Solved

Search the record in DNS

Posted on 2009-04-09
11
188 Views
Last Modified: 2012-05-06
I would like to know if there is a way to find where the record for a specified DNS hoset is located.
When I use <Nslookup computername>,    it gives me the server where the host is, it also gives me the IP address of the host. But it doesn't give me which container it s located.

I will have to expand all the containers in DNS in order to find it.

Any better way to search and find where a certain record is located?

Thanks
0
Comment
Question by:jskfan
  • 6
  • 5
11 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24107573

Hey,

On an Active Directory domain, the DNS records for workstations will be in one location and one location anyway - Forward Lookup Zones, (your domain name). ALL the DNS records will be contained there.

If there is any subfolders, you will see this in the DNS name. For example, assuming domain.com is the Active Directory domain, the record server.host.domain.com will be located within the 'host' subfolder of the domain.com forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24108346
I have a DNS zone Mydomain.com, it has many containers under
I was trying to look for a record of a server1
I typed <NSLookup computer name>

I got:

Server:DC.Mydomain.com
address: 10.1.1.10

Name: server1
address: 10.1.1.99

when I wnet to DNS and clicked on the Mydomain.com zone, I didn't see the record for server1
I had to expand every container under the Mydomain.com zone(which is AD Integrated zone), then I found it under a container named Dev. I am not sure what this Dev container is, is it a child domain? how can I tell? is there an option in NSlookup that tells exactly where a certain record is ?

Thanks

 
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108385

Any subcontainer below any forward lookup zone is a subdomain of the main domain. In your case, records within the 'Dev' container would give the format <record>.dev.domain.com.

If you simply searched for 'server1', the client workstation you were searching from would have appended a DNS suffix to that server. Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List. Each of those would have been appended to the server name in turn, prior to the query being sent to the DNS server.

-Matt
0
 

Author Comment

by:jskfan
ID: 24108749
<<Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List.>>>

so I wil have to call the user to run ipconfig /all ??
is there any way to do it through NSLookup or any other command.??
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108829

You cannot check the DNS Suffix List using NSLookup. It is machine-specific, although on an Active Directory domain, it will generally contain the Active Directory domain by default (and it will search all parent domains).

-Matt
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:jskfan
ID: 24110772
what do you use to find the location of a host record in DNS, other than useing Ipconfig /all in the workstation you are looking for?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24111477

Sorry, but you're confused. The ipconfig /all approach is used to determine the host headers which are applied to a client PC. The host header is what is appended to a DNS query before it is submitted to the DNS server; DNS would NEVER respond to just nslookup server1, the system has to silently append '.domain.com' to the server1 query in order to get a successful result. The Host Header list simply defines the (list of) domain(s) which are appended automatically, to save you entering .domain.com each time.

nslookup is the tool to use to locate a record in DNS. With a little understanding of the DNS system, you can then use the result returned to identify the path to the record in DNS.

For example, a search for 'server1' with a positive match will indicate the record is located in the root of the appropriate Forward Lookup Zone, whereas a search for server1.subdomain would indicate the record is in the 'subdomain' container within your domain's Forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24113995

If I understand in order to find the location of the record of certain host in DNS, you ping it's Netbios name(computername). you get its IP address, then you ping it's IP address with  "-a" you will get computername.XXXX.YYYY.com, then you go to XXXX zone in DNS and you will find the record.

This is in case you cannot go physically to the host and run ipconfig /all

Correct?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24114194
Pretty much correct. The whole pinging, getting the IP and then ping -a would be unnecessary if you knew the PC name, since an nslookup of just the computer name *should* return the full DNS name of the PC.

You would then look in DNS at the appropriate location. So, look in the YYYY.com zone, expand the XXXX subdomain, and the record will be found in there.

Note that if your forward lookup zone is actually called XXXX.YYYY.com, you don't need to expand any subdomains; the record will be in the root of that zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24114826
I tried NSLookup with computername, it gave me computername.parentdomain.com, it should have given me computername.subdomain.parentdomain.

but when I ping <Ping -a IPaddress> it gives me the right suffix computername.subdomain.parentdomain.com
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24114853

An NSLookup of simply 'computername' which returns computername.domain.com indicates there is a computer by that domain in the Parent domain. If DNS returns that path explicitly, the record *must* be in the parent zone.

Doing a ping -a of the computer name essentially performs a reverse DNS lookup on the computer's IP address. While that particular computer's Reverse DNS may be computername.subdomain.parentdomain.com, there could quite easily be another computer in the parent domain by the same domain. It is also possible the PC was previously joined to the parent domain, was removed, but the DNS record is still present.

-Matt
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now