Solved

Domain name appended to DNS server Call

Posted on 2010-08-25
12
506 Views
Last Modified: 2012-05-10
What we believe is happening is that out local computer domain name is being appended to the end of any domain call we make (when not resolved with our local DNS server). An example is below:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dbaker>nslookup
Default Server:  UnKnown
Address:  172.16.1.151 (this is our local DNS server)

> www.yahoo.com
Server:  UnKnown
Address:  172.16.1.151

Non-authoritative answer:
Name:    any-fp.wa1.b.yahoo.com
Addresses:  72.30.2.43
          98.137.149.56
Aliases:  www.yahoo.com
          fp.wg1.b.yahoo.com

> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server:  ns.xmission.com
Address:  198.60.22.2

> www.yahoo.com
Server:  ns.xmission.com
Address:  198.60.22.2

Non-authoritative answer:
Name:    www.yahoo.com.amirsys-int.com  (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address:  68.178.232.99

>

The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.

Thanks for any help you can send my direction.
0
Comment
Question by:Amirsys
  • 6
  • 4
  • 2
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33526680
Please read over.

Solution is to add "." in DNS suffix list

http://forums.devshed.com/dns-36/external-dns-error-143104.html
0
 

Author Comment

by:Amirsys
ID: 33526933
Un-checking the append has no affect and your left to put a . in the list creating the need to work with fully qualified domain name for computers. That is not a valid solution. This is not a valid solution as this is something that just started on my network in the last few weeks. What would cause this to change from working and now not working?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33527055
This just didn't just start happening.
0
 

Author Comment

by:Amirsys
ID: 33527072
well the cell cards that tipped me off to this issue had been working for almost 2 years before I found this as the end problem. We tracked it down when domain users with laptops could not longer connect to exchange when away from the office.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33529566

nslookup will *always* append suffixes unless you feed it a terminated name.

e.g.

nslookup www.yahoo.com.

It will not obey any settings to tick boxes on the client system because nslookup is a debugging tool, not part of the client resolver.

If "ping www.yahoo.com" exhibits the same problem you either need to set up a Group Policy to prevent clients appending the DNS Suffix Search List (to multi-label names):

Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries

Or you need to ensure that none of the suffixes used by the client contain Wildcard DNS records (*.domain.com).

Chris
0
 

Author Comment

by:Amirsys
ID: 33531972
Things are starting to make sense. The problem we get into is that when working with outlook offsite we call a proxy server. The proxy is exchange.company.com but the dns call is exchange.company.com.company-int.com and that resolves to a different IP so the outlook client can't connect to the server.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33532027

Yeah, that would be a typical wildcard response.

Which OS version are you running? The behaviour associated with the policy setting I mentioned above is something they changed pretty late on in XP (quite possibly SP 3). I only really rely on it being the default on Windows 7.

Chris
0
 

Author Comment

by:Amirsys
ID: 33532464
I have seen it on both windows xp spe and windows 7. How to you solve it on the cert then or can you?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33532494

Check the patch level, otherwise you can directly edit the registry to fix up its behaviour. I wrote a fairly brief article on this quite a while ago:

http://www.experts-exchange.com/Networking/Protocols/DNS/A_652-DNS-Wildcards-and-Search-Lists.html

It doesn't cover the policy, but if the policy isn't working for you the registry keys it describes will :)

Still, the policy definitely will work for Windows 7 so try that first.

Chris
0
 

Author Comment

by:Amirsys
ID: 33534397
Am I looking for DNSClient or AppendToMultiLabelName in the registry or am I creating the registry item?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33534911

DNSClient is the registry key the policy sits under. Then AppendToMultiLabelName is the value name. Some of all of the keys and the value are likely to need creating.

If it supports the Policy version it should also accept the Group Policy implementation (which is far easier to maintain / track). If not, give the instructions I posted for 2003 a try, it's been a while since I've been in a position to test that thoroughly.

Chris
0
 

Author Closing Comment

by:Amirsys
ID: 33559963
After working with Microsoft, this was a solution they mentioned but not the complete solution.
0

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now