10

Name: server1
address: 10.1.1.99

when I wnet to DNS and clicked on the Mydomain.com zone, I didn't see the record for server1
I had to expand every container under the Mydomain.com zone(which is AD Integrated zone), then I found it under a container named Dev. I am not sure what this Dev container is, is it a child domain? how can I tell? is there an option in NSlookup that tells exactly where a certain record is ?

Thanks

 
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108385

Any subcontainer below any forward lookup zone is a subdomain of the main domain. In your case, records within the 'Dev' container would give the format <record>.dev.domain.com.

If you simply searched for 'server1', the client workstation you were searching from would have appended a DNS suffix to that server. Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List. Each of those would have been appended to the server name in turn, prior to the query being sent to the DNS server.

-Matt
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:jskfan
ID: 24108749
<<Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List.>>>

so I wil have to call the user to run ipconfig /all ??
is there any way to do it through NSLookup or any other command.??
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108829

You cannot check the DNS Suffix List using NSLookup. It is machine-specific, although on an Active Directory domain, it will generally contain the Active Directory domain by default (and it will search all parent domains).

-Matt
0
 

Author Comment

by:jskfan
ID: 24110772
what do you use to find the location of a host record in DNS, other than useing Ipconfig /all in the workstation you are looking for?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24111477

Sorry, but you're confused. The ipconfig /all approach is used to determine the host headers which are applied to a client PC. The host header is what is appended to a DNS query before it is submitted to the DNS server; DNS would NEVER respond to just nslookup server1, the system has to silently append '.domain.com' to the server1 query in order to get a successful result. The Host Header list simply defines the (list of) domain(s) which are appended automatically, to save you entering .domain.com each time.

nslookup is the tool to use to locate a record in DNS. With a little understanding of the DNS system, you can then use the result returned to identify the path to the record in DNS.

For example, a search for 'server1' with a positive match will indicate the record is located in the root of the appropriate Forward Lookup Zone, whereas a search for server1.subdomain would indicate the record is in the 'subdomain' container within your domain's Forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24113995

If I understand in order to find the location of the record of certain host in DNS, you ping it's Netbios name(computername). you get its IP address, then you ping it's IP address with  "-a" you will get computername.XXXX.YYYY.com, then you go to XXXX zone in DNS and you will find the record.

This is in case you cannot go physically to the host and run ipconfig /all

Correct?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24114194
Pretty much correct. The whole pinging, getting the IP and then ping -a would be unnecessary if you knew the PC name, since an nslookup of just the computer name *should* return the full DNS name of the PC.

You would then look in DNS at the appropriate location. So, look in the YYYY.com zone, expand the XXXX subdomain, and the record will be found in there.

Note that if your forward lookup zone is actually called XXXX.YYYY.com, you don't need to expand any subdomains; the record will be in the root of that zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24114826
I tried NSLookup with computername, it gave me computername.parentdomain.com, it should have given me computername.subdomain.parentdomain.

but when I ping <Ping -a IPaddress> it gives me the right suffix computername.subdomain.parentdomain.com
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24114853

An NSLookup of simply 'computername' which returns computername.domain.com indicates there is a computer by that domain in the Parent domain. If DNS returns that path explicitly, the record *must* be in the parent zone.

Doing a ping -a of the computer name essentially performs a reverse DNS lookup on the computer's IP address. While that particular computer's Reverse DNS may be computername.subdomain.parentdomain.com, there could quite easily be another computer in the parent domain by the same domain. It is also possible the PC was previously joined to the parent domain, was removed, but the DNS record is still present.

-Matt
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question