Member_2_1261037
asked on
DNS Resolution Issue for ONE external domain
I have an issue where alrahden.com domain is getting no resolution because MYDOMAIN.COM is being appended. This doesnt happen with any other lookup of an external domain. alrahden.com query comes back with "authority records = 1" and shouldnt. We use OPENDNS, but this domain is the only one with a problem.
C:\Documents and Settings\adm1n>nslookup
Default Server: dc1.mydomain.com
Address: 10.0.10.150
> set debug=true
> www.google.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.google.com.mydomain.com, type = A, class = IN
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 6, authority records = 0, additional = 0
QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
internet address = 74.125.137.103
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.104
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.147
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.105
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.106
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.99
ttl = 259 (4 mins 19 secs)
------------
Non-authoritative answer:
Name: www.google.com
Addresses: 74.125.137.103, 74.125.137.104, 74.125.137.147, 74.125.137.105
74.125.137.106, 74.125.137.99
> alrahden.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
alrahden.com.mydomain.com, type = A, class = IN
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Request to dc1.mydomain.com timed-out
> randominvalid.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 6, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
randominvalid.com.mydomain .com, type = A, class = IN
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 7, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
randominvalid.com, type = A, class = IN
AUTHORITY RECORDS:
-> com
ttl = 900 (15 mins)
primary name server = a.gtld-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 1430524039
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
*** dc1.mydomain.com can't find randominvalid.com: Non-existent domain
>
C:\Documents and Settings\adm1n>nslookup
Default Server: dc1.mydomain.com
Address: 10.0.10.150
> set debug=true
> www.google.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.google.com.mydomain.com, type = A, class = IN
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 6, authority records = 0, additional = 0
QUESTIONS:
www.google.com, type = A, class = IN
ANSWERS:
-> www.google.com
internet address = 74.125.137.103
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.104
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.147
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.105
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.106
ttl = 259 (4 mins 19 secs)
-> www.google.com
internet address = 74.125.137.99
ttl = 259 (4 mins 19 secs)
------------
Non-authoritative answer:
Name: www.google.com
Addresses: 74.125.137.103, 74.125.137.104, 74.125.137.147, 74.125.137.105
74.125.137.106, 74.125.137.99
> alrahden.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
alrahden.com.mydomain.com,
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Request to dc1.mydomain.com timed-out
> randominvalid.com
Server: dc1.mydomain.com
Address: 10.0.10.150
------------
Got answer:
HEADER:
opcode = QUERY, id = 6, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
randominvalid.com.mydomain
AUTHORITY RECORDS:
-> mydomain.com
ttl = 3600 (1 hour)
primary name server = dc1.mydomain.com
responsible mail addr = adm1n.mydomain.com
serial = 2003681859
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 7, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
randominvalid.com, type = A, class = IN
AUTHORITY RECORDS:
-> com
ttl = 900 (15 mins)
primary name server = a.gtld-servers.net
responsible mail addr = nstld.verisign-grs.com
serial = 1430524039
refresh = 1800 (30 mins)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
------------
*** dc1.mydomain.com can't find randominvalid.com: Non-existent domain
>
was going to say what was said above. Do you actually have a problem caused for actual resolving, and is this the actual domain name you have issue with?
What do you get with just
Nslookup
Thedomain.com.
Server 8.8.8.8
Thedonain.com.
Without any debug on etc.
What do you get with just
Nslookup
Thedomain.com.
Server 8.8.8.8
Thedonain.com.
Without any debug on etc.
in an AD environment, you should only have your own DNS servers on your own systems.
You of course could add within the configuration of your own DNS server settings, forwarders to forward all outgoing requests to opendns or google's DNS if you like.
DNS cache responses based on the settings within the domain. When you use external DNS servers that are widely used, you may run into a situation where prior requests attempting to resolve the same domain ran into an issue such that it now has a negative cache (did not receive a response and is listing the domain as non-existent for the negative response duration)
The issue could be caused by several items. one of the authoritative DNS servers for the domain is malfunctioning/misconfigur ed. the path to it is not available. etc.
To minimize this, let your own DNS server retrieve the data and cache the responses. This way you know that if there is an issue it is limited to the destination when few domains are impacted, if all external domains are impacted you know the issue is with your side dns/external connection.
Earlier experts commented on terminating the domain to avoid the appending of the search and local domain when resolving an entry.
You of course could add within the configuration of your own DNS server settings, forwarders to forward all outgoing requests to opendns or google's DNS if you like.
DNS cache responses based on the settings within the domain. When you use external DNS servers that are widely used, you may run into a situation where prior requests attempting to resolve the same domain ran into an issue such that it now has a negative cache (did not receive a response and is listing the domain as non-existent for the negative response duration)
The issue could be caused by several items. one of the authoritative DNS servers for the domain is malfunctioning/misconfigur
To minimize this, let your own DNS server retrieve the data and cache the responses. This way you know that if there is an issue it is limited to the destination when few domains are impacted, if all external domains are impacted you know the issue is with your side dns/external connection.
Earlier experts commented on terminating the domain to avoid the appending of the search and local domain when resolving an entry.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I believe the comment I made addressed this. You are pointing your DNS/workstations to opendns meaning it is a configuration issue. Remove that and you will not be susceptible to misconfigurations of third parties.
ASKER
Not config related.
So instead of entering "alrahden.com", try entering "alrahden.com."