Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Search the record in DNS

Posted on 2009-04-09
11
Medium Priority
?
197 Views
Last Modified: 2012-05-06
I would like to know if there is a way to find where the record for a specified DNS hoset is located.
When I use <Nslookup computername>,    it gives me the server where the host is, it also gives me the IP address of the host. But it doesn't give me which container it s located.

I will have to expand all the containers in DNS in order to find it.

Any better way to search and find where a certain record is located?

Thanks
0
Comment
Question by:jskfan
  • 6
  • 5
11 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24107573

Hey,

On an Active Directory domain, the DNS records for workstations will be in one location and one location anyway - Forward Lookup Zones, (your domain name). ALL the DNS records will be contained there.

If there is any subfolders, you will see this in the DNS name. For example, assuming domain.com is the Active Directory domain, the record server.host.domain.com will be located within the 'host' subfolder of the domain.com forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24108346
I have a DNS zone Mydomain.com, it has many containers under
I was trying to look for a record of a server1
I typed <NSLookup computer name>

I got:

Server:DC.Mydomain.com
address: 10.1.1.10

Name: server1
address: 10.1.1.99

when I wnet to DNS and clicked on the Mydomain.com zone, I didn't see the record for server1
I had to expand every container under the Mydomain.com zone(which is AD Integrated zone), then I found it under a container named Dev. I am not sure what this Dev container is, is it a child domain? how can I tell? is there an option in NSlookup that tells exactly where a certain record is ?

Thanks

 
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108385

Any subcontainer below any forward lookup zone is a subdomain of the main domain. In your case, records within the 'Dev' container would give the format <record>.dev.domain.com.

If you simply searched for 'server1', the client workstation you were searching from would have appended a DNS suffix to that server. Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List. Each of those would have been appended to the server name in turn, prior to the query being sent to the DNS server.

-Matt
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 

Author Comment

by:jskfan
ID: 24108749
<<Run an ipconfig /all at the workstation you were searching from, then note the entries in the DNS Suffix Search List.>>>

so I wil have to call the user to run ipconfig /all ??
is there any way to do it through NSLookup or any other command.??
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24108829

You cannot check the DNS Suffix List using NSLookup. It is machine-specific, although on an Active Directory domain, it will generally contain the Active Directory domain by default (and it will search all parent domains).

-Matt
0
 

Author Comment

by:jskfan
ID: 24110772
what do you use to find the location of a host record in DNS, other than useing Ipconfig /all in the workstation you are looking for?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24111477

Sorry, but you're confused. The ipconfig /all approach is used to determine the host headers which are applied to a client PC. The host header is what is appended to a DNS query before it is submitted to the DNS server; DNS would NEVER respond to just nslookup server1, the system has to silently append '.domain.com' to the server1 query in order to get a successful result. The Host Header list simply defines the (list of) domain(s) which are appended automatically, to save you entering .domain.com each time.

nslookup is the tool to use to locate a record in DNS. With a little understanding of the DNS system, you can then use the result returned to identify the path to the record in DNS.

For example, a search for 'server1' with a positive match will indicate the record is located in the root of the appropriate Forward Lookup Zone, whereas a search for server1.subdomain would indicate the record is in the 'subdomain' container within your domain's Forward lookup zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24113995

If I understand in order to find the location of the record of certain host in DNS, you ping it's Netbios name(computername). you get its IP address, then you ping it's IP address with  "-a" you will get computername.XXXX.YYYY.com, then you go to XXXX zone in DNS and you will find the record.

This is in case you cannot go physically to the host and run ipconfig /all

Correct?
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 24114194
Pretty much correct. The whole pinging, getting the IP and then ping -a would be unnecessary if you knew the PC name, since an nslookup of just the computer name *should* return the full DNS name of the PC.

You would then look in DNS at the appropriate location. So, look in the YYYY.com zone, expand the XXXX subdomain, and the record will be found in there.

Note that if your forward lookup zone is actually called XXXX.YYYY.com, you don't need to expand any subdomains; the record will be in the root of that zone.

-Matt
0
 

Author Comment

by:jskfan
ID: 24114826
I tried NSLookup with computername, it gave me computername.parentdomain.com, it should have given me computername.subdomain.parentdomain.

but when I ping <Ping -a IPaddress> it gives me the right suffix computername.subdomain.parentdomain.com
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24114853

An NSLookup of simply 'computername' which returns computername.domain.com indicates there is a computer by that domain in the Parent domain. If DNS returns that path explicitly, the record *must* be in the parent zone.

Doing a ping -a of the computer name essentially performs a reverse DNS lookup on the computer's IP address. While that particular computer's Reverse DNS may be computername.subdomain.parentdomain.com, there could quite easily be another computer in the parent domain by the same domain. It is also possible the PC was previously joined to the parent domain, was removed, but the DNS record is still present.

-Matt
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question