Solved

nslookup query return strange result

Posted on 2014-11-11
8
214 Views
Last Modified: 2014-11-21
Hi all,
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers

Problem: When I run the nslookup query from DNS1 and set type to SOA, it returns result from external DNS instead of internal DNS. No issue with DNS2 for the same query.

> set type=soa
> DNS1
Server:  DNS1.abc.com
Address:  x.x.x.x

dr001.abcx.com
        primary name server = DNS1.dr001.abcx.com
        responsible mail addr = hostmaster.dr001.abcx.com
        serial  = 6816
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
DNS1.dr001.abcx.com        internet address = x.x.x.x
> ods-prd-print.abc.com
Server:  DNS1.abc.com
Address:  x.x.x.x

abcx.com
        primary name server = ns1.voodoo.com
        responsible mail addr = hostmaster.voodoo.com
        serial  = 2014080111
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

I saw one related article from EE saying that it might due to a wildcard host record in the public  zone, and that record contains the IP address of the web server.

Where to find the wildcard host record?? Need to check from NS1 server?
I cannot find it from internal DNS servers and have no visibility to NS1 server.
0
Comment
Question by:SuzenJ
  • 4
  • 3
8 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40438284
You're forwarding DNS1 queries.  Of course it's going to return a result from the external server.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40438379
The DNS suffix applies to client-side operations (not the DNS server itself). You must have a DNS suffix set for "DNS1" to become DNS1.abc.com.

Either way, there doesn't look to be anything particularly wrong with the response you're getting. What do you expect to see differently?

Chris
0
 

Author Comment

by:SuzenJ
ID: 40441834
Hi Jesper/Chris,

SOA records are same for both servers. I  run the query in DNS2 server and below is the expected result :
ods-prd-print.abc.com
Server:  DNS2.abc.com
Address:  x.x.x.x

abc.com
        primary name server = DNS3.dradm001.corp.abc.com
        responsible mail addr = (root)
        serial  = 158701
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 172800 (2 days)
        default TTL = 900 (15 mins)

DNS3.dradm001.corp.abc.com internet address = x.x.x.x

Both servers have same Host A record created for ods-prd-print.abc.com. It shouldn't resolved by external DNS.

I tried to run the nslookup query again and below is the results (DNS2 returns correct result):

Default Server:  DNS2.abc.com
Address:  x.x.x.x

> ods-prd-print.abc.com
Server:  DNS2.abc.com
Address:  x.x.x.x

Name:    ods-prd-print.abc.com
Addresses:  57.x.x.x, 57.x.x.x, 57.x.x.x


> server DNS1
Default Server:  DNS1.dr001.drcx.com
Address:  57.x.x.x

> ods-prd-print.abc.com
Server:  DNS1.dr001.abcx.com
Address:  57.x.x.x

Non-authoritative answer:
Name:    ods-prd-print.abc.com.abcx.com
Address:  192.x.x.x
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 40442132
> Non-authoritative answer:
> Name:    ods-prd-print.abc.com.abcx.com
> Address:  192.x.x.x

This one is the wildcard (*.abcx.com).

But it's perhaps important to realise that while nslookup appends the abcx.com DNS suffix (which must come from your search list), the DNS client won't necessarily do so.

If you stick a period on the end of the name you're querying the problem will go away:

> ods-prd-print.abc.com.

The difference in response can be explained by the fact that one DNS server forwards to outside and the other doesn't.

Chris
0
 

Author Comment

by:SuzenJ
ID: 40449002
Hi Chris,
Just want to confirm, even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it will still forward the query to external DNS NS1?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40449203
No, but given that DNS suffixes are appended before the name is submitted without, if you get an answer to something else first nslookup will stop there.

If I do this we can see it in action:
nslookup
set type=a
set srchlist=domain1.com/domain2.com
set d2
test.com

Open in new window

You will (or should) see nslookup send the following questions (success or failure for individual queries may vary):
    QUESTIONS:
        test.com.domain1.com, type = A, class = IN

    QUESTIONS:
        test.com.domain2.com, type = A, class = IN

    QUESTIONS:
        test.com, type = A, class = IN

Open in new window

Obviously this behaviour is undesirable in your case. However, the DNS Client (rather than nslookup the troubleshooting tool) will only really append suffixes if the name is not multi-label. Equivalent to running:
nslookup -q=a test.com.

Open in new window

Where the period on the end null terminates the name, telling the DNS client that that's all there is to the name.

Therefore this will always return the expected response:
nslookup -q=a ods-prd-print.abc.com.

Open in new window

Generally speaking, the slightly unhelpful behaviour of nslookup can be disregarded. It only actually becomes a problem when the DNS client itself is willing to append suffixes to multi-label names as well (because that's the resolver your Windows box will be using).

It's a bit of a historic Windows XP problem in practical terms because early on that used to append by default, nothing more recent does.

You see the same problem when looking up the SOA record. Unless you're very careful with your queries you end up sending the wrong question and can easily get the wrong answer.

Chris
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40449207
Sorry one more note:

> even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it
> will still forward the query to external DNS NS1?

It's important to realise that your DNS server is not doing this. The DNS server is simply responding to the requests made by a client (in this case requests created by nslookup).

The server doesn't append suffixes and doesn't fabricate labels so if you see an odd problem like the one you're experiencing here it's something of the clients creation.

Chris
0
 

Author Closing Comment

by:SuzenJ
ID: 40459066
Thanks a lots Chris!!
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Restore DNS Record 5 92
What is harden windows 10 for security? 5 120
SPF record issue 6 37
Need Script to resolve IPs to Public DNS Names 5 26
This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question