Solved

DNS and Nslookup question Active Directory

Posted on 2010-11-30
18
664 Views
Last Modified: 2012-06-27
Hi,

I have just type nslookup 'AD domain name' and it returned a list of DC's
but also a strange IP of a subnet.

For example:

Name: gb.vo.local
Addresses: 192.168.21.4
192.168.21.0 (what is this?)
192.168.21.1  - this is DC1
192.168.21.2  - this is DC2

In DNS:

(same as parent folder) - 192.168.21.0

This is 192.168.21.0 the IP of a subnet (what is this?)

I am having the same problem but pointing to a different IP.

http://forums.techarena.in/active-directory/1205416.htm

Why this happens? Any ideas?
0
Comment
Question by:llarava
  • 11
  • 6
18 Comments
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241685
192.168.21.0 is not a valid IP address. It  is used in routing tables and by the Internet Protocol internally to identify the 192.168.21.x network as a whole
0
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34241790
Are you using a 24 bit subnet? What is the subnet mask that is set?
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241795
Are you having any DNS problems on the LAN?

(same as parent folder) - 192.168.21.0 this is not good, it should be
(same as parent folder) - 192.168.21.x (x= IP that you want the root of the domain to point to)

so for example if all you have in your dns is (same as parent folder) - 192.168.21.0, and your DNS zone is company.com, if someone will try to ping company.com it will not work.

If you are hosting a website, typically you would point (same as parent folder) - 192.168.21.x to IP of your website so that users can browse the site using company.com
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:llarava
ID: 34241894
Basically a third party app that was using AD authentication was failing to authenticate because sometimes the query was going to the subnet IP instead of the DC.

I don't know why the IP was registered there...how could you create (same as parent folder) record?

0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241943
On the domain controller, go to the DNS MMC plugin, look at my screenshot

You can double click on that record and change the 0 to something else.

Is your subnet mask 255.255.255.0 ?
SampleDNS.JPG
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34241961
It can be created by just creating new (A) record, input the IP in lower portion, leave top portion empty.
0
 

Author Comment

by:llarava
ID: 34242006
You can double click on that record and change the 0 to something else.  --> What is this?

Is your subnet mask 255.255.255.0 ? yes
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242089
See the 3rd record from the top in screenshot, you can double click on it, on your DNS server and change the 192.168.21.0 to something else like 192.168.21.1
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242100
sorry 4th record from top in my screenshot
0
 

Author Comment

by:llarava
ID: 34242122
Right, the problem is that the record was created there and I don't know why that happened.

My DC's are all good in DNS but somehow this record showed up there...

How do you create a new (same as parent folder) record.
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242147
to create a new one, just create a new (A) record, input the IP in lower portion, leave top portion empty.
0
 

Author Comment

by:llarava
ID: 34242215
input the IP in lower portion, leave top portion empty - Can you please give an example of this?
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242266
You have access to the domain controller server? If so do you know how to get to the DNS console?
0
 

Author Comment

by:llarava
ID: 34242286
Yes I am in the console. I just don't understand the "IP in lower portion, leave top portion empty"
0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242335
right click and choose create new (A) record, in window that pop-s up, leave the Name field blank and just put in an IP address, click add host, this will create a new

(same as parent folder) record.
NewDNS.JPG
0
 

Author Comment

by:llarava
ID: 34242475
The question is why would you create (same as parent folder) record?

Thank you!
0
 
LVL 4

Accepted Solution

by:
SteveeB earned 500 total points
ID: 34242549
so that if a client device, lets say IE browser, if you type in url company.com unless there is a (same as parent folder) record it will not be able to resolve to IP address. now usually I know there is a www record but my point is what if you don't use www. in the URL, you need the root record.

Think of it like this as an example
ns1.company.com - 192.168.1.1
ns2.company.com - 192.168.1.2
www.company.com - 192.168.1.6
ftp.company.com - 192.168.1.7
mail.company.com 192.168.1.8
company.com ?

0
 
LVL 4

Expert Comment

by:SteveeB
ID: 34242742
In active directory dns zone this record should point to ip of domain controller
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question