DNS - nslookup query

Hi experts,

the issue just happened yesterday. basically the nslookup showing weird thing.
when i did nslookup it's adding ".com.au" at the end.

so when i type www.google.com.au, the reply is

Non-authoritative answer:
Name: www.google.com.au.com.au
Address: 67.19.113.186

and if i type google
then the reply is the correct one
Non-authoritative answer:
Name: google.com.au
Addresses: 74.125.91.104, etc

but all the website is running fine. If i'm browsing using IE; it's all resolving to the correct address. I've cleared my cookies etc, and close, re-open a new browser, it's all resolving good.

I have no idea on how to solve that nslookup problem thing.

Expert, can you please help?

cheers.
LVL 2
DAHITSydneyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AdraenyseCommented:
It sounds like you have a DNS suffix programmed in your TCP/IP settings. This may have been placed there by your ISP, and the last time your computer or router updated itself via DHCP, the suffix could have been added.

If you open a command prompt window and type IPCONFIG /ALL you will be able to find the line that reads "DNS Suffix Search List". Is ".com.au" listed there? (Or any other search for that matter?)
0
DAHITSydneyAuthor Commented:
Hi Adraenyse,

Yes; it's there DNS Suffix Search list, there is a ".com.au" stated. there.

so, how do i know if my ISP put it there? or something wrong in my network configuration (either router, firewall, etc)? is this a serious issue? or i can simply ignore this? or i need to notify my ISP?

Please advise
0
AdraenyseCommented:
If your web browsing is working fine, then you can safely ignore it.

What the DNS search suffix does is append itself to any query that you make that does not come back with a response.

For example, you could type just "google" into IE and, failing to lookup "google", your computer would then try "google.com.au".

Here at our office, we have "4web.net" in our suffix list. That way I can type the name of any server or interface into my browser without adding "4web.net", and the browser will automatically add the suffix and find the machine.

Now, why your nslookup is actually forcing the suffix on the end of a valid name is strange. If you type in "google.com.au" it should be able to perform the proper lookup. I don't have a quick answer for that one.

0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

DAHITSydneyAuthor Commented:
Hi Adraenyse,
sorry; but still not solving my problem. it was working fine 2 days ago. and not sure why this thing happening. I've asked my team in IT; and no changed in the last 2 days.
0
Chris DentPowerShell DeveloperCommented:

www.google.com.au.com.au does resolve to a valid record.

When you ping an address, or use the DNS Client on your computer it will not append your suffix if the name is multi-label. That's why IE and the like are working, there's even a registry setting to control the behaviour.

NsLookup on the other hand is a much simpler creature. It will append the suffix regardless.

When a system appends a suffix it does so before submitting a query without. This can be seen in NsLookup with:

nslookup
set debug
www.google.com.au

You should see (in QUESTIONS) that first it asks for www.google.com.au.PrimaryDNSSuffix then it will run through any additional suffixes in order before finally asking for "www.google.com.au". It will stop when it gets a valid answer, unfortunately for you that's a bit too soon.

Given that you don't control com.au I suggest you remove that DNS Suffix. It is responsible for the misleading results in NsLookup. There's nothing you can do to change that except by removing the suffix from your search list.

Chris
0
AdraenyseCommented:
How does one remove a suffix that is being set via DHCP? He didn't put it there in the first place.
0
Chris DentPowerShell DeveloperCommented:

I'd be surprised if DHCP was populating that field, I don't know of any DHCP servers that can do so (doesn't mean there aren't any, just that I'd be surprised).

There's no harm in removing the entry then running "ipconfig /renew" or release then renew to see if it reappears.

Chris
0
AdraenyseCommented:
Given that it appeared without him ever knowing what it was, it's pretty safe to assume it came via DHCP.

It's standard practice from every ISP I've encounted, to add their own domain such as "ed.shawcable.net" to the suffix, which allows the end user to simply put "mail" or "news" into their programs, rather than the FQDN.

Why this ISP put "com.au" is beyond me;  that question should be put to the ISP.
0
Chris DentPowerShell DeveloperCommented:

Fair enough.

I only wanted to clarify on the bit you said you didn't know about anyway ("why your nslookup is actually forcing the suffix on the end of a valid name is strange").

Chris
0
AdraenyseCommented:
I appreciate that, I figured that was the behavior but I won't post something I don't know for certain.
0
Chris DentPowerShell DeveloperCommented:

Always a good plan :) I'm sure you have the rest of this in hand, I hadn't even noticed it wasn't a domain environment, you don't get much activity in this zone for the simpler situations.

Chris
0
DAHITSydneyAuthor Commented:
Hi all,

thanks for all the replies.
so in short, the problem all back to my ISP? i need to ask them why they put additional suffix (com.au) in our DNS?

Please advise before I contact them (My ISP)?

Cheers.
0
AdraenyseCommented:
You can confirm by going to a command prompt and typing:

ipconfig /release

then

ipconfig /renew

then

ipconfig /all

and if you see the suffix, then yes, your ISP is sending it down with your request for an IP address.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.