Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS Issue. Not able to resolve to one particular domain

Posted on 2016-08-23
13
Medium Priority
?
59 Views
Last Modified: 2016-09-19
Hi Experts,
I have a Windows AD 2012R2 with DNS setup.
When I performed a lookup of the domain formosatwn.com.tw, the result did not lookup to the domain I query for . Instead it lookup to another domain tw.com.sg. Any idea what is the problem? You can try on your 2012R2 DNS and let me know your results


> set type=ns
> formosatwn.com.tw
Server:  oblu-ad.oblu.com.sg
Address:  192.168.2.212

tw.com.sg
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

Dnack
Thanks
>
0
Comment
Question by:dnack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41768210
Restart your DNS server service and check.

"formosatwn.com.tw" domain name server pointed to tw.com.sg domain hence showing you above mention result.
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points (awarded by participants)
ID: 41768216
I think the results you are seeing are likely because of DNS suffixes that are being appended.  You can see the srchlist in nslookup if you type
set all
If you use set debug you can see the more information on the queries being made.  If you just put a dot at the end of the name you're querying, it won't try appending any suffixes.  For example:
formosatwn.com.tw.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41768240
I get 59.124.65.142 as the public IP address for formosatwn.com.tw.  There is something wrong with your lookup because 192.168.2.212 is not a public IP address, just a local private LAN address.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 1

Author Comment

by:dnack
ID: 41768403
Hi footech,

You are right. Currently formosatwn.com.tw. and formosatwn.com.tw without the dot give me a different result. When i lookup a public dns 8.8.8.8 (google) it gave me the same result with or without the dot.
Anything wrong i set on this AD dns what caused this? Pls assist

Hi Dave Baldwin, the 192.168.2.212 is the internal DNS ip.
0
 
LVL 1

Author Comment

by:dnack
ID: 41768405
Hi Footech,
usually we lookup with dot or without dot ?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41768463
you have to perform with out dot
0
 
LVL 1

Author Comment

by:dnack
ID: 41768477
I will paste the 2 output with dot and without dot

Default Server:  UnKnown
Address:  192.168.2.212

> set debug
> set type=ns
> formosatwn.com.tw
Server:  UnKnown
Address:  192.168.2.212

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        formosatwn.com.tw.contoso.com.sg, type = NS, class = IN
    AUTHORITY RECORDS:
    ->  contoso.com.sg
        ttl = 3600 (1 hour)
        primary name server = ad.contoso.com.sg
        responsible mail addr = hostmaster.contoso.com.sg
        serial  = 27109
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        formosatwn.com.tw.com.sg, type = NS, class = IN
    AUTHORITY RECORDS:
    ->  tw.com.sg
        ttl = 900 (15 mins)
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

------------
tw.com.sg
        ttl = 900 (15 mins)
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)
0
 
LVL 1

Author Comment

by:dnack
ID: 41768481
NSLookup with a Dot

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>nslookup
Default Server:  UnKnown
Address:  192.168.2.212      

> set debug
> set type=ns
> formosatwn.com.tw.
Server:  UnKnown
Address:  192.168.2.212

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 2

    QUESTIONS:
        formosatwn.com.tw, type = NS, class = IN
    ANSWERS:
    ->  formosatwn.com.tw
        nameserver = dns1.admintec.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
    ->  formosatwn.com.tw
        nameserver = dns.formosatwn.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
    ADDITIONAL RECORDS:
    ->  dns1.admintec.com.tw
        internet address = 61.222.198.237
        ttl = 59973 (16 hours 39 mins 33 secs)
    ->  dns.formosatwn.com.tw
        internet address = 59.124.65.142
        ttl = 59973 (16 hours 39 mins 33 secs)

------------
Non-authoritative answer:
formosatwn.com.tw
        nameserver = dns1.admintec.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
formosatwn.com.tw
        nameserver = dns.formosatwn.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)

dns1.admintec.com.tw
        internet address = 61.222.198.237
        ttl = 59973 (16 hours 39 mins 33 secs)
dns.formosatwn.com.tw
        internet address = 59.124.65.142
        ttl = 59973 (16 hours 39 mins 33 secs)
>
0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points (awarded by participants)
ID: 41769124
It's not really a question of whether you should usually use a trailing dot or not, because it depends on what you're trying to query.
If you don't want any suffixes appended then you supply the fully qualified domain name (FQDN) with the trailing dot.  I'd say use this when you know the exact record that you want to look up.
If you want to try appending suffixes (usually to just a hostname, which is unqualified) then don't supply a trailing dot.  DNS suffixes are used to essentially make educated guesses about what the FQDN should be.

You should look at your environment and determine whether the suffixes you have configured are appropriate.  You can have connection-specific suffixes which can be set through a NIC's properties or set as a DHCP option, or you can configure them with Group Policy.  Another piece that comes into play is DNS suffix devolution.
An example of this is with the suffix "contoso.com.sg".  It could first try appending "contoso.com.sg", and if no match found, then "com.sg".  The devolution level can also be set with Group Policy.
GP settings can be found under Computer Configuration > Administrative Templates > Network > DNS Client.  Check out the explanations for:
Allow DNS suffix appending to unqualified multi-label names
Primary DNS suffix devolution
Primary DNS suffix devolution level
0
 
LVL 1

Author Comment

by:dnack
ID: 41773438
Hi Footech.

Actually, my mail server is looking up this dns server to send out emails. It does not return a correct mx record for the domain formosatwn.com.tw. The dot or without dot problem only happen to this domain formosatwn.com.tw. This DNS can resolve other domain and mx record without any problem.

 if it is a suffix issue then i suppose it will have the same problem for other domains. But the screnario is not like this :(
0
 
LVL 41

Expert Comment

by:footech
ID: 41773496
Whether it happens for another domain(s) would depend on what records are available.  You saw the nslookup results when querying without a dot that it tried other domains first.  If it hadn't found a match for tw.com.sg it would have kept trying different suffixes.

Tell me what you see when you try to run ping formosatwn.com.tw
I bet you see an incorrect IP, don't you?  Like 104.27.128.55 or 104.27.129.55.

Is your mail server Exchange?
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 41776684
Actually, my mail server is looking up this dns server to send out emails. It does not return a correct mx record for the domain formosatwn.com.tw.
What MX record or records does your mail server obtain for formosatwn.com.tw? From here, I get mx.formosatwn.com.tw (118.163.13.37) and mail.formosatwn.com.tw (59.124.65.142).
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 41804469
Auto-closing due to inactivity.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question