Solved

nslookup FQDN fail

Posted on 2010-11-12
14
2,902 Views
Last Modified: 2012-05-10
When i run nslookup FQDN, i get DNS request timed out but when i run nslookup hostname then no problem.

i already checked and the reverse DNS is exist in my AD.
do you know why this happen?

c:\>nslookup dc01.abc.com
Server:  dc01.abc.com
Address:  192.168.0.1
DNS request timed out.
    timeout was 2 seconds.
Name:    dc01.abc.com
Address:  192.168.0.1

c:\>nslookup dc01
Server:  dc01.abc.com
Address:  192.168.0.1
Name:    dc01.abc.com
Address:  192.168.0.1
0
Comment
Question by:gavintham
14 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34127209
Hi,

it looks like problems with DNS setup (maybe domain suffix or possibly multihoming issues). What OS version are you running?

I suppose that "abc.com" is just for example and not your actual domain name. What I'd like to know is - have you internally named your domain "abc.local" or same as the public domain "abc.com"?

If possible, run:

ipconfig /all

and

dcdiag /c

on you domain controller and post the outputs here (of couurse obscure any sensitive data before posting).

Regards,
Tomislav
0
 
LVL 2

Assisted Solution

by:Aanand555
Aanand555 earned 120 total points
ID: 34127290
Hi,
   It seems the either your dns configuration is not proper or there may be fire wall issue which
prevents dns query from either dns client or dns server(plz check fire wall and connectivity between the both machines,for this u can use Portqry tool which is available at article 832919 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=111855).

change your dns suffix accordingly to your domain name
To add a DNS suffix search list

    Click Start, right-click My Network Places, and then click Properties.

    Right-click Local Area Connection, and then click Properties.

    Double-click Internet Protocol (TCP/IP), and then click Advanced.

    Click the DNS tab, and then click Append these DNS suffixes (in order).

    Click Add, type the domain suffix of the desired domain, and then click Add.

hope it will definitely help you
Redards,
Aannad555
0
 
LVL 11

Expert Comment

by:sighar
ID: 34127541
Is it a W2K8 server? I've had problems until I allow zone transfers, even on the actual DNS server.
0
 

Author Comment

by:gavintham
ID: 34134170
hi All,

Thank you for reply.
This is windows 2003 SP2

hi Aanand555,
I tried your method it manage to nslookup with FQDN but fail to nslookup with hostname.
result as below:

C:\>nslookup dc01.abc.com
Server:  dc01.abc.com
Address:  192.168.0.1

Name:    dc01.abc.com
Address:  192.168.0.1


C:\>nslookup dc01
Server:  dc01.abc.com
Address:  192.168.0.1

*** dc01.abc.com can't find dc01: Non-existent domain
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 34134246
Hi,

can you confirm, does the reverse lookup zone have the record for dc01?

Cheers,
Prem
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34134291
Hi gavintham,

since your original nslookup for dc01 correctly resolved to querying dc01.abc.com (that is what you posted) I think that your NIC settings on DNS client were OK.

Could you please answer this:
- Are your internal and external domain names same (you haven't replied to that)?
- Where are you running your DNS queries - on your DNS server or on another computer in your LAN?
- Do you have multiple NICs in your DNS server?
- Is your DNS set to listen for DNS queries on on one IP address or multiple IP addresses?
- Have you made any changes to Advanced TCP/IP settings on NIC on your DNS server?
- Can you sucessfully resolve other external addresses (with your original setup) - like for example nslookup for www.google.com?

I suppose that you had no errors in ipconfig and dcdiag or that you can't post them here. These would better show possible causes for your problems. Nslookup only tells you that you have the problem.

Regards,
Tomislav
0
 

Author Comment

by:gavintham
ID: 34134461
hi tstritof,

below configuration was done when i change the DNS suffix
DC01 = hostname
abc.com = domain name

-----------------------------------------------------------------------------------------
C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc01
   Primary Dns Suffix  . . . . . . . : abc.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dc01.abc.com
                                       dc02.abc.com
                                       dc03.abc.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-60-66-94-66-3A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.254
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       192.168.0.2
                                       192.168.0.3
---------------------------------------------------------------------------------------------------------------

Result to run dcdiag /c

---------------------------------------------------------------------------------------------------------------
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\DC01
      Starting test: Replications
         ......................... DC01 passed test Replications
      Starting test: Topology
         ......................... DC01 passed test Topology
      Starting test: CutoffServers
         ......................... DC01 passed test CutoffServers
      Starting test: NCSecDesc
         ......................... DC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... DC01 passed test NetLogons
      Starting test: Advertising
         ......................... DC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DC01 passed test RidManager
      Starting test: MachineAccount
         ......................... DC01 passed test MachineAccount
      Starting test: Services
         ......................... DC01 passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... DC01 passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... DC01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC01 passed test frssysvol
      Starting test: frsevent
         ......................... DC01 passed test frsevent
      Starting test: kccevent
         ......................... DC01 passed test kccevent
      Starting test: systemlog
         ......................... DC01 passed test systemlog
      Starting test: VerifyReplicas
         ......................... DC01 passed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... DC01 passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... DC01 passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         [DC01] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... DC01 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : abc
      Starting test: CrossRefValidation
         ......................... abc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... abc passed test CheckSDRefDom
   
   Running enterprise tests on : abc.com
      Starting test: Intersite
         ......................... abc.com passed test Intersite
      Starting test: FsmoCheck
         ......................... abc.com passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: dc01.abc.com
            Domain: abc.com

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 202.188.0.133 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 202.188.1.5 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 202.188.1.5 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.188.1.5
               
            DNS server: 202.188.0.133 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.188.0.133
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: abc.com
               dc01                    PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... abc.com failed test DNS
0
 

Author Comment

by:gavintham
ID: 34134664
hi premglitz,

Yes the reverse record lookup zone got dc01

hi Tomislav,

Below the answer:

Could you please answer this:
- Are your internal and external domain names same (you haven't replied to that)?
Yes both domain is using the same name

- Where are you running your DNS queries - on your DNS server or on another computer in your LAN?
I run the DNS queries in DNS server it self

- Do you have multiple NICs in your DNS server?
No, only one NIC card

- Is your DNS set to listen for DNS queries on on one IP address or multiple IP addresses?
We have 3 DNS server therefore we set to listen to 3 DNS IP

- Have you made any changes to Advanced TCP/IP settings on NIC on your DNS server?
Yes, just change the DNS suffix

- Can you sucessfully resolve other external addresses (with your original setup) - like for example nslookup for www.google.com?

No, cannot resolve external address
Result:
C:\>nslookup google.com
Server:  dc01.abc.com
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
*** Request to dc01.abc.com timed-out
0
 
LVL 7

Accepted Solution

by:
tstritof earned 130 total points
ID: 34134851
Well - 3 things:

1) If your computer's FQDN (in Computer > Properties) is DC01.abc.com then your primary DNS suffix is abc.com and you didn't have to add DNS suffixes to your NIC, just leave the "Append Primary and Connection Specific DNS Suffixes". That way abc.com is automatically appended to names like DC01 in nslookup. The success of doing nslookup for DC01 in your original configuration proves that.
2) You misconfigured the DNS suffix search list. You have specified names of your DCs instead of domain suffixes - the only value there should be abc.com. However, I suggest again that you revert to original settings.
3) You have a problem with your gateway or internet access. No forwarders or root-hint servers can be accessed from your server. This could be a router failure or firewall issue.

Please try the following:
1) Change your NIC IP settings to as they were before.
2) Run the following command at cmd prompt:
tracert 74.125.87.99
This is IP address of www.google.com. So if it succeeds try running:
tracert www.google.com

Regards,
Tomislav
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34136167
Another thing.

You say that you have 3 DNS servers. Are your other servers properly resolving nslookups for their FQDN and external names.

If yes, check that your gateway on dc01 is the same as on dc02, and you may also apply appropriate checks for other NIC and DNS settings except:
- DNS server order on NIC IP settings (each server should have it's own IP address listed first in DNS server list),
- listen on property for each DNS server should match it's own single IP address.

If that checks out (gateways and other settings) then you might have problems with your dc01 NIC connectivity. To test that try pinging dc01 (192.168.0.1) from other computers on the network. Also try pinging your dc02, dc03 and gateway (192.168.0.2, 192.168.0.3 and 192.168.0.254) from dc01.

Regards,
Tomislav
0
 

Author Comment

by:gavintham
ID: 34141943
hi Tomislav,

C:\>tracert 74.125.87.99

Tracing route to hb-in-f99.1e100.net [74.125.87.99]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.254
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *     ^C
C:\>tracert www.google.com

Tracing route to www.l.google.com [64.233.181.147]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.254
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.

All the gateway and DNS setting is correct.
i already change back to the original setting before DNS suffix.

i got 3 DNS server, only one is OK. the reset are having problem.
0
 

Author Comment

by:gavintham
ID: 34142741
hi All,

i added type the domain suffix of the desired domain with "abc.com".

now i can nslookup dc01 and nslookup dc01.abc.com

just to confirm is this setting correct?
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34144288
gavintham,

the dns suffix abc.com doesn't hurt if it isn't literally "abc.com" :)

I've checked pinging your DNS forwarders and some root servers by IP, and they ping OK. The fact that DNS tests on your domain controller fail contacting your forwarders and root servers by their IP address means that you are having serious IP routing problems on your network.

Questions:
1) What type of router is 192.168.0.254? Is it by any chance some smart firewall (like ISA)? If the firewall is misconfigured that could explain you not reaching the internet from dc01.
2) Is it possible that you have accidentally set up duplicate IP addresses for some NICs on your network?
3) Do you have a DHCP server running? Have you made sure that IP addresses assigned by DHCP do not overlap with addresses that you manually assigned to your server?

Regards,
Tomislav



0
 

Author Comment

by:gavintham
ID: 34170216
Hi All,

our DNS servers are go thur ISA server to go internet.
anywhere change the DNS suffix already resolve my problem.

i will clos this case.
0

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now