Mike Doma
asked on
FQDN names resolved with duplicated DNS suffix
Hi All,
I have a quick question I hope you can help me to fix.
Environment: I have an environment where I have installed a new AD and the domain name is something like corp.example.com
As a NETBIOS name during the AD install wizard I did choose "example" to make things easier and consistent with the public DNS name. The public DNS registered is example.com and there is public website running with example.com already hosted by WordPress and DNS registrar is GoDayddy.
Issue: Internal host names are not resolved properly with NSLOOKUP
1. Hostnames are working fine
2. IP Addresses are working fine
3. FQDN are NOT working fine. They are resolved with internal domain appended to external domain name.
eg. "VM1.CORP.EXAMPLE.COM" returns VM1.CORP.EXAMPLE.COM.EXAMP LE.COM and public IP Address registered with the website DNS Provider
4. FQDN with a trailing "." are working fine
eg. "VM1.CORP.EXAMPLE.COM." returns the correct IP Address as expected
Configuration: AD/DNS server is pointing at itself. NO forwarders configured. AD is pointing at an internal Gateway. This gateway is configured to talk with the internet using a different network through a separate Router connected to the internet.
My question: It's obviously not a question of routing but I dont understand why DNS forwards queries for FQDN names to external DNS servers considering that "A" and respective "PTR" records are fully registered and working on the builtin DNS? Of course this is affecting ANY operation you can think of from joining machines to domain to leverage network services through FQDN names! What am I missing here?
Any help is greatly appreciated!
Thanks,
I have a quick question I hope you can help me to fix.
Environment: I have an environment where I have installed a new AD and the domain name is something like corp.example.com
As a NETBIOS name during the AD install wizard I did choose "example" to make things easier and consistent with the public DNS name. The public DNS registered is example.com and there is public website running with example.com already hosted by WordPress and DNS registrar is GoDayddy.
Issue: Internal host names are not resolved properly with NSLOOKUP
1. Hostnames are working fine
2. IP Addresses are working fine
3. FQDN are NOT working fine. They are resolved with internal domain appended to external domain name.
eg. "VM1.CORP.EXAMPLE.COM" returns VM1.CORP.EXAMPLE.COM.EXAMP
4. FQDN with a trailing "." are working fine
eg. "VM1.CORP.EXAMPLE.COM." returns the correct IP Address as expected
Configuration: AD/DNS server is pointing at itself. NO forwarders configured. AD is pointing at an internal Gateway. This gateway is configured to talk with the internet using a different network through a separate Router connected to the internet.
My question: It's obviously not a question of routing but I dont understand why DNS forwards queries for FQDN names to external DNS servers considering that "A" and respective "PTR" records are fully registered and working on the builtin DNS? Of course this is affecting ANY operation you can think of from joining machines to domain to leverage network services through FQDN names! What am I missing here?
Any help is greatly appreciated!
Thanks,
ASKER
Hi Shaun,
thanks for coming back to me.
Issue is "application services" use FQDN names and they are not resolved properly as duplicated suffix is returned.
So for example if I run NSLookup on vm1.corp.example.com the result is vm1.corp.example.com.examp le.com.
This of course is not working for application when connecting to other hosts..
Also only when adding a trailing dot to the FQDN then the resolution is correct AND i do NOT get NON-Authoritative answers!
I cannot run other tests at the moment but is there a way to make sure FQDNs are resolved as expected?
Thanks
thanks for coming back to me.
Issue is "application services" use FQDN names and they are not resolved properly as duplicated suffix is returned.
So for example if I run NSLookup on vm1.corp.example.com the result is vm1.corp.example.com.examp
This of course is not working for application when connecting to other hosts..
Also only when adding a trailing dot to the FQDN then the resolution is correct AND i do NOT get NON-Authoritative answers!
I cannot run other tests at the moment but is there a way to make sure FQDNs are resolved as expected?
Thanks
ASKER
to clarify the following happens:
1. Ping to hostname is ok
2. Ping to IP Address is ok
3. Ping to FQDN returns duplicated DNS suffix as in hostname.corp.example.com. example.co m
4. lookup to FQDN returns duplicated DNS suffix as in hostname.corp.example.com. example.co m
5. lookup to FQDN with trailing "dot" returns answers as expected
Name registrar is with GoDaddy
DNS Hosting is with WordPress
Any clue on how I can solve this? Thanks a lot for your help and attention
Thanks,
1. Ping to hostname is ok
2. Ping to IP Address is ok
3. Ping to FQDN returns duplicated DNS suffix as in hostname.corp.example.com.
4. lookup to FQDN returns duplicated DNS suffix as in hostname.corp.example.com.
5. lookup to FQDN with trailing "dot" returns answers as expected
Name registrar is with GoDaddy
DNS Hosting is with WordPress
Any clue on how I can solve this? Thanks a lot for your help and attention
Thanks,
If you still require assistance, past the above answers...
1) include your entire zone file
2) include your actual domain name
Then likely many people can rapidly assist you with fixes.
1) include your entire zone file
2) include your actual domain name
Then likely many people can rapidly assist you with fixes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great stuff DrDave242! and thanks to David Favor as well.
You are right. If I check WordPress domain configuration there is a CNAME *.example.com and cannot be removed. I need to check this with WordPress support. So knowing this is there a sensible workaround? Am I missing anything?
You are right. If I check WordPress domain configuration there is a CNAME *.example.com and cannot be removed. I need to check this with WordPress support. So knowing this is there a sensible workaround? Am I missing anything?
ASKER
Hi David,
here you are the info requested. I have removed all hosts and left a couple as example plus the results of nslookup and ping as stated earlier
Thanks
DNS-01.PNG
DNS-02.PNG
DNS-03.PNG
export.xlsx
here you are the info requested. I have removed all hosts and left a couple as example plus the results of nslookup and ping as stated earlier
Thanks
DNS-01.PNG
DNS-02.PNG
DNS-03.PNG
export.xlsx
Are you sure that FQDNs are having suffixes appended (outside of nslookup, which will always do that)? As far as I know, the Windows resolver will only append suffixes to single-label names, and this seems to be backed up by DNS-02.PNG. I just did some testing in my own environment, and any DNS name with more than one label didn't get anything appended to it. There could be a policy that controls this behavior, though; I'll see if I can find more info on that.
ASKER
Yes parent DNS suffix is appended. It's the default property in the advanced TCP connection DNS tab
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ASKER
BTW just checked and the policy is not configured as per screenshot
DNS-05.PNG
DNS-05.PNG
OK, it appears to be working as expected with that policy not configured. Notice in DNS-04.PNG that there was no suffix appended to any of those two-label names.
No further response from asker.
Anything you put in the a record shows up before "corp.example.com" so if you put "vm1.corp.example.com" it will be "vm1.corp.example.com.exam