Search the record in DNS

I would like to know if there is a way to find where the record for a specified DNS hoset is located.
When I use <Nslookup computername>,    it gives me the server where the host is, it also gives me the IP address of the host. But it doesn't give me which container it s located.

I will have to expand all the containers in DNS in order to find it.

Any better way to search and find where a certain record is located?

Thanks
jskfanAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
tigermattConnect With a Mentor Commented:
Pretty much correct. The whole pinging, getting the IP and then ping -a would be unnecessary if you knew the PC name, since an nslookup of just the computer name *should* return the full DNS name of the PC.

You would then look in DNS at the appropriate location. So, look in the YYYY.com zone, expand the XXXX subdomain, and the record will be found in there.

Note that if your forward lookup zone is actually called XXXX.YYYY.com, you don't need to expand any subdomains; the record will be in the root of that zone.

-Matt
0
 
tigermattCommented:

Hey,

On an Active Directory domain, the DNS records for workstations will be in one location and one location anyway - Forward Lookup Zones, (your domain name). ALL the DNS records will be contained there.

If there is any subfolders, you will see this in the DNS name. For example, assuming domain.com is the Active Directory domain, the record server.host.domain.com will be located within the 'host' subfolder of the domain.com forward lookup zone.

-Matt
0
 
jskfanAuthor Commented:
I have a DNS zone Mydomain.com, it has many containers under
I was trying to look for a record of a server1
I typed <NSLookup computer name>

I got:

Server:DC.Mydomain.com
address: 10.1.1.10

Name: server1
address: 10.1.1.99

when I wnet to DNS and clicked on the Mydomain.com zone, I didn't see the record for server1
I had to expand every container under the Mydomain.com zone(which is AD Integrated zone), then I found it under a container named Dev. I am not sure what this Dev container is, is it a child domain? how can I tell? is there an option in NSlookup that tells exactly where a certain record is ?

Thanks

 
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
tigermattCommented:

Any subcontainer below any forward lookup zone is a subdomain of the main domain. In your case, records within the 'Dev' container would give the format <record>.dev.domain.com.

If you simply searched for 'server1', the client workstation you were searching from would have appended a DNS suffix to that server. Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List. Each of those would have been appended to the server name in turn, prior to the query being sent to the DNS server.

-Matt
0
 
jskfanAuthor Commented:
<<Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List.>>>

so I wil have to call the user to run ipconfig /all ??
is there any way to do it through NSLookup or any other command.??
0
 
tigermattCommented:

You cannot check the DNS Suffix List using NSLookup. It is machine-specific, although on an Active Directory domain, it will generally contain the Active Directory domain by default (and it will search all parent domains).

-Matt
0
 
jskfanAuthor Commented:
what do you use to find the location of a host record in DNS, other than useing Ipconfig /all in the workstation you are looking for?
0
 
tigermattCommented:

Sorry, but you're confused. The ipconfig /all approach is used to determine the host headers which are applied to a client PC. The host header is what is appended to a DNS query before it is submitted to the DNS server; DNS would NEVER respond to just nslookup server1, the system has to silently append '.domain.com' to the server1 query in order to get a successful result. The Host Header list simply defines the (list of) domain(s) which are appended automatically, to save you entering .domain.com each time.

nslookup is the tool to use to locate a record in DNS. With a little understanding of the DNS system, you can then use the result returned to identify the path to the record in DNS.

For example, a search for 'server1' with a positive match will indicate the record is located in the root of the appropriate Forward Lookup Zone, whereas a search for server1.subdomain would indicate the record is in the 'subdomain' container within your domain's Forward lookup zone.

-Matt
0
 
jskfanAuthor Commented:

If I understand in order to find the location of the record of certain host in DNS, you ping it's Netbios name(computername). you get its IP address, then you ping it's IP address with  "-a" you will get computername.XXXX.YYYY.com, then you go to XXXX zone in DNS and you will find the record.

This is in case you cannot go physically to the host and run ipconfig /all

Correct?
0
 
jskfanAuthor Commented:
I tried NSLookup with computername, it gave me computername.parentdomain.com, it should have given me computername.subdomain.parentdomain.

but when I ping <Ping -a IPaddress> it gives me the right suffix computername.subdomain.parentdomain.com
0
 
tigermattCommented:

An NSLookup of simply 'computername' which returns computername.domain.com indicates there is a computer by that domain in the Parent domain. If DNS returns that path explicitly, the record *must* be in the parent zone.

Doing a ping -a of the computer name essentially performs a reverse DNS lookup on the computer's IP address. While that particular computer's Reverse DNS may be computername.subdomain.parentdomain.com, there could quite easily be another computer in the parent domain by the same domain. It is also possible the PC was previously joined to the parent domain, was removed, but the DNS record is still present.

-Matt
0
All Courses

From novice to tech pro — start learning today.