Solved

Domain name appended to DNS server Call

Posted on 2010-08-25
12
507 Views
Last Modified: 2012-05-10
What we believe is happening is that out local computer domain name is being appended to the end of any domain call we make (when not resolved with our local DNS server). An example is below:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dbaker>nslookup
Default Server:  UnKnown
Address:  172.16.1.151 (this is our local DNS server)

www.yahoo.com
Server:  UnKnown
Address:  172.16.1.151

Non-authoritative answer:
Name:    any-fp.wa1.b.yahoo.com
Addresses:  72.30.2.43
          98.137.149.56
Aliases:  www.yahoo.com
          fp.wg1.b.yahoo.com

> server 198.60.22.2 (this is a DNS server from an internet provider in Salt Lake City Utah)
Default Server:  ns.xmission.com
Address:  198.60.22.2

www.yahoo.com
Server:  ns.xmission.com
Address:  198.60.22.2

Non-authoritative answer:
Name:    www.yahoo.com.amirsys-int.com  (notice that the Amirsys-int.com is appended to the www.yahoo.com nslookup)
Address:  68.178.232.99

>

The Amirsys-int.com is the domain that all of our computers are members of. What is it that could be causing this to be added? It should not be that is for sure.

Thanks for any help you can send my direction.
0
Comment
Question by:Amirsys
  • 6
  • 4
  • 2
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33526680
Please read over.

Solution is to add "." in DNS suffix list

http://forums.devshed.com/dns-36/external-dns-error-143104.html
0
 

Author Comment

by:Amirsys
ID: 33526933
Un-checking the append has no affect and your left to put a . in the list creating the need to work with fully qualified domain name for computers. That is not a valid solution. This is not a valid solution as this is something that just started on my network in the last few weeks. What would cause this to change from working and now not working?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33527055
This just didn't just start happening.
0
 

Author Comment

by:Amirsys
ID: 33527072
well the cell cards that tipped me off to this issue had been working for almost 2 years before I found this as the end problem. We tracked it down when domain users with laptops could not longer connect to exchange when away from the office.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33529566

nslookup will *always* append suffixes unless you feed it a terminated name.

e.g.

nslookup www.yahoo.com.

It will not obey any settings to tick boxes on the client system because nslookup is a debugging tool, not part of the client resolver.

If "ping www.yahoo.com" exhibits the same problem you either need to set up a Group Policy to prevent clients appending the DNS Suffix Search List (to multi-label names):

Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries

Or you need to ensure that none of the suffixes used by the client contain Wildcard DNS records (*.domain.com).

Chris
0
 

Author Comment

by:Amirsys
ID: 33531972
Things are starting to make sense. The problem we get into is that when working with outlook offsite we call a proxy server. The proxy is exchange.company.com but the dns call is exchange.company.com.company-int.com and that resolves to a different IP so the outlook client can't connect to the server.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 33532027

Yeah, that would be a typical wildcard response.

Which OS version are you running? The behaviour associated with the policy setting I mentioned above is something they changed pretty late on in XP (quite possibly SP 3). I only really rely on it being the default on Windows 7.

Chris
0
 

Author Comment

by:Amirsys
ID: 33532464
I have seen it on both windows xp spe and windows 7. How to you solve it on the cert then or can you?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33532494

Check the patch level, otherwise you can directly edit the registry to fix up its behaviour. I wrote a fairly brief article on this quite a while ago:

http://www.experts-exchange.com/Networking/Protocols/DNS/A_652-DNS-Wildcards-and-Search-Lists.html

It doesn't cover the policy, but if the policy isn't working for you the registry keys it describes will :)

Still, the policy definitely will work for Windows 7 so try that first.

Chris
0
 

Author Comment

by:Amirsys
ID: 33534397
Am I looking for DNSClient or AppendToMultiLabelName in the registry or am I creating the registry item?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33534911

DNSClient is the registry key the policy sits under. Then AppendToMultiLabelName is the value name. Some of all of the keys and the value are likely to need creating.

If it supports the Policy version it should also accept the Group Policy implementation (which is far easier to maintain / track). If not, give the instructions I posted for 2003 a try, it's been a while since I've been in a position to test that thoroughly.

Chris
0
 

Author Closing Comment

by:Amirsys
ID: 33559963
After working with Microsoft, this was a solution they mentioned but not the complete solution.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now