strange dns behaviour

Hi All,

We have a Windows 2003 domain which has been experiencing some unusual symptoms recently

We also use network monitoring software (Netcrunch) which monitors our primary domain and some other domains

The main issue is that when i run a tracert  to any host (in this example - hostb) in any of the other domains the results come back as follows:

Tracert 192.168.0.1

Tracing route to dnsserver1.domain.com 192.168.0.1

1  1ms  192.168.1.1
2  1ms  192.168.0.1

In the above example the server I am running the trace from is dnsserver1 and 192.168.0.1 is hostb

Why does the trace result come back with dnsserver1?  dnsserver1 will show up no matter which host in any of the other domains i try and trace to

The same happens if i try and run a trace from any hosts in our primary domain to the other domains

The net result of this behaviour is that out network monitoring software is showing all hosts in the other domains as the hostname of the network monitoring server:

How it should look (v simplified)
hosta  192.168.0.2
hostb  192.168.0.1
hostc  192.168.0.3

How it does look
netmonhost  192.168.0.2
netmonhost  192.168.0.1
netmonhost  192.168.0.3

Hope my explanation is clearer than mud!

Thanks in advance

G
goldie100Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zane_oCommented:
Looks like you may have been trying to setup a forwarder for the other domains, but actually setup a wildcard dns record. Did you add anything like:
A Record for Domain B
* netmonhost

Hopefully that is clearer than mud too.
0
goldie100Author Commented:
Hi Zane thanks for your reply

The strange thing is that nothing has been changed in DNS and all was normal until a couple of days ago.

Some of the domains in question are seen as secondary zones.  A couple have forwarders setup

All the A records for hosts in these domains are correct

I am able to ping the fqdn for any of the hosts in the other domains.  Only seems to be when i trace to the ip it will return the hostname of the machine i'm tracing from !

Also, if i do an nslookup on dnsserver1 for 192.168.0.1 (in a secondary zone) it returns

local host
192.168.0.1

Should it not return

hostb
192.168.0.1
0
zane_oCommented:
Does it say
Server: localhost
Address: 192.168.0.1
If so, that would be expected behavior. Make sure if you are doing an nslookup for an IP address you enter:
> set type=ptr
> 192.168.0.1

Then you should get the name for that IP address.

When you ping the FQDN, does it return the correct IP Address or does it return the IP address of the machine you are on? I couldn't tell for certain from your response.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

goldie100Author Commented:
Hi Zane

No the output is

Server:dnsserver2
address: x.x.x.x

name: localhost    -------  this should return the hostname for the target server?
address: 192.168.0.1

If i set type = prt then lookup 192.168.0.1 it returns 'local host' again - where it should return hostb?

Any ideas?

Thanks
0
goldie100Author Commented:
Anybody else got any ideas on this ?

Cheers

G
0
SteveHorvatCommented:
Does nslookup return the correct values on each system?  Do they resolve each other correctly?

Anything strange to report from Dcdiag /test:DNS

When you say domains- are they AD or DNS or both?

Any strange router configs like ospf?
0
goldie100Author Commented:
The problem was with one of our DCs - it was incorrectly forwarding 'local' requests up to our ISP whcih was returning 'local host'

DC was decomissioned anyway so problem solved.  Thanks all
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
goldie100Author Commented:
Problem was never solved only worked around
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.