strange nslookup results

I am seeing a strange result when I do an nslookup for say although it happens for any domain.

I get

the resulting ip addres is not a google ip address.

I can however still get on the internet no problem.

What would cause this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You have a wildcard record for
The domain suffix is automatically appended if you don't put a period at the end of the name you're querying (e.g. "").  So the query is actually for  If you run set debug or set d2 within nslookup you will actually see this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You have a wildcard record for
The domain suffix is automatically appended if you don't put a period at the end of the name you're querying (e.g. "").  So the query is actually for  If you run set debug or set d2 within nslookup you will actually see this.
roy_battyDirectorAuthor Commented:
So how do I remove this wildcard for all dns queries
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

It's an A record just like any other, so whether it's in your internal DNS or public DNS you manage it the same as your other records.  The question is whether you really want to delete it.  Some people use them so that if someone types in a incorrect name like (only two "w's") it will still resolve to an address.  Basically a wildcard resolves whenever there isn't a matching record for the query in a particular domain (it doesn't also cover sub domains).
You need to terminate the domain for which you are querying using a period as pointed outed out earlier.  The issue you are reporting is limited to running queries through nslookup, correct? is being pushed as a search domain.
It is not a flaw, bug, error.
roy_battyDirectorAuthor Commented:
I'm a little lost here. I'm managing the internal DNS. I have looked for a host record that is a wild card although I'm not exactly sure what in looking for.

Is it possible that the wildcard is part of the DNS record held with the domain register.

The companies external domain for their website is . the internal domain is
Your issue is that some of the responses confused the issue.  The issue where your domain Is added at the end of the search when it is not terminated (ending with a period) is one thing, the other where the host comes with an ip, which was suggested that your domain has a wildcard neglected the other possibility, meaning some DNS server can do periodically return a search ip.
Meaning when you enter/search for a non-existent domain/host, the response is a search page with suggestions.  This might be what the DNS servers you queried returned.  If you browse to the ip returned, you will see a web page with alternate suggestions to the domain you tried to lookup.
roy_battyDirectorAuthor Commented:
sorry but this is confusing me even more.

I am working on a server 2012 r2 domain. The businesses domain name is

Their website is

I have setup the server as a DC for the domain

I am not sure if this is causing the problem. I can sometimes browse the intenet but other times I cant.

Irrespective of whether the internet browsing is working or not and nslookup to any domain (say or the result  for the non-authorative answer is with an ip address of number.number.number.number.

It doesn't matter what domain I search for, nslookup always returns the same ip address.

I setup ths server in the office. The IP scheme there matches exactly the ip scheme in its new location. I am sure that the incorrect dns resolutions issue wasnt happening in the office but Im not 100% certain.

I have checked the companies domain name record held with their hosting provider and there is a * wild card entry. Is this what I need to remove or is this the wrong approach . I really need to get this their internet working. There are roughly 30 PCs on the network and if I have to manually go to each PC to fix this then so be it.
set debug

You will see the various queries that are made.
What is the IP that you are seeing returned?  Is it always the same?  Have you tried browsing to that IP?

If you don't have a zone for on your internal DNS, then it's obviously not coming from internal records.  A wildcard (*) record in your public DNS records is most likely.

There are some providers that will return a search page in response to a query for a non-existent resource.  To my knowledge not common for business connections, but I think the free Open DNS does this.  Have you configured them as forwarders?

Are you looking to change the behavior, or just understand it?  As you've mentioned it's not causing a problem.  And in nslookup you just append a dot.
Ah, I see you posted while I was typing up my last.

There's usually no need for a wildcard record, but I also don't see how it would interfere with your internet.
The DNS you query is providing you a search IP it is not something setup on your DNS server for

It is a DNS based alternative suggestion/search when a domain record does not exist, this IP is returned to the client which when used in a browser, is opened with the original request and the web page provides info on alternatives based on the requested name.

Are you using openDNS through whom you resolve domains?

If the IP that you get in response is not your IP, could you post it?
roy_battyDirectorAuthor Commented:
@Arnold Going back to your first comment. Having read through all the answers i think you are suggesting that this is normal expected behaviour. I still seem to be able to browse the internet and in future when using nslookup must remember to add a . at the end of any domain names.

Given my last post does this still stand?
Whose public name servers do you use?  The question is because some providers have these name servers with suggestions when the typed in URL does not exist but include an option for the user to opt-out of that.
Opendns, google's DNS, and others provide.
The feature is the same as exist in the browsers dealing whether whether it should suggest sites when an error is encountered when a "site" is requested.
The other option which will have issues if you try to go to hostname ( removing from the search domain area under the network adapter properties, TCP/ip properties, DNS settings.
Without your domain in the search section, future lookups will not need to be terminated when using nslookup.
You can tell if the issue is related to the wildcard record by comparing the IP in the record to the IP that you get returned by a query (you said it was always the same).  If they're the same, it's due to the wildcard, in conjunction with the DNS search suffix you're using.

Typically for a domain "", the search suffix will be "".  Clients will use DNS devolution to resolve queries, meaning if you query for "", it will first try "", then "", then "", until it gets a match.  You can configure this behavior.  See the following for more info.
Without the wildcard record, the second query would not match and it would proceed to the third.  I believe that nslookup always uses a devolution level of two, which is why you see the behavior above.  Keep in mind that nslookup uses its own DNS resolver, which is not the same as what the OS uses.  When using a utility that that uses the built-in DNS resolving mechanism for the OS (e.g. ping) it follows the rules as described in the link above (and so the devolution level may differ) and it doesn't require the trailing dot.
roy_battyDirectorAuthor Commented:
There is a wildcard and this is the reason I get these results from nslookup.

It is not something to worry about.

Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.