strange nslookup results
I am seeing a strange result when I do an nslookup for say google.com although it happens for any domain.
I get google.com.mydomain.com
the resulting ip addres is not a google ip address.
I can however still get on the internet no problem.
What would cause this?
I get google.com.mydomain.com
the resulting ip addres is not a google ip address.
I can however still get on the internet no problem.
What would cause this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So how do I remove this wildcard for all dns queries
It's an A record just like any other, so whether it's in your internal DNS or public DNS you manage it the same as your other records. The question is whether you really want to delete it. Some people use them so that if someone types in a incorrect name like ww.domain.com (only two "w's") it will still resolve to an address. Basically a wildcard resolves whenever there isn't a matching record for the query in a particular domain (it doesn't also cover sub domains).
You need to terminate the domain for which you are querying using a period as pointed outed out earlier. The issue you are reporting is limited to running queries through nslookup, correct?
Mydomain.com is being pushed as a search domain.
It is not a flaw, bug, error.
Mydomain.com is being pushed as a search domain.
It is not a flaw, bug, error.
ASKER
I'm a little lost here. I'm managing the internal DNS. I have looked for a host record that is a wild card although I'm not exactly sure what in looking for.
Is it possible that the wildcard is part of the DNS record held with the domain register.
The companies external domain for their website is mydomain.com . the internal domain is ad.mydomain.com
Is it possible that the wildcard is part of the DNS record held with the domain register.
The companies external domain for their website is mydomain.com . the internal domain is ad.mydomain.com
Your issue is that some of the responses confused the issue. The issue where your domain Is added at the end of the search when it is not terminated (ending with a period) is one thing, the other where the host comes with an ip, which was suggested that your domain has a wildcard neglected the other possibility, meaning some DNS server can do periodically return a search ip.
Meaning when you enter/search for a non-existent domain/host, the response is a search page with suggestions. This might be what the DNS servers you queried returned. If you browse to the ip returned, you will see a web page with alternate suggestions to the domain you tried to lookup.
Meaning when you enter/search for a non-existent domain/host, the response is a search page with suggestions. This might be what the DNS servers you queried returned. If you browse to the ip returned, you will see a web page with alternate suggestions to the domain you tried to lookup.
ASKER
sorry but this is confusing me even more.
I am working on a server 2012 r2 domain. The businesses domain name is mycompany.com
Their website is www.mycompany.com.
I have setup the server as a DC for the domain ad.mycompany.com.
I am not sure if this is causing the problem. I can sometimes browse the intenet but other times I cant.
Irrespective of whether the internet browsing is working or not and nslookup to any domain (say bbc.com or cnn.com) the result for the non-authorative answer is cnn.com.mycompany.com with an ip address of number.number.number.numbe
It doesn't matter what domain I search for, nslookup always returns the same ip address.
I setup ths server in the office. The IP scheme there matches exactly the ip scheme in its new location. I am sure that the incorrect dns resolutions issue wasnt happening in the office but Im not 100% certain.
I have checked the companies domain name record held with their hosting provider and there is a * wild card entry. Is this what I need to remove or is this the wrong approach . I really need to get this their internet working. There are roughly 30 PCs on the network and if I have to manually go to each PC to fix this then so be it.
I am working on a server 2012 r2 domain. The businesses domain name is mycompany.com
Their website is www.mycompany.com.
I have setup the server as a DC for the domain ad.mycompany.com.
I am not sure if this is causing the problem. I can sometimes browse the intenet but other times I cant.
Irrespective of whether the internet browsing is working or not and nslookup to any domain (say bbc.com or cnn.com) the result for the non-authorative answer is cnn.com.mycompany.com with an ip address of number.number.number.numbe
It doesn't matter what domain I search for, nslookup always returns the same ip address.
I setup ths server in the office. The IP scheme there matches exactly the ip scheme in its new location. I am sure that the incorrect dns resolutions issue wasnt happening in the office but Im not 100% certain.
I have checked the companies domain name record held with their hosting provider and there is a * wild card entry. Is this what I need to remove or is this the wrong approach . I really need to get this their internet working. There are roughly 30 PCs on the network and if I have to manually go to each PC to fix this then so be it.
Run
nslookup
set debug
google.com
You will see the various queries that are made.
What is the IP that you are seeing returned? Is it always the same? Have you tried browsing to that IP?
If you don't have a zone for mydomain.com on your internal DNS, then it's obviously not coming from internal records. A wildcard (*) record in your public DNS records is most likely.
There are some providers that will return a search page in response to a query for a non-existent resource. To my knowledge not common for business connections, but I think the free Open DNS does this. Have you configured them as forwarders?
Are you looking to change the behavior, or just understand it? As you've mentioned it's not causing a problem. And in nslookup you just append a dot.
nslookup
set debug
google.com
You will see the various queries that are made.
What is the IP that you are seeing returned? Is it always the same? Have you tried browsing to that IP?
If you don't have a zone for mydomain.com on your internal DNS, then it's obviously not coming from internal records. A wildcard (*) record in your public DNS records is most likely.
There are some providers that will return a search page in response to a query for a non-existent resource. To my knowledge not common for business connections, but I think the free Open DNS does this. Have you configured them as forwarders?
Are you looking to change the behavior, or just understand it? As you've mentioned it's not causing a problem. And in nslookup you just append a dot.
Ah, I see you posted while I was typing up my last.
There's usually no need for a wildcard record, but I also don't see how it would interfere with your internet.
There's usually no need for a wildcard record, but I also don't see how it would interfere with your internet.
The DNS you query is providing you a search IP it is not something setup on your DNS server for mydomain.com
It is a DNS based alternative suggestion/search when a domain record does not exist, this IP is returned to the client which when used in a browser, is opened with the original request and the web page provides info on alternatives based on the requested name.
Are you using openDNS through whom you resolve domains?
If the IP that you get in response is not your IP, could you post it?
It is a DNS based alternative suggestion/search when a domain record does not exist, this IP is returned to the client which when used in a browser, is opened with the original request and the web page provides info on alternatives based on the requested name.
Are you using openDNS through whom you resolve domains?
If the IP that you get in response is not your IP, could you post it?
ASKER
@Arnold Going back to your first comment. Having read through all the answers i think you are suggesting that this is normal expected behaviour. I still seem to be able to browse the internet and in future when using nslookup must remember to add a . at the end of any domain names.
Given my last post does this still stand?
Given my last post does this still stand?
Whose public name servers do you use? The question is because some providers have these name servers with suggestions when the typed in URL does not exist but include an option for the user to opt-out of that.
Opendns, google's DNS, and others provide.
The feature is the same as exist in the browsers dealing whether whether it should suggest sites when an error is encountered when a "site" is requested.
The other option which will have issues if you try to go to hostname (hostname.mydomain.com) removing mydomain.com from the search domain area under the network adapter properties, TCP/ip properties, DNS settings.
Without your domain in the search section, future lookups will not need to be terminated when using nslookup.
Opendns, google's DNS, and others provide.
The feature is the same as exist in the browsers dealing whether whether it should suggest sites when an error is encountered when a "site" is requested.
The other option which will have issues if you try to go to hostname (hostname.mydomain.com) removing mydomain.com from the search domain area under the network adapter properties, TCP/ip properties, DNS settings.
Without your domain in the search section, future lookups will not need to be terminated when using nslookup.
You can tell if the issue is related to the wildcard record by comparing the IP in the record to the IP that you get returned by a query (you said it was always the same). If they're the same, it's due to the wildcard, in conjunction with the DNS search suffix you're using.
Typically for a domain "ad.mydomain.com", the search suffix will be "ad.mydomain.com". Clients will use DNS devolution to resolve queries, meaning if you query for "google.com", it will first try "google.com.ad.mydomain.co
https://technet.microsoft.com/en-us/library/ee683928%28v=ws.10%29.aspx
Without the wildcard record, the second query would not match and it would proceed to the third. I believe that nslookup always uses a devolution level of two, which is why you see the behavior above. Keep in mind that nslookup uses its own DNS resolver, which is not the same as what the OS uses. When using a utility that that uses the built-in DNS resolving mechanism for the OS (e.g. ping) it follows the rules as described in the link above (and so the devolution level may differ) and it doesn't require the trailing dot.
Typically for a domain "ad.mydomain.com", the search suffix will be "ad.mydomain.com". Clients will use DNS devolution to resolve queries, meaning if you query for "google.com", it will first try "google.com.ad.mydomain.co
https://technet.microsoft.com/en-us/library/ee683928%28v=ws.10%29.aspx
Without the wildcard record, the second query would not match and it would proceed to the third. I believe that nslookup always uses a devolution level of two, which is why you see the behavior above. Keep in mind that nslookup uses its own DNS resolver, which is not the same as what the OS uses. When using a utility that that uses the built-in DNS resolving mechanism for the OS (e.g. ping) it follows the rules as described in the link above (and so the devolution level may differ) and it doesn't require the trailing dot.
ASKER
There is a wildcard and this is the reason I get these results from nslookup.
It is not something to worry about.
Thanks for the help.
It is not something to worry about.
Thanks for the help.
The domain suffix is automatically appended if you don't put a period at the end of the name you're querying (e.g. "google.com."). So the query is actually for google.com.mydomain.com. If you run set debug or set d2 within nslookup you will actually see this.