Solved

DNS Issue. Not able to resolve to one particular domain

Posted on 2016-08-23
13
38 Views
Last Modified: 2016-09-19
Hi Experts,
I have a Windows AD 2012R2 with DNS setup.
When I performed a lookup of the domain formosatwn.com.tw, the result did not lookup to the domain I query for . Instead it lookup to another domain tw.com.sg. Any idea what is the problem? You can try on your 2012R2 DNS and let me know your results


> set type=ns
> formosatwn.com.tw
Server:  oblu-ad.oblu.com.sg
Address:  192.168.2.212

tw.com.sg
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

Dnack
Thanks
>
0
Comment
Question by:dnack
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41768210
Restart your DNS server service and check.

"formosatwn.com.tw" domain name server pointed to tw.com.sg domain hence showing you above mention result.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points (awarded by participants)
ID: 41768216
I think the results you are seeing are likely because of DNS suffixes that are being appended.  You can see the srchlist in nslookup if you type
set all
If you use set debug you can see the more information on the queries being made.  If you just put a dot at the end of the name you're querying, it won't try appending any suffixes.  For example:
formosatwn.com.tw.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41768240
I get 59.124.65.142 as the public IP address for formosatwn.com.tw.  There is something wrong with your lookup because 192.168.2.212 is not a public IP address, just a local private LAN address.
0
 
LVL 1

Author Comment

by:dnack
ID: 41768403
Hi footech,

You are right. Currently formosatwn.com.tw. and formosatwn.com.tw without the dot give me a different result. When i lookup a public dns 8.8.8.8 (google) it gave me the same result with or without the dot.
Anything wrong i set on this AD dns what caused this? Pls assist

Hi Dave Baldwin, the 192.168.2.212 is the internal DNS ip.
0
 
LVL 1

Author Comment

by:dnack
ID: 41768405
Hi Footech,
usually we lookup with dot or without dot ?
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41768463
you have to perform with out dot
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:dnack
ID: 41768477
I will paste the 2 output with dot and without dot

Default Server:  UnKnown
Address:  192.168.2.212

> set debug
> set type=ns
> formosatwn.com.tw
Server:  UnKnown
Address:  192.168.2.212

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        formosatwn.com.tw.contoso.com.sg, type = NS, class = IN
    AUTHORITY RECORDS:
    ->  contoso.com.sg
        ttl = 3600 (1 hour)
        primary name server = ad.contoso.com.sg
        responsible mail addr = hostmaster.contoso.com.sg
        serial  = 27109
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        formosatwn.com.tw.com.sg, type = NS, class = IN
    AUTHORITY RECORDS:
    ->  tw.com.sg
        ttl = 900 (15 mins)
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

------------
tw.com.sg
        ttl = 900 (15 mins)
        primary name server = bill.ns.cloudflare.com
        responsible mail addr = dns.cloudflare.com
        serial  = 2021821083
        refresh = 10000 (2 hours 46 mins 40 secs)
        retry   = 2400 (40 mins)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)
0
 
LVL 1

Author Comment

by:dnack
ID: 41768481
NSLookup with a Dot

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>nslookup
Default Server:  UnKnown
Address:  192.168.2.212      

> set debug
> set type=ns
> formosatwn.com.tw.
Server:  UnKnown
Address:  192.168.2.212

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 2

    QUESTIONS:
        formosatwn.com.tw, type = NS, class = IN
    ANSWERS:
    ->  formosatwn.com.tw
        nameserver = dns1.admintec.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
    ->  formosatwn.com.tw
        nameserver = dns.formosatwn.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
    ADDITIONAL RECORDS:
    ->  dns1.admintec.com.tw
        internet address = 61.222.198.237
        ttl = 59973 (16 hours 39 mins 33 secs)
    ->  dns.formosatwn.com.tw
        internet address = 59.124.65.142
        ttl = 59973 (16 hours 39 mins 33 secs)

------------
Non-authoritative answer:
formosatwn.com.tw
        nameserver = dns1.admintec.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)
formosatwn.com.tw
        nameserver = dns.formosatwn.com.tw
        ttl = 59973 (16 hours 39 mins 33 secs)

dns1.admintec.com.tw
        internet address = 61.222.198.237
        ttl = 59973 (16 hours 39 mins 33 secs)
dns.formosatwn.com.tw
        internet address = 59.124.65.142
        ttl = 59973 (16 hours 39 mins 33 secs)
>
0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points (awarded by participants)
ID: 41769124
It's not really a question of whether you should usually use a trailing dot or not, because it depends on what you're trying to query.
If you don't want any suffixes appended then you supply the fully qualified domain name (FQDN) with the trailing dot.  I'd say use this when you know the exact record that you want to look up.
If you want to try appending suffixes (usually to just a hostname, which is unqualified) then don't supply a trailing dot.  DNS suffixes are used to essentially make educated guesses about what the FQDN should be.

You should look at your environment and determine whether the suffixes you have configured are appropriate.  You can have connection-specific suffixes which can be set through a NIC's properties or set as a DHCP option, or you can configure them with Group Policy.  Another piece that comes into play is DNS suffix devolution.
An example of this is with the suffix "contoso.com.sg".  It could first try appending "contoso.com.sg", and if no match found, then "com.sg".  The devolution level can also be set with Group Policy.
GP settings can be found under Computer Configuration > Administrative Templates > Network > DNS Client.  Check out the explanations for:
Allow DNS suffix appending to unqualified multi-label names
Primary DNS suffix devolution
Primary DNS suffix devolution level
0
 
LVL 1

Author Comment

by:dnack
ID: 41773438
Hi Footech.

Actually, my mail server is looking up this dns server to send out emails. It does not return a correct mx record for the domain formosatwn.com.tw. The dot or without dot problem only happen to this domain formosatwn.com.tw. This DNS can resolve other domain and mx record without any problem.

 if it is a suffix issue then i suppose it will have the same problem for other domains. But the screnario is not like this :(
0
 
LVL 39

Expert Comment

by:footech
ID: 41773496
Whether it happens for another domain(s) would depend on what records are available.  You saw the nslookup results when querying without a dot that it tried other domains first.  If it hadn't found a match for tw.com.sg it would have kept trying different suffixes.

Tell me what you see when you try to run ping formosatwn.com.tw
I bet you see an incorrect IP, don't you?  Like 104.27.128.55 or 104.27.129.55.

Is your mail server Exchange?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 41776684
Actually, my mail server is looking up this dns server to send out emails. It does not return a correct mx record for the domain formosatwn.com.tw.
What MX record or records does your mail server obtain for formosatwn.com.tw? From here, I get mx.formosatwn.com.tw (118.163.13.37) and mail.formosatwn.com.tw (59.124.65.142).
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 41804469
Auto-closing due to inactivity.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now