Amirsys
asked on
Domain name appended to DNS server Call
What we believe is happening is that out local computer domain name is being appended to the end of any domain call we make (when not resolved with our local DNS server). An example is below:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\dbaker>nslookup
Default Server: UnKnown
Address: 172.16.1.151 (this is our local DNS server)
> www.yahoo.com
Server: UnKnown
Address: 172.16.1.151
Non-authoritative answer:
Name: any-fp.wa1.b.yahoo.com
Addresses: 72.30.2.43
98.137.149.56
Aliases: www.yahoo.com
fp.wg1.b.yahoo.com
> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server: ns.xmission.com
Address: 198.60.22.2
> www.yahoo.com
Server: ns.xmission.com
Address: 198.60.22.2
Non-authoritative answer:
Name: www.yahoo.com.amirsys-int.com (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address: 68.178.232.99
>
The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.
Thanks for any help you can send my direction.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\dbaker>nslookup
Default Server: UnKnown
Address: 172.16.1.151 (this is our local DNS server)
> www.yahoo.com
Server: UnKnown
Address: 172.16.1.151
Non-authoritative answer:
Name: any-fp.wa1.b.yahoo.com
Addresses: 72.30.2.43
98.137.149.56
Aliases: www.yahoo.com
fp.wg1.b.yahoo.com
> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server: ns.xmission.com
Address: 198.60.22.2
> www.yahoo.com
Server: ns.xmission.com
Address: 198.60.22.2
Non-authoritative answer:
Name: www.yahoo.com.amirsys-int.com (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address: 68.178.232.99
>
The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.
Thanks for any help you can send my direction.
ASKER
Un-checking the append has no affect and your left to put a . in the list creating the need to work with fully qualified domain name for computers. That is not a valid solution. This is not a valid solution as this is something that just started on my network in the last few weeks. What would cause this to change from working and now not working?
This just didn't just start happening.
ASKER
well the cell cards that tipped me off to this issue had been working for almost 2 years before I found this as the end problem. We tracked it down when domain users with laptops could not longer connect to exchange when away from the office.
nslookup will *always* append suffixes unless you feed it a terminated name.
e.g.
nslookup www.yahoo.com.
It will not obey any settings to tick boxes on the client system because nslookup is a debugging tool, not part of the client resolver.
If "ping www.yahoo.com" exhibits the same problem you either need to set up a Group Policy to prevent clients appending the DNS Suffix Search List (to multi-label names):
Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries
Or you need to ensure that none of the suffixes used by the client contain Wildcard DNS records (*.domain.com).
Chris
ASKER
Things are starting to make sense. The problem we get into is that when working with outlook offsite we call a proxy server. The proxy is exchange.company.com but the dns call is exchange.company.com.compa ny-int.com and that resolves to a different IP so the outlook client can't connect to the server.
Yeah, that would be a typical wildcard response.
Which OS version are you running? The behaviour associated with the policy setting I mentioned above is something they changed pretty late on in XP (quite possibly SP 3). I only really rely on it being the default on Windows 7.
Chris
ASKER
I have seen it on both windows xp spe and windows 7. How to you solve it on the cert then or can you?
Check the patch level, otherwise you can directly edit the registry to fix up its behaviour. I wrote a fairly brief article on this quite a while ago:
https://www.experts-exchange.com/Networking/Protocols/DNS/A_652-DNS-Wildcards-and-Search-Lists.html
It doesn't cover the policy, but if the policy isn't working for you the registry keys it describes will :)
Still, the policy definitely will work for Windows 7 so try that first.
Chris
ASKER
Am I looking for DNSClient or AppendToMultiLabelName in the registry or am I creating the registry item?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After working with Microsoft, this was a solution they mentioned but not the complete solution.
Solution is to add "." in DNS suffix list
http://forums.devshed.com/dns-36/external-dns-error-143104.html