• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

DNS and Nslookup question Active Directory

Hi,

I have just type nslookup 'AD domain name' and it returned a list of DC's
but also a strange IP of a subnet.

For example:

Name: gb.vo.local
Addresses: 192.168.21.4
192.168.21.0 (what is this?)
192.168.21.1  - this is DC1
192.168.21.2  - this is DC2

In DNS:

(same as parent folder) - 192.168.21.0

This is 192.168.21.0 the IP of a subnet (what is this?)

I am having the same problem but pointing to a different IP.

http://forums.techarena.in/active-directory/1205416.htm

Why this happens? Any ideas?
0
llarava
Asked:
llarava
  • 11
  • 6
1 Solution
 
SteveeBCommented:
192.168.21.0 is not a valid IP address. It  is used in routing tables and by the Internet Protocol internally to identify the 192.168.21.x network as a whole
0
 
BDoellefeldCommented:
Are you using a 24 bit subnet? What is the subnet mask that is set?
0
 
SteveeBCommented:
Are you having any DNS problems on the LAN?

(same as parent folder) - 192.168.21.0 this is not good, it should be
(same as parent folder) - 192.168.21.x (x= IP that you want the root of the domain to point to)

so for example if all you have in your dns is (same as parent folder) - 192.168.21.0, and your DNS zone is company.com, if someone will try to ping company.com it will not work.

If you are hosting a website, typically you would point (same as parent folder) - 192.168.21.x to IP of your website so that users can browse the site using company.com
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
llaravaAuthor Commented:
Basically a third party app that was using AD authentication was failing to authenticate because sometimes the query was going to the subnet IP instead of the DC.

I don't know why the IP was registered there...how could you create (same as parent folder) record?

0
 
SteveeBCommented:
On the domain controller, go to the DNS MMC plugin, look at my screenshot

You can double click on that record and change the 0 to something else.

Is your subnet mask 255.255.255.0 ?
SampleDNS.JPG
0
 
SteveeBCommented:
It can be created by just creating new (A) record, input the IP in lower portion, leave top portion empty.
0
 
llaravaAuthor Commented:
You can double click on that record and change the 0 to something else.  --> What is this?

Is your subnet mask 255.255.255.0 ? yes
0
 
SteveeBCommented:
See the 3rd record from the top in screenshot, you can double click on it, on your DNS server and change the 192.168.21.0 to something else like 192.168.21.1
0
 
SteveeBCommented:
sorry 4th record from top in my screenshot
0
 
llaravaAuthor Commented:
Right, the problem is that the record was created there and I don't know why that happened.

My DC's are all good in DNS but somehow this record showed up there...

How do you create a new (same as parent folder) record.
0
 
SteveeBCommented:
to create a new one, just create a new (A) record, input the IP in lower portion, leave top portion empty.
0
 
llaravaAuthor Commented:
input the IP in lower portion, leave top portion empty - Can you please give an example of this?
0
 
SteveeBCommented:
You have access to the domain controller server? If so do you know how to get to the DNS console?
0
 
llaravaAuthor Commented:
Yes I am in the console. I just don't understand the "IP in lower portion, leave top portion empty"
0
 
SteveeBCommented:
right click and choose create new (A) record, in window that pop-s up, leave the Name field blank and just put in an IP address, click add host, this will create a new

(same as parent folder) record.
NewDNS.JPG
0
 
llaravaAuthor Commented:
The question is why would you create (same as parent folder) record?

Thank you!
0
 
SteveeBCommented:
so that if a client device, lets say IE browser, if you type in url company.com unless there is a (same as parent folder) record it will not be able to resolve to IP address. now usually I know there is a www record but my point is what if you don't use www. in the URL, you need the root record.

Think of it like this as an example
ns1.company.com - 192.168.1.1
ns2.company.com - 192.168.1.2
www.company.com - 192.168.1.6
ftp.company.com - 192.168.1.7
mail.company.com 192.168.1.8
company.com ?

0
 
SteveeBCommented:
In active directory dns zone this record should point to ip of domain controller
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 11
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now