DNS Resolution Issues

Posted on 2011-10-12
Last Modified: 2012-05-12
I am experiencing some DNS Resolution issues to my external sites and am looking for assistance in correcting these.  Here is the setup I am currently running.

1.  I have two physcial segments to my network.  One segment is our corporate production network.  We use MS Active Directory 2008 with Microsoft DNS implemented.  Our internal corporate Domain is called SLBNTDOM.NEPTUNETG.COM.  This segment has various VLANs that are handled through a Cisco Core Layer 3 Switch.  These VLANS have IP Address of the schemes 10.8.x.x, 10.7.x.x, and 10.3.x.x.  The second physcial segment is for a test/development network that we utilize for developing software products and allowing customers to access and demo these products.  This segment uses and IP Scheme of 10.6.x.x.  Routing between the two physcial segments is done using a Cisco ASA firewall.

2.  All servers, clients, etc are connected to the same AD Domain (

3.  I utilize Network Solutions to manage the DNS Records for the various external sites I have.  For my production segment, I have records of the form that points to the external IP Address for our Website, FTP Site, etc.  These external IP Address are of the form 24.227.104.x.  For my test/development segment, I have a separate ISP providing me a connection.  These records are of the form name.neptunetg.BIZ.  The external IPs for this segement are of the form 71.42.174.x.

4.  Here is the actual issue I am experiencing when I try to perform Name Resolutions to these addresses.  If from my PC internal to the production, I perfom an NSLOOKUP on SOUTHWEST.NEPTUNETG.BIZ, it trys to look up from one of my DCs running DNS the address but returns saying that it can't find the record: Non-existent domain.  My internal DNS is not aware of this Domain but I assumed the request would be handed off to the external DNS to resolved as is when I do the same NSLOOKUP for  Is this request not being handed off?  My entries are correct in Network Solutions.

5.  Another part of testing I am doing is taking my laptop which is also a member of my AD Domain and connect it externally to an internet connection like from home or something.  if I perform a PING SOUTHWEST.NEPTUNETG.BIZ, it resolves the address correctly.  But when I perform an NSLOOKUP SOUTHWEST.NEPTUNETG.BIZ from this same laptop, it appends the SLBNTDOM.NEPTUNETG.COM to that name and for some reason it resolves it to the main web page for our WWW.NEPTUNETG.COM website.

What is going on with me resolving these DNS records for NEPTUNETG.BIZ?
Question by:neptuneit
    LVL 5

    Accepted Solution

    Are you setup forwarders on your DNS Server?
    Check that DNS port (udp 52) are open on firewall and properly route on Router.
    Also take a look of this...

    -hope helps-

    LVL 29

    Expert Comment

    You're Split-DNS has not been done properly or has not been done completely.

    You need a single DNS infrastructure on the LAN and i must come from the AD/DNS of your DCs.  You're different Segments on the LAN are totally irrelevant.  Within that single DNS Infrastructure you have to create a new Zone that represents every Public FQDN that you are responsible for.  You then have to create all corresponding "A" Records or CNAMEs to cover everything involved.  If the Record is going to point to a Public IP# then use an "A" Record,...but if it is going to point to an internal LAN IP# then use a CNAME that points to the proper "A" Records within your internal AD Zone.  

    It is a simple concept.  If a Resource is on a public IP# out in Internet Land then you go through the Firewall outbound to get there.  But if the Resource exists on the LAN with a Private IP# then you DO NOT try to make a "U-Turn" through the firewall,...but instead you resolve directly to the LAN IP and go directly to the Resource itself.

    Bottom line,...on your own internal DNS you mirror the Public Records found on the authoritative DNS Servers for you public FQDNs,...however that does not mean they resolve to the same IP as they do on the Authoritative DNS.
    LVL 1

    Author Comment

    DNS Forwarders were not setup correctly.
    LVL 1

    Author Comment

    I've requested that this question be closed as follows:

    Accepted answer: 0 points for neptuneit's comment http:/Q_27393619.html#37083696

    for the following reason:

    I resolved the problem myself.
    LVL 29

    Expert Comment

    Then you should give the points to hvillanu,...he told you to check the forwarders.
    LVL 29

    Expert Comment

    You're always going to "solve the problem yourself",...everybody does,...we aren't going to come there to do it.

     It was hvillanu that lead you to the solution,...he should get full points and an "A" grade.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now