Solved

Domain name appended to DNS server Call

Posted on 2010-08-25
12
512 Views
Last Modified: 2012-05-10
What we believe is happening is that out local computer domain name is being appended to the end of any domain call we make (when not resolved with our local DNS server). An example is below:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dbaker>nslookup
Default Server:  UnKnown
Address:  172.16.1.151 (this is our local DNS server)

www.yahoo.com
Server:  UnKnown
Address:  172.16.1.151

Non-authoritative answer:
Name:    any-fp.wa1.b.yahoo.com
Addresses:  72.30.2.43
          98.137.149.56
Aliases:  www.yahoo.com
          fp.wg1.b.yahoo.com

> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server:  ns.xmission.com
Address:  198.60.22.2

www.yahoo.com
Server:  ns.xmission.com
Address:  198.60.22.2

Non-authoritative answer:
Name:    www.yahoo.com.amirsys-int.com  (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address:  68.178.232.99

>

The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.

Thanks for any help you can send my direction.
0
Comment
Question by:Amirsys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33526680
Please read over.

Solution is to add "." in DNS suffix list

http://forums.devshed.com/dns-36/external-dns-error-143104.html
0
 

Author Comment

by:Amirsys
ID: 33526933
Un-checking the append has no affect and your left to put a . in the list creating the need to work with fully qualified domain name for computers. That is not a valid solution. This is not a valid solution as this is something that just started on my network in the last few weeks. What would cause this to change from working and now not working?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33527055
This just didn't just start happening.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:Amirsys
ID: 33527072
well the cell cards that tipped me off to this issue had been working for almost 2 years before I found this as the end problem. We tracked it down when domain users with laptops could not longer connect to exchange when away from the office.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33529566

nslookup will *always* append suffixes unless you feed it a terminated name.

e.g.

nslookup www.yahoo.com.

It will not obey any settings to tick boxes on the client system because nslookup is a debugging tool, not part of the client resolver.

If "ping www.yahoo.com" exhibits the same problem you either need to set up a Group Policy to prevent clients appending the DNS Suffix Search List (to multi-label names):

Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries

Or you need to ensure that none of the suffixes used by the client contain Wildcard DNS records (*.domain.com).

Chris
0
 

Author Comment

by:Amirsys
ID: 33531972
Things are starting to make sense. The problem we get into is that when working with outlook offsite we call a proxy server. The proxy is exchange.company.com but the dns call is exchange.company.com.company-int.com and that resolves to a different IP so the outlook client can't connect to the server.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33532027

Yeah, that would be a typical wildcard response.

Which OS version are you running? The behaviour associated with the policy setting I mentioned above is something they changed pretty late on in XP (quite possibly SP 3). I only really rely on it being the default on Windows 7.

Chris
0
 

Author Comment

by:Amirsys
ID: 33532464
I have seen it on both windows xp spe and windows 7. How to you solve it on the cert then or can you?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33532494

Check the patch level, otherwise you can directly edit the registry to fix up its behaviour. I wrote a fairly brief article on this quite a while ago:

http://www.experts-exchange.com/Networking/Protocols/DNS/A_652-DNS-Wildcards-and-Search-Lists.html

It doesn't cover the policy, but if the policy isn't working for you the registry keys it describes will :)

Still, the policy definitely will work for Windows 7 so try that first.

Chris
0
 

Author Comment

by:Amirsys
ID: 33534397
Am I looking for DNSClient or AppendToMultiLabelName in the registry or am I creating the registry item?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33534911

DNSClient is the registry key the policy sits under. Then AppendToMultiLabelName is the value name. Some of all of the keys and the value are likely to need creating.

If it supports the Policy version it should also accept the Group Policy implementation (which is far easier to maintain / track). If not, give the instructions I posted for 2003 a try, it's been a while since I've been in a position to test that thoroughly.

Chris
0
 

Author Closing Comment

by:Amirsys
ID: 33559963
After working with Microsoft, this was a solution they mentioned but not the complete solution.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question