DNS Resolution Issue for ONE external domain

I have an issue where alrahden.com domain is getting no resolution because MYDOMAIN.COM is being appended.  This doesnt happen with any other lookup of an external domain.  alrahden.com query comes back with "authority records = 1" and shouldnt.  We use OPENDNS, but this domain is the only one with a problem.

C:\Documents and Settings\adm1n>nslookup
Default Server:  dc1.mydomain.com
Address:  10.0.10.150

> set debug=true
www.google.com
Server:  dc1.mydomain.com
Address:  10.0.10.150

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.mydomain.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.com
        ttl = 3600 (1 hour)
        primary name server = dc1.mydomain.com
        responsible mail addr = adm1n.mydomain.com
        serial  = 2003681859
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 6,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN
    ANSWERS:
    ->  www.google.com
        internet address = 74.125.137.103
        ttl = 259 (4 mins 19 secs)
    ->  www.google.com
        internet address = 74.125.137.104
        ttl = 259 (4 mins 19 secs)
    ->  www.google.com
        internet address = 74.125.137.147
        ttl = 259 (4 mins 19 secs)
    ->  www.google.com
        internet address = 74.125.137.105
        ttl = 259 (4 mins 19 secs)
    ->  www.google.com
        internet address = 74.125.137.106
        ttl = 259 (4 mins 19 secs)
    ->  www.google.com
        internet address = 74.125.137.99
        ttl = 259 (4 mins 19 secs)

------------
Non-authoritative answer:
Name:    www.google.com
Addresses:  74.125.137.103, 74.125.137.104, 74.125.137.147, 74.125.137.105
          74.125.137.106, 74.125.137.99

> alrahden.com
Server:  dc1.mydomain.com
Address:  10.0.10.150

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        alrahden.com.mydomain.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.com
        ttl = 3600 (1 hour)
        primary name server = dc1.mydomain.com
        responsible mail addr = adm1n.mydomain.com
        serial  = 2003681859
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
*** Request to dc1.mydomain.com timed-out
> randominvalid.com
Server:  dc1.mydomain.com
Address:  10.0.10.150

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        randominvalid.com.mydomain.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.com
        ttl = 3600 (1 hour)
        primary name server = dc1.mydomain.com
        responsible mail addr = adm1n.mydomain.com
        serial  = 2003681859
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        randominvalid.com, type = A, class = IN
    AUTHORITY RECORDS:
    ->  com
        ttl = 900 (15 mins)
        primary name server = a.gtld-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 1430524039
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

------------
*** dc1.mydomain.com can't find randominvalid.com: Non-existent domain
>
tcloudAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
When you run nslookup it will by default append any domain names you have listed in your network configuration to the name you enter and try to resolve it unless the name you enter ends in a period.

So instead of entering "alrahden.com", try entering "alrahden.com."
0
Steve KnightIT ConsultancyCommented:
was going to say what was said above. Do you actually have a problem caused for actual resolving, and is this the actual domain name you have issue with?

What do you get with just

Nslookup
Thedomain.com.
Server 8.8.8.8
Thedonain.com.

Without any debug on etc.
0
arnoldCommented:
in an AD environment, you should only have your own DNS servers on your own systems.
You of course could add within the configuration of your own DNS server settings, forwarders to forward all outgoing requests to opendns or google's DNS if you like.

DNS cache responses based on the settings within the domain.  When you use external DNS servers that are widely used, you may run into a situation where prior requests attempting to resolve the same domain ran into an issue such that it now has a negative cache (did not receive a response and is listing the domain as non-existent for the negative response duration)

The issue could be caused by several items. one of the authoritative DNS servers for the domain is malfunctioning/misconfigured. the path to it is not available. etc.

To minimize this, let your own DNS server retrieve the data and cache the responses.  This way you know that if there is an issue it is limited to the destination when few domains are impacted, if all external domains are impacted you know the issue is with your side dns/external connection.

Earlier experts commented on terminating the domain to avoid the appending of the search and local domain when resolving an entry.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

tcloudAuthor Commented:
This appears to be an issue with OPENDNS.  Support has acknowledged that this is occuring at their end and is investigating it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
I believe the comment I made addressed this. You are pointing your DNS/workstations to opendns meaning it is a configuration issue.  Remove that and you will not be susceptible to misconfigurations of third parties.
0
tcloudAuthor Commented:
Not config related.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.