Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

NSLOOKUP on outlook common name results in unfamiliar public IP Address

When I perform an nslookup on my common name: outlook.domain.com, I get the following.

Non-authoritative answer:
Name:    outlook.domain.com.internaldomain.com
Address:  82.98.86.178

domain.com is my public domain
internaldomain is my internal domain

I do not recognize that IP address.  It points to a SedoParking page.

It is my understanding, the IP address returned should match my 2013 exchange server, but it does not.

On a side note, if a laptop is taken out of the office and a browser is opened, it is redirected to http://sedoparking.com/

Thoughts on how to resolve this??
0
ohmErnie
Asked:
ohmErnie
  • 10
  • 5
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Looks like your DNS isn't setup correctly and it is applying the internal DNS name to the FQDN. I presume that you don't own the internal domain?

If you do an nslookup of host.example.com. (note the dot on the end) then you will get the correct result.

If you don't own the internal domain then you should stop using it. Switch everything in Exchange across to the external name via a split DNS system.

http://semb.ee/hostnames

Simon.
0
 
ohmErnieAuthor Commented:
I have created a new forward zone named domain.com

I have created the following records in this zone.

outlook = xxx.xxx.xxx.xxx (internal exhange server)
www = xxx.xxx.xxx.xxx (public ip)

My zones are now:

home.domain.com
domain.com

My nslookup results are the same.
0
 
Simon Butler (Sembee)ConsultantCommented:
A single host name split DNS would probably have been sufficient for your needs.
Did you update Exchange?

Either way, you haven't actually fixed your DNS issue.
How do the clients get their DNS configuration? DHCP? By what? Windows or a router?

If you run ipconfig /all do you have a Connection-Specific DNS Suffix set?

Are you using ONLY AD integrated DNS servers for DNS resolution?

Simon.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
ohmErnieAuthor Commented:
I am currently coexistence 2007/2013.

DNS is provided by Windows DHCP.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home.local-domain.com
   Description . . . . . . . . . . . : Dell Wireless 1601 802.11 a/g/n Adapter
   Physical Address. . . . . . . . . : 00-1A-6B-0D-51-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::11b7:7bb0:97d4:5f03%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.10.10.66(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 22, 2013 1:50:12 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 30, 2013 1:50:12 PM
   Default Gateway . . . . . . . . . : 10.10.10.1
   DHCP Server . . . . . . . . . . . : 192.9.100.10
   DHCPv6 IAID . . . . . . . . . . . : 369105515
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5C-9B-8F-F0-1F-AF-1E-09-9B

   DNS Servers . . . . . . . . . . . : 192.9.100.10
                                       192.9.100.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Yes, only AD integrated.
0
 
vivigattCommented:
Your problem is certainly caused by DNS suffixing.
To diagnose it: Add a trailing "." to your request:

nslookup outlook.domain.com.
instead
of outlook.domain.com

This way, you tell the DNS request NOT to add the DNS suffix.
If this works any better, you will then know that your DNS suffixing is not working as expected. You would then have to configure dns suffixes.
Check these pages
superuser.com/questions/71853/windows-7-not-appending-connection-specific-dns-suffix
http://technet.microsoft.com/en-us/library/cc959611.aspx
and more generally:
https://www.google.com/search?q=site%3Amicrosoft.com+dns+suffixes+%22Windows+7%22

and, to populate DNS suffixes via DHCP:
http://technet.microsoft.com/en-us/library/dd572752%28v=office.13%29.aspx


Some ISP have the (bad) habit to answer unresolved DNS request with a real IP address that works usually ONLY for web browsing. If you enter an incorrect host name in the address bar of a browser, you would then land on a page telling you that the name is incorrect. But this works ONLY for web, not for all protocols.
0
 
ohmErnieAuthor Commented:
My fqdn is home.domain.com

Is this correct...

In Group Policy (Default Domain Policy)...I have under Network/DNS Clients:

Dynamic update - Enabled
Primary DNS suffix - home.domain.com

On DHCP servers...
Option 15 DNS Domain Name set to home.domain.com
0
 
vivigattCommented:
Have you, at first, run the nslookup request with a trailing "." to validate the dns suffixes hypothesis?
0
 
ohmErnieAuthor Commented:
yes.  I added the trailing "." and the nslookup works correctly.
0
 
vivigattCommented:
OK, so you have to fix your DNS suffixing.
Using DHCP options should be enough.
I personally have set option 15 only, and my hosts are configured to "append primary and connection specific DNS suffixes" only which I think is the default.
Do not set anything manually, do not set any suffix via group policy. You can set DNS suffixing behavior via group policy, but you should NOT use anything else.
Set dhcp option 15, and then disconnect and reconnect a host that gets its IP config via DHCP.
Also, try to find where "internaldomain.com" is set in the client's config and remove it.
Then check that it is working OK.
0
 
ohmErnieAuthor Commented:
If I remove my DNS suffixing from Group Policy, I assume I will then need to add it manually to my servers that are not receiving dhcp request?
0
 
vivigattCommented:
I think this will be the case. But you could do it in TCP/IP settings instead of using Group Policy.
0
 
ohmErnieAuthor Commented:
I removed the DNS suffixing in GP and there is no change.  NSLOOKUP still resolves the common name to the wrong IP unless I put "." at the end.
0
 
vivigattCommented:
There are other places where the DNS suffixing can be set.
In TCP/IP v4 properties for instance (advanced/DNS).
What do you have there?
0
 
ohmErnieAuthor Commented:
This is what my DNS settings look like.
Capture1.PNG
0
 
ohmErnieAuthor Commented:
A little more additional information.  I read where someone had a similar issue with nslookup resolving to the IP 82.98.86.178 which is sedoparking.com

Our internal domain is home.domain.com.  We used to own domain.com which was the same as our internal and external domain.  Our internal domain is the same (home.domain.com) but our public domain is now different.  The old domain.com is now owned or being held by sedoparking.com.

So my thought is that because our internal domain ends in a .com, it is trying to resolve to the internet.  A related issue is when a laptop user opens IE when not connected to our network, the Intranet page redirects to sedoparking.com

How do I resolve this?
0
 
ohmErnieAuthor Commented:
I resolved the issue by creating new forward lookup zone of domain.com and removed lookup zone home.domain.com.
0
 
ohmErnieAuthor Commented:
Resolved issue myself.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 10
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now