Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DNS and Nslookup question Active Directory

Posted on 2010-11-30
18
666 Views
Last Modified: 2012-06-27
Hi,

I have just type nslookup 'AD domain name' and it returned a list of DC's
but also a strange IP of a subnet.

For example:

Name: gb.vo.local
Addresses: 192.168.21.4
192.168.21.0 (what is this?)
192.168.21.1  - this is DC1
192.168.21.2  - this is DC2

In DNS:

(same as parent folder) - 192.168.21.0

This is 192.168.21.0 the IP of a subnet (what is this?)

I am having the same problem but pointing to a different IP.

http://forums.techarena.in/active-directory/1205416.htm

Why this happens? Any ideas?
0
Comment
Question by:llarava
  • 11
  • 6
18 Comments
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241685
192.168.21.0 is not a valid IP address. It  is used in routing tables and by the Internet Protocol internally to identify the 192.168.21.x network as a whole
0
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34241790
Are you using a 24 bit subnet? What is the subnet mask that is set?
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241795
Are you having any DNS problems on the LAN?

(same as parent folder) - 192.168.21.0 this is not good, it should be
(same as parent folder) - 192.168.21.x (x= IP that you want the root of the domain to point to)

so for example if all you have in your dns is (same as parent folder) - 192.168.21.0, and your DNS zone is company.com, if someone will try to ping company.com it will not work.

If you are hosting a website, typically you would point (same as parent folder) - 192.168.21.x to IP of your website so that users can browse the site using company.com
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:llarava
ID: 34241894
Basically a third party app that was using AD authentication was failing to authenticate because sometimes the query was going to the subnet IP instead of the DC.

I don't know why the IP was registered there...how could you create (same as parent folder) record?

0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241943
On the domain controller, go to the DNS MMC plugin, look at my screenshot

You can double click on that record and change the 0 to something else.

Is your subnet mask 255.255.255.0 ?
SampleDNS.JPG
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241961
It can be created by just creating new (A) record, input the IP in lower portion, leave top portion empty.
0
 

Author Comment

by:llarava
ID: 34242006
You can double click on that record and change the 0 to something else.  --> What is this?

Is your subnet mask 255.255.255.0 ? yes
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242089
See the 3rd record from the top in screenshot, you can double click on it, on your DNS server and change the 192.168.21.0 to something else like 192.168.21.1
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242100
sorry 4th record from top in my screenshot
0
 

Author Comment

by:llarava
ID: 34242122
Right, the problem is that the record was created there and I don't know why that happened.

My DC's are all good in DNS but somehow this record showed up there...

How do you create a new (same as parent folder) record.
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242147
to create a new one, just create a new (A) record, input the IP in lower portion, leave top portion empty.
0
 

Author Comment

by:llarava
ID: 34242215
input the IP in lower portion, leave top portion empty - Can you please give an example of this?
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242266
You have access to the domain controller server? If so do you know how to get to the DNS console?
0
 

Author Comment

by:llarava
ID: 34242286
Yes I am in the console. I just don't understand the "IP in lower portion, leave top portion empty"
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242335
right click and choose create new (A) record, in window that pop-s up, leave the Name field blank and just put in an IP address, click add host, this will create a new

(same as parent folder) record.
NewDNS.JPG
0
 

Author Comment

by:llarava
ID: 34242475
The question is why would you create (same as parent folder) record?

Thank you!
0
 
LVL 4

Accepted Solution

by:
SteveeB earned 500 total points
ID: 34242549
so that if a client device, lets say IE browser, if you type in url company.com unless there is a (same as parent folder) record it will not be able to resolve to IP address. now usually I know there is a www record but my point is what if you don't use www. in the URL, you need the root record.

Think of it like this as an example
ns1.company.com - 192.168.1.1
ns2.company.com - 192.168.1.2
www.company.com - 192.168.1.6
ftp.company.com - 192.168.1.7
mail.company.com 192.168.1.8
company.com ?

0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242742
In active directory dns zone this record should point to ip of domain controller
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question