Solved

nslookup query return strange result

Posted on 2014-11-11
8
235 Views
Last Modified: 2014-11-21
Hi all,
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers

Problem: When I run the nslookup query from DNS1 and set type to SOA, it returns result from external DNS instead of internal DNS. No issue with DNS2 for the same query.

> set type=soa
> DNS1
Server:  DNS1.abc.com
Address:  x.x.x.x

dr001.abcx.com
        primary name server = DNS1.dr001.abcx.com
        responsible mail addr = hostmaster.dr001.abcx.com
        serial  = 6816
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
DNS1.dr001.abcx.com        internet address = x.x.x.x
> ods-prd-print.abc.com
Server:  DNS1.abc.com
Address:  x.x.x.x

abcx.com
        primary name server = ns1.voodoo.com
        responsible mail addr = hostmaster.voodoo.com
        serial  = 2014080111
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

I saw one related article from EE saying that it might due to a wildcard host record in the public  zone, and that record contains the IP address of the web server.

Where to find the wildcard host record?? Need to check from NS1 server?
I cannot find it from internal DNS servers and have no visibility to NS1 server.
0
Comment
Question by:SuzenJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 40438284
You're forwarding DNS1 queries.  Of course it's going to return a result from the external server.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40438379
The DNS suffix applies to client-side operations (not the DNS server itself). You must have a DNS suffix set for "DNS1" to become DNS1.abc.com.

Either way, there doesn't look to be anything particularly wrong with the response you're getting. What do you expect to see differently?

Chris
0
 

Author Comment

by:SuzenJ
ID: 40441834
Hi Jesper/Chris,

SOA records are same for both servers. I  run the query in DNS2 server and below is the expected result :
ods-prd-print.abc.com
Server:  DNS2.abc.com
Address:  x.x.x.x

abc.com
        primary name server = DNS3.dradm001.corp.abc.com
        responsible mail addr = (root)
        serial  = 158701
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 172800 (2 days)
        default TTL = 900 (15 mins)

DNS3.dradm001.corp.abc.com internet address = x.x.x.x

Both servers have same Host A record created for ods-prd-print.abc.com. It shouldn't resolved by external DNS.

I tried to run the nslookup query again and below is the results (DNS2 returns correct result):

Default Server:  DNS2.abc.com
Address:  x.x.x.x

> ods-prd-print.abc.com
Server:  DNS2.abc.com
Address:  x.x.x.x

Name:    ods-prd-print.abc.com
Addresses:  57.x.x.x, 57.x.x.x, 57.x.x.x


> server DNS1
Default Server:  DNS1.dr001.drcx.com
Address:  57.x.x.x

> ods-prd-print.abc.com
Server:  DNS1.dr001.abcx.com
Address:  57.x.x.x

Non-authoritative answer:
Name:    ods-prd-print.abc.com.abcx.com
Address:  192.x.x.x
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 40442132
> Non-authoritative answer:
> Name:    ods-prd-print.abc.com.abcx.com
> Address:  192.x.x.x

This one is the wildcard (*.abcx.com).

But it's perhaps important to realise that while nslookup appends the abcx.com DNS suffix (which must come from your search list), the DNS client won't necessarily do so.

If you stick a period on the end of the name you're querying the problem will go away:

> ods-prd-print.abc.com.

The difference in response can be explained by the fact that one DNS server forwards to outside and the other doesn't.

Chris
0
 

Author Comment

by:SuzenJ
ID: 40449002
Hi Chris,
Just want to confirm, even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it will still forward the query to external DNS NS1?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40449203
No, but given that DNS suffixes are appended before the name is submitted without, if you get an answer to something else first nslookup will stop there.

If I do this we can see it in action:
nslookup
set type=a
set srchlist=domain1.com/domain2.com
set d2
test.com

Open in new window

You will (or should) see nslookup send the following questions (success or failure for individual queries may vary):
    QUESTIONS:
        test.com.domain1.com, type = A, class = IN

    QUESTIONS:
        test.com.domain2.com, type = A, class = IN

    QUESTIONS:
        test.com, type = A, class = IN

Open in new window

Obviously this behaviour is undesirable in your case. However, the DNS Client (rather than nslookup the troubleshooting tool) will only really append suffixes if the name is not multi-label. Equivalent to running:
nslookup -q=a test.com.

Open in new window

Where the period on the end null terminates the name, telling the DNS client that that's all there is to the name.

Therefore this will always return the expected response:
nslookup -q=a ods-prd-print.abc.com.

Open in new window

Generally speaking, the slightly unhelpful behaviour of nslookup can be disregarded. It only actually becomes a problem when the DNS client itself is willing to append suffixes to multi-label names as well (because that's the resolver your Windows box will be using).

It's a bit of a historic Windows XP problem in practical terms because early on that used to append by default, nothing more recent does.

You see the same problem when looking up the SOA record. Unless you're very careful with your queries you end up sending the wrong question and can easily get the wrong answer.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40449207
Sorry one more note:

> even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it
> will still forward the query to external DNS NS1?

It's important to realise that your DNS server is not doing this. The DNS server is simply responding to the requests made by a client (in this case requests created by nslookup).

The server doesn't append suffixes and doesn't fabricate labels so if you see an odd problem like the one you're experiencing here it's something of the clients creation.

Chris
0
 

Author Closing Comment

by:SuzenJ
ID: 40459066
Thanks a lots Chris!!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question