Solved

Internal DNS record resolves to a weird public IP address

Posted on 2014-01-10
10
682 Views
Last Modified: 2014-01-13
Hello everyone,

I have a weird problem that occurred to my client's network all of a sudden only in certain clients!

The internal DNS has 2 forward look up zone with two different domain name (Domain A) and (Domain B).

DNS Forward 1 points to Domain A, DNS Foward 2 points to Domain B. I have exchange server in Domain B.

I configured webmail on domain A (Public Domain) to point to Exchange server in Domain B.

however when I try to resolve the webmail.domaina.com it will resolve to a totally different public IP address

webmail.domain.tr.com.tr

I tried resolving the public domain address in the external network and it resolves correctly to the configured public IP Address in our public DNS.

The problem just happens inside of the network. I tried changing some clients's DNS to google's dns 8.8.8.8 but the same thing happens.


I tried disabling internet on the DNS Server so no resolving request goes outside but still the same problem happens.

I would so much appreciate any help as I have never experienced this problem before.

Thanks
0
Comment
Question by:Mohammed Hamada
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 9

Expert Comment

by:Red-King
ID: 39770847
IT may be worth clearing the Cache of the DNS server.
In the DNS snap-in right click on the DNS server name and select 'Clear Cache'.
Once done, open a command prompt and run;
nslookup webmail.domaina.com dns-server.domain.local

This will return whatever your internal dns server (dns-server.domain.local) resolves the webmail.domaina.com to be.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39770890
Seems to be its split dns issue,

Please check below MS technet link. This link explains about internal exchange OWA issue

http://social.technet.microsoft.com/Forums/exchange/en-US/e73dbab3-3430-42c0-a4ed-7366882c4402/split-dns-how-do-i-configure-exchange-and-dns-for-the-internal-users?forum=exchange2010
0
 
LVL 23

Author Comment

by:Mohammed Hamada
ID: 39770904
I cleared the DNS, restarted the DNS service, stopped domain A DNS service. nothing happened.

when I cleared the DNS one time. and tried to resolve the record it first give one time a DNS request time out then it resolved the address correctly.

Next time, it returned the same problem.... ! I'm pulling my hair!
This has affected the outlook to prompt users for password too.

I would appreciate any comment
0
 
LVL 13

Expert Comment

by:Andy M
ID: 39771195
Do an ipconfig /all on the computer and look at the DNS Suffix Search list. We had an issue with a client of ours who had 3 listings in here: subdomain.domain.co.uk, domain.co.uk, and .co.uk  - as a result trying to resolve a hostname to "webmail.subdomain.domain.co.uk" actually came back on nslookup as "webmail.subdomain.domain.co.uk.domain.co.uk" which resolved to an unknown external IP address.

It turns out this was originally setup in DHCP by the previous IT but wasn't correctly removed from the PC (on static settings) when it was removed from the DHCP scopes.

We removed it by going into TCP/IP settings and checking DNS suffixes in there, ensuring they matched with what the server said they should be. I also had to reset the adaptor before it started behaving correctly again.

Don't know if this will be the same issue but worth a look.
0
 
LVL 9

Expert Comment

by:Red-King
ID: 39771245
It might be worth running Wireshark on the DNS server to see exactly what's happening, like is the server sending out a DNS request to a public DNS server to come up with this odd result.
Use this filter to isolate DNS traffic;
tcp.port==53||udp.port==53
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 39771605
Does sound like a problem with the DNS suffixes that are being appended.  When you run nslookup, try putting a period at the end of the name you're looking up, then nslookup will treat the name as a FQDN and won't append anything.  For example:
nslookup webmail.domainA.com.
If that resolves correctly with internal clients using internal DNS servers, then you know the problem isn't with the DNS server configuration.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 39771879
Have you verified (with ipconfig /all) that the affected machines are configured to only use the internal servers for DNS?
0
 
LVL 23

Author Closing Comment

by:Mohammed Hamada
ID: 39776482
This is exactly what was happening, the nslookup was not translating the FQDN with a period in the end which resulted in resolving the FQDN to some external weird IP address.

The DNS was functioning as it's supposed to. the weird thing is this was happening to some users but not all of them.

I failed to notice it due to the pressure I had with this customer.

Thanks everyone.
0
 
LVL 39

Expert Comment

by:footech
ID: 39777299
In that case you should examine the DNS suffixes that the affected clients are trying to append.  Check out the DNS tab under IP settings for a NIC and compare it to a properly working client.  You can also look at the results from ipconfig /all, or run nslookup in interactive mode and then type set all.
0
 
LVL 23

Author Comment

by:Mohammed Hamada
ID: 39777549
Not really the problem wasn't related to DNS at all. I forgot to change the Outlook anywhere authentication method from basic to NTLM. once changed it started to work as it should.

The webmail OWA was working fine as well. just the resolution via nslookup was showing an external IP but there was no problem accessing it on any client.

Thanks again
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now