Solved

Internal DNS record resolves to a weird public IP address

Posted on 2014-01-10
10
706 Views
Last Modified: 2014-01-13
Hello everyone,

I have a weird problem that occurred to my client's network all of a sudden only in certain clients!

The internal DNS has 2 forward look up zone with two different domain name (Domain A) and (Domain B).

DNS Forward 1 points to Domain A, DNS Foward 2 points to Domain B. I have exchange server in Domain B.

I configured webmail on domain A (Public Domain) to point to Exchange server in Domain B.

however when I try to resolve the webmail.domaina.com it will resolve to a totally different public IP address

webmail.domain.tr.com.tr

I tried resolving the public domain address in the external network and it resolves correctly to the configured public IP Address in our public DNS.

The problem just happens inside of the network. I tried changing some clients's DNS to google's dns 8.8.8.8 but the same thing happens.


I tried disabling internet on the DNS Server so no resolving request goes outside but still the same problem happens.

I would so much appreciate any help as I have never experienced this problem before.

Thanks
0
Comment
Question by:Mohammed Hamada
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 9

Expert Comment

by:Red-King
ID: 39770847
IT may be worth clearing the Cache of the DNS server.
In the DNS snap-in right click on the DNS server name and select 'Clear Cache'.
Once done, open a command prompt and run;
nslookup webmail.domaina.com dns-server.domain.local

This will return whatever your internal dns server (dns-server.domain.local) resolves the webmail.domaina.com to be.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39770890
Seems to be its split dns issue,

Please check below MS technet link. This link explains about internal exchange OWA issue

http://social.technet.microsoft.com/Forums/exchange/en-US/e73dbab3-3430-42c0-a4ed-7366882c4402/split-dns-how-do-i-configure-exchange-and-dns-for-the-internal-users?forum=exchange2010
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39770904
I cleared the DNS, restarted the DNS service, stopped domain A DNS service. nothing happened.

when I cleared the DNS one time. and tried to resolve the record it first give one time a DNS request time out then it resolved the address correctly.

Next time, it returned the same problem.... ! I'm pulling my hair!
This has affected the outlook to prompt users for password too.

I would appreciate any comment
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 13

Expert Comment

by:Andy M
ID: 39771195
Do an ipconfig /all on the computer and look at the DNS Suffix Search list. We had an issue with a client of ours who had 3 listings in here: subdomain.domain.co.uk, domain.co.uk, and .co.uk  - as a result trying to resolve a hostname to "webmail.subdomain.domain.co.uk" actually came back on nslookup as "webmail.subdomain.domain.co.uk.domain.co.uk" which resolved to an unknown external IP address.

It turns out this was originally setup in DHCP by the previous IT but wasn't correctly removed from the PC (on static settings) when it was removed from the DHCP scopes.

We removed it by going into TCP/IP settings and checking DNS suffixes in there, ensuring they matched with what the server said they should be. I also had to reset the adaptor before it started behaving correctly again.

Don't know if this will be the same issue but worth a look.
0
 
LVL 9

Expert Comment

by:Red-King
ID: 39771245
It might be worth running Wireshark on the DNS server to see exactly what's happening, like is the server sending out a DNS request to a public DNS server to come up with this odd result.
Use this filter to isolate DNS traffic;
tcp.port==53||udp.port==53
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39771605
Does sound like a problem with the DNS suffixes that are being appended.  When you run nslookup, try putting a period at the end of the name you're looking up, then nslookup will treat the name as a FQDN and won't append anything.  For example:
nslookup webmail.domainA.com.
If that resolves correctly with internal clients using internal DNS servers, then you know the problem isn't with the DNS server configuration.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39771879
Have you verified (with ipconfig /all) that the affected machines are configured to only use the internal servers for DNS?
0
 
LVL 24

Author Closing Comment

by:Mohammed Hamada
ID: 39776482
This is exactly what was happening, the nslookup was not translating the FQDN with a period in the end which resulted in resolving the FQDN to some external weird IP address.

The DNS was functioning as it's supposed to. the weird thing is this was happening to some users but not all of them.

I failed to notice it due to the pressure I had with this customer.

Thanks everyone.
0
 
LVL 40

Expert Comment

by:footech
ID: 39777299
In that case you should examine the DNS suffixes that the affected clients are trying to append.  Check out the DNS tab under IP settings for a NIC and compare it to a properly working client.  You can also look at the results from ipconfig /all, or run nslookup in interactive mode and then type set all.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 39777549
Not really the problem wasn't related to DNS at all. I forgot to change the Outlook anywhere authentication method from basic to NTLM. once changed it started to work as it should.

The webmail OWA was working fine as well. just the resolution via nslookup was showing an external IP but there was no problem accessing it on any client.

Thanks again
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
An article on effective troubleshooting
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question