asked on
nslookup query return strange result
Hi all,
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers
Problem: When I run the nslookup query from DNS1 and set type to SOA, it returns result from external DNS instead of internal DNS. No issue with DNS2 for the same query.
> set type=soa
> DNS1
Server: DNS1.abc.com
Address: x.x.x.x
dr001.abcx.com
primary name server = DNS1.dr001.abcx.com
responsible mail addr = hostmaster.dr001.abcx.com
serial = 6816
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
DNS1.dr001.abcx.com internet address = x.x.x.x
> ods-prd-print.abc.com
Server: DNS1.abc.com
Address: x.x.x.x
abcx.com
primary name server = ns1.voodoo.com
responsible mail addr = hostmaster.voodoo.com
serial = 2014080111
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
I saw one related article from EE saying that it might due to a wildcard host record in the public zone, and that record contains the IP address of the web server.
Where to find the wildcard host record?? Need to check from NS1 server?
I cannot find it from internal DNS servers and have no visibility to NS1 server.
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers
Problem: When I run the nslookup query from DNS1 and set type to SOA, it returns result from external DNS instead of internal DNS. No issue with DNS2 for the same query.
> set type=soa
> DNS1
Server: DNS1.abc.com
Address: x.x.x.x
dr001.abcx.com
primary name server = DNS1.dr001.abcx.com
responsible mail addr = hostmaster.dr001.abcx.com
serial = 6816
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
DNS1.dr001.abcx.com internet address = x.x.x.x
> ods-prd-print.abc.com
Server: DNS1.abc.com
Address: x.x.x.x
abcx.com
primary name server = ns1.voodoo.com
responsible mail addr = hostmaster.voodoo.com
serial = 2014080111
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
I saw one related article from EE saying that it might due to a wildcard host record in the public zone, and that record contains the IP address of the web server.
Where to find the wildcard host record?? Need to check from NS1 server?
I cannot find it from internal DNS servers and have no visibility to NS1 server.
DNS
Last Comment
SuzenJ
You're forwarding DNS1 queries. Of course it's going to return a result from the external server.
The DNS suffix applies to client-side operations (not the DNS server itself). You must have a DNS suffix set for "DNS1" to become DNS1.abc.com.
Either way, there doesn't look to be anything particularly wrong with the response you're getting. What do you expect to see differently?
Chris
Either way, there doesn't look to be anything particularly wrong with the response you're getting. What do you expect to see differently?
Chris
ASKER
Hi Jesper/Chris,
SOA records are same for both servers. I run the query in DNS2 server and below is the expected result :
ods-prd-print.abc.com
Server: DNS2.abc.com
Address: x.x.x.x
abc.com
primary name server = DNS3.dradm001.corp.abc.com
responsible mail addr = (root)
serial = 158701
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 172800 (2 days)
default TTL = 900 (15 mins)
DNS3.dradm001.corp.abc.com
Both servers have same Host A record created for ods-prd-print.abc.com. It shouldn't resolved by external DNS.
I tried to run the nslookup query again and below is the results (DNS2 returns correct result):
Default Server: DNS2.abc.com
Address: x.x.x.x
> ods-prd-print.abc.com
Server: DNS2.abc.com
Address: x.x.x.x
Name: ods-prd-print.abc.com
Addresses: 57.x.x.x, 57.x.x.x, 57.x.x.x
> server DNS1
Default Server: DNS1.dr001.drcx.com
Address: 57.x.x.x
> ods-prd-print.abc.com
Server: DNS1.dr001.abcx.com
Address: 57.x.x.x
Non-authoritative answer:
Name: ods-prd-print.abc.com.abcx
Address: 192.x.x.x
SOA records are same for both servers. I run the query in DNS2 server and below is the expected result :
ods-prd-print.abc.com
Server: DNS2.abc.com
Address: x.x.x.x
abc.com
primary name server = DNS3.dradm001.corp.abc.com
responsible mail addr = (root)
serial = 158701
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 172800 (2 days)
default TTL = 900 (15 mins)
DNS3.dradm001.corp.abc.com
Both servers have same Host A record created for ods-prd-print.abc.com. It shouldn't resolved by external DNS.
I tried to run the nslookup query again and below is the results (DNS2 returns correct result):
Default Server: DNS2.abc.com
Address: x.x.x.x
> ods-prd-print.abc.com
Server: DNS2.abc.com
Address: x.x.x.x
Name: ods-prd-print.abc.com
Addresses: 57.x.x.x, 57.x.x.x, 57.x.x.x
> server DNS1
Default Server: DNS1.dr001.drcx.com
Address: 57.x.x.x
> ods-prd-print.abc.com
Server: DNS1.dr001.abcx.com
Address: 57.x.x.x
Non-authoritative answer:
Name: ods-prd-print.abc.com.abcx
Address: 192.x.x.x
> Non-authoritative answer:
> Name: ods-prd-print.abc.com.abcx
> Address: 192.x.x.x
This one is the wildcard (*.abcx.com).
But it's perhaps important to realise that while nslookup appends the abcx.com DNS suffix (which must come from your search list), the DNS client won't necessarily do so.
If you stick a period on the end of the name you're querying the problem will go away:
> ods-prd-print.abc.com.
The difference in response can be explained by the fact that one DNS server forwards to outside and the other doesn't.
Chris
> Name: ods-prd-print.abc.com.abcx
> Address: 192.x.x.x
This one is the wildcard (*.abcx.com).
But it's perhaps important to realise that while nslookup appends the abcx.com DNS suffix (which must come from your search list), the DNS client won't necessarily do so.
If you stick a period on the end of the name you're querying the problem will go away:
> ods-prd-print.abc.com.
The difference in response can be explained by the fact that one DNS server forwards to outside and the other doesn't.
Chris
ASKER
Hi Chris,
Just want to confirm, even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it will still forward the query to external DNS NS1?
Just want to confirm, even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it will still forward the query to external DNS NS1?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Sorry one more note:
> even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it
> will still forward the query to external DNS NS1?
It's important to realise that your DNS server is not doing this. The DNS server is simply responding to the requests made by a client (in this case requests created by nslookup).
The server doesn't append suffixes and doesn't fabricate labels so if you see an odd problem like the one you're experiencing here it's something of the clients creation.
Chris
> even though DNS1 already has the Host (A) record for ods-prd-print.abc.com created in the server, it
> will still forward the query to external DNS NS1?
It's important to realise that your DNS server is not doing this. The DNS server is simply responding to the requests made by a client (in this case requests created by nslookup).
The server doesn't append suffixes and doesn't fabricate labels so if you see an odd problem like the one you're experiencing here it's something of the clients creation.
Chris
ASKER
Thanks a lots Chris!!