[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 517
  • Last Modified:

Domain name appended to DNS server Call

What we believe is happening is that out local computer domain name is being appended to the end of any domain call we make (when not resolved with our local DNS server). An example is below:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dbaker>nslookup
Default Server:  UnKnown
Address:  172.16.1.151 (this is our local DNS server)

www.yahoo.com
Server:  UnKnown
Address:  172.16.1.151

Non-authoritative answer:
Name:    any-fp.wa1.b.yahoo.com
Addresses:  72.30.2.43
          98.137.149.56
Aliases:  www.yahoo.com
          fp.wg1.b.yahoo.com

> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server:  ns.xmission.com
Address:  198.60.22.2

www.yahoo.com
Server:  ns.xmission.com
Address:  198.60.22.2

Non-authoritative answer:
Name:    www.yahoo.com.amirsys-int.com  (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address:  68.178.232.99

>

The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.

Thanks for any help you can send my direction.
0
Amirsys
Asked:
Amirsys
  • 6
  • 4
  • 2
1 Solution
 
Darius GhassemCommented:
Please read over.

Solution is to add "." in DNS suffix list

http://forums.devshed.com/dns-36/external-dns-error-143104.html
0
 
AmirsysAuthor Commented:
Un-checking the append has no affect and your left to put a . in the list creating the need to work with fully qualified domain name for computers. That is not a valid solution. This is not a valid solution as this is something that just started on my network in the last few weeks. What would cause this to change from working and now not working?
0
 
Darius GhassemCommented:
This just didn't just start happening.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
AmirsysAuthor Commented:
well the cell cards that tipped me off to this issue had been working for almost 2 years before I found this as the end problem. We tracked it down when domain users with laptops could not longer connect to exchange when away from the office.
0
 
Chris DentPowerShell DeveloperCommented:

nslookup will *always* append suffixes unless you feed it a terminated name.

e.g.

nslookup www.yahoo.com.

It will not obey any settings to tick boxes on the client system because nslookup is a debugging tool, not part of the client resolver.

If "ping www.yahoo.com" exhibits the same problem you either need to set up a Group Policy to prevent clients appending the DNS Suffix Search List (to multi-label names):

Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries

Or you need to ensure that none of the suffixes used by the client contain Wildcard DNS records (*.domain.com).

Chris
0
 
AmirsysAuthor Commented:
Things are starting to make sense. The problem we get into is that when working with outlook offsite we call a proxy server. The proxy is exchange.company.com but the dns call is exchange.company.com.company-int.com and that resolves to a different IP so the outlook client can't connect to the server.
0
 
Chris DentPowerShell DeveloperCommented:

Yeah, that would be a typical wildcard response.

Which OS version are you running? The behaviour associated with the policy setting I mentioned above is something they changed pretty late on in XP (quite possibly SP 3). I only really rely on it being the default on Windows 7.

Chris
0
 
AmirsysAuthor Commented:
I have seen it on both windows xp spe and windows 7. How to you solve it on the cert then or can you?
0
 
Chris DentPowerShell DeveloperCommented:

Check the patch level, otherwise you can directly edit the registry to fix up its behaviour. I wrote a fairly brief article on this quite a while ago:

http://www.experts-exchange.com/Networking/Protocols/DNS/A_652-DNS-Wildcards-and-Search-Lists.html

It doesn't cover the policy, but if the policy isn't working for you the registry keys it describes will :)

Still, the policy definitely will work for Windows 7 so try that first.

Chris
0
 
AmirsysAuthor Commented:
Am I looking for DNSClient or AppendToMultiLabelName in the registry or am I creating the registry item?
0
 
Chris DentPowerShell DeveloperCommented:

DNSClient is the registry key the policy sits under. Then AppendToMultiLabelName is the value name. Some of all of the keys and the value are likely to need creating.

If it supports the Policy version it should also accept the Group Policy implementation (which is far easier to maintain / track). If not, give the instructions I posted for 2003 a try, it's been a while since I've been in a position to test that thoroughly.

Chris
0
 
AmirsysAuthor Commented:
After working with Microsoft, this was a solution they mentioned but not the complete solution.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now