• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

How to make DNS queries answered by local server only

I have a windows2003 domain with domain controler called "bond" that is authuritative to the local domain only and we also have a binghamacademy.net domain on the internet which is hosted by apollo hosting,
My problem now is when every you make an nslookup query - if the address you are searching is not in the local zone , or unless i put a . at the end of the query - the local server assumes that it is a member of the internet domain and appends the name with my internet domain and our internet ip address as the ip address of any name,

Here are some screen shoots from nslookup

Z:\>nslookup
Default Server:  bond.local.binghamacademy.net
Address:  10.0.1.15
> set debug
>
> random
Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        random.local.BinghamAcademy.net, type = A, class = IN
    AUTHORITY RECORDS:
    ->  local.binghamacademy.net
        ttl = 3600 (1 hour)
        primary name server = bond.local.binghamacademy.net
        responsible mail addr = administrator.binghamacdemy.net
        serial  = 2694
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        random.BinghamAcademy.net, type = A, class = IN
    ANSWERS:
    ->  random.BinghamAcademy.net
        internet address = 66.96.146.110
        ttl = 240 (4 mins)

------------
Non-authoritative answer:
Name:    random.BinghamAcademy.net
Address:  66.96.146.110

/////////////////////////////////////////////////////////////////

it also does the same thing for a legitimate website

Z:\>nslookup
Default Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

> google.com
Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

Non-authoritative answer:
Name:    google.com.BinghamAcademy.net
Address:  66.96.146.110

>

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////



But if i enforce the search scope to local using set srchlist - everything works properly as shown below,


> set srchlist=local.binghamacademy.net
> random
Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        random.local.binghamacademy.net, type = A, class = IN
    AUTHORITY RECORDS:
    ->  local.binghamacademy.net
        ttl = 3600 (1 hour)
        primary name server = bond.local.binghamacademy.net
        responsible mail addr = administrator.binghamacdemy.net
        serial  = 2694
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
*** bond.local.binghamacademy.net can't find random: Non-existent domain
>
>
>
> set srchlist=local.binghamacademy.net
> google.com
Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

Non-authoritative answer:
Name:    google.com
Addresses:  209.85.229.106, 209.85.229.147, 209.85.229.99, 209.85.229.103
          209.85.229.104, 209.85.229.105

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Also if i add a . at the end of the query with out setting the searchlist to local it also works correctly

Z:\>nslookup
Default Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

> google.com.
Server:  bond.local.binghamacademy.net
Address:  10.0.1.15

Non-authoritative answer:
Name:    google.com
Addresses:  209.85.229.105, 209.85.229.106, 209.85.229.147, 209.85.229.99
          209.85.229.103, 209.85.229.104

>

my understanding of DNS is not very good - so could some one tell me if there is some way of forcing the local server to answer queries to its member computers only and forward the rest appropriately - rather than appending the internet suffix ?

Please let me know if you need more details,
Just to add some more info, i use forwarders to my ISPs DNS servers and root hints.

0
binghamacademy
Asked:
binghamacademy
  • 2
  • 2
1 Solution
 
Vaidas911Commented:
Add "." in the DNS suffix list. You can do this manually or in Domain Group Policy.
0
 
binghamacademyAuthor Commented:
Add "." in the DNS suffix list. ---- In the DNS server only ?

You can do this manually or in Domain Group Policy. - How ?
0
 
Vaidas911Commented:
First try it on server, then deploy it to clients. Also note that clients should point only to your local DNS server, not ISP and server should point to itself - primary and the only address should be 127.0.0.1
Group policy: computer configaration\administrative templates\network\dnsclient\Dns suffix
0
 
binghamacademyAuthor Commented:
Thanks friend, I added a group policy entry of "DNS Suffix Search List" to the "Domain Computers " Policy and after refreshing the policy on the member computers - they are working properly.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now