strange nslookup results

I am seeing a strange result when I do an nslookup for say google.com although it happens for any domain.

I get google.com.mydomain.com

the resulting ip addres is not a google ip address.

I can however still get on the internet no problem.

What would cause this?
LVL 1
roy_battyDirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
You have a wildcard record for mydomain.com.
The domain suffix is automatically appended if you don't put a period at the end of the name you're querying (e.g. "google.com.").  So the query is actually for google.com.mydomain.com.  If you run set debug or set d2 within nslookup you will actually see this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
footechCommented:
You have a wildcard record for mydomain.com.
The domain suffix is automatically appended if you don't put a period at the end of the name you're querying (e.g. "google.com.").  So the query is actually for google.com.mydomain.com.  If you run set debug or set d2 within nslookup you will actually see this.
0
roy_battyDirectorAuthor Commented:
So how do I remove this wildcard for all dns queries
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

footechCommented:
It's an A record just like any other, so whether it's in your internal DNS or public DNS you manage it the same as your other records.  The question is whether you really want to delete it.  Some people use them so that if someone types in a incorrect name like ww.domain.com (only two "w's") it will still resolve to an address.  Basically a wildcard resolves whenever there isn't a matching record for the query in a particular domain (it doesn't also cover sub domains).
0
arnoldCommented:
You need to terminate the domain for which you are querying using a period as pointed outed out earlier.  The issue you are reporting is limited to running queries through nslookup, correct?

Mydomain.com is being pushed as a search domain.
It is not a flaw, bug, error.
1
roy_battyDirectorAuthor Commented:
I'm a little lost here. I'm managing the internal DNS. I have looked for a host record that is a wild card although I'm not exactly sure what in looking for.

Is it possible that the wildcard is part of the DNS record held with the domain register.

The companies external domain for their website is mydomain.com . the internal domain is ad.mydomain.com
0
arnoldCommented:
Your issue is that some of the responses confused the issue.  The issue where your domain Is added at the end of the search when it is not terminated (ending with a period) is one thing, the other where the host comes with an ip, which was suggested that your domain has a wildcard neglected the other possibility, meaning some DNS server can do periodically return a search ip.
Meaning when you enter/search for a non-existent domain/host, the response is a search page with suggestions.  This might be what the DNS servers you queried returned.  If you browse to the ip returned, you will see a web page with alternate suggestions to the domain you tried to lookup.
0
roy_battyDirectorAuthor Commented:
sorry but this is confusing me even more.

I am working on a server 2012 r2 domain. The businesses domain name is mycompany.com

Their website is www.mycompany.com.

I have setup the server as a DC for the domain ad.mycompany.com.

I am not sure if this is causing the problem. I can sometimes browse the intenet but other times I cant.

Irrespective of whether the internet browsing is working or not and nslookup to any domain (say bbc.com or cnn.com) the result  for the non-authorative answer is cnn.com.mycompany.com with an ip address of number.number.number.number.

It doesn't matter what domain I search for, nslookup always returns the same ip address.

I setup ths server in the office. The IP scheme there matches exactly the ip scheme in its new location. I am sure that the incorrect dns resolutions issue wasnt happening in the office but Im not 100% certain.

I have checked the companies domain name record held with their hosting provider and there is a * wild card entry. Is this what I need to remove or is this the wrong approach . I really need to get this their internet working. There are roughly 30 PCs on the network and if I have to manually go to each PC to fix this then so be it.
0
footechCommented:
Run
nslookup
set debug
google.com

You will see the various queries that are made.
What is the IP that you are seeing returned?  Is it always the same?  Have you tried browsing to that IP?

If you don't have a zone for mydomain.com on your internal DNS, then it's obviously not coming from internal records.  A wildcard (*) record in your public DNS records is most likely.

There are some providers that will return a search page in response to a query for a non-existent resource.  To my knowledge not common for business connections, but I think the free Open DNS does this.  Have you configured them as forwarders?

Are you looking to change the behavior, or just understand it?  As you've mentioned it's not causing a problem.  And in nslookup you just append a dot.
0
footechCommented:
Ah, I see you posted while I was typing up my last.

There's usually no need for a wildcard record, but I also don't see how it would interfere with your internet.
0
arnoldCommented:
The DNS you query is providing you a search IP it is not something setup on your DNS server for mydomain.com

It is a DNS based alternative suggestion/search when a domain record does not exist, this IP is returned to the client which when used in a browser, is opened with the original request and the web page provides info on alternatives based on the requested name.

Are you using openDNS through whom you resolve domains?

If the IP that you get in response is not your IP, could you post it?
0
roy_battyDirectorAuthor Commented:
@Arnold Going back to your first comment. Having read through all the answers i think you are suggesting that this is normal expected behaviour. I still seem to be able to browse the internet and in future when using nslookup must remember to add a . at the end of any domain names.

Given my last post does this still stand?
0
arnoldCommented:
Whose public name servers do you use?  The question is because some providers have these name servers with suggestions when the typed in URL does not exist but include an option for the user to opt-out of that.
Opendns, google's DNS, and others provide.
The feature is the same as exist in the browsers dealing whether whether it should suggest sites when an error is encountered when a "site" is requested.
The other option which will have issues if you try to go to hostname (hostname.mydomain.com) removing mydomain.com from the search domain area under the network adapter properties, TCP/ip properties, DNS settings.
Without your domain in the search section, future lookups will not need to be terminated when using nslookup.
0
footechCommented:
You can tell if the issue is related to the wildcard record by comparing the IP in the record to the IP that you get returned by a query (you said it was always the same).  If they're the same, it's due to the wildcard, in conjunction with the DNS search suffix you're using.

Typically for a domain "ad.mydomain.com", the search suffix will be "ad.mydomain.com".  Clients will use DNS devolution to resolve queries, meaning if you query for "google.com", it will first try "google.com.ad.mydomain.com", then "google.com.mydomain.com", then "google.com", until it gets a match.  You can configure this behavior.  See the following for more info.
https://technet.microsoft.com/en-us/library/ee683928%28v=ws.10%29.aspx
Without the wildcard record, the second query would not match and it would proceed to the third.  I believe that nslookup always uses a devolution level of two, which is why you see the behavior above.  Keep in mind that nslookup uses its own DNS resolver, which is not the same as what the OS uses.  When using a utility that that uses the built-in DNS resolving mechanism for the OS (e.g. ping) it follows the rules as described in the link above (and so the devolution level may differ) and it doesn't require the trailing dot.
0
roy_battyDirectorAuthor Commented:
There is a wildcard and this is the reason I get these results from nslookup.

It is not something to worry about.

Thanks for the help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.