Nslooup results

I have a server 2008 R2 that has an interesting response to nslookup.

The local domain name is xxx.ahi.com.  There is only one server on the site so it is AD domain controller as well.

The email is hosted by a third party hosting company.  

Nslookup for any name returns name.ahi.com e.g. nslookup Microsoft.com returns Microsoft.com.ahi.com with an IP of 93.190.52.95.  The response is similar no matter what is entered as a lookup e.g. Sony replaces Microsoft with Sony.

ahi.com at 93.190.52.95 is a legitimate address, it just has no relationship with this server.  The system has been running with the local domain name xxx.ahi.com for about 5 years without any issues.

I have cleared the cache in DNS, updated the cache in DNS on the server with the same results.  Restarting the server will give the correct response for a couple of minutes after it is rebooted.
The goal is to have email that has moved to a different server be used on the network.  The email was moved about 30 hours ago, and nslookup for the mail.xxx.com returns the correct response from a computer not connected to that server.  The server has a static IP from  it's ISP.  All other functions seem fine
WilfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

M SCommented:
The addition of your DNS-Suffix to all nslookup-queries is pretty normal. DNS is looking, if the requested name is part of your domain. If the suffix would not be added automatically you would have to make every DNS-Lookup with FQDN.

Problem here seems to be a Wildcard-DNS entry. just look on your DNS-Server... you should find an entry

*.ahi.com   3600    A       93.190.52.95   

Open in new window

0
Shaun VermaakTechnical SpecialistCommented:
Do you use root hints or DNS forwarders?
0
WilfAuthor Commented:
The root hints are the standard ones that appear, noting has been added or deleted.  The forwarders include the google dns entries
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

WilfAuthor Commented:
Where would I find the entry *.ahi.com   3600    A       93.190.52.95  and what can I do about it
0
M SCommented:
Inside your forward lookupzone in DNS.

I just reread your entrypost.

Your domainname is xxx.ahi.com but added to your DNS-Request gets only "ahi.com"?
Inside your DNS server you will probably find only the Zone for "xxx.ahi.com". There, no Wildcard entry should be found.

If you type "ipconfig /all" your "DNS suffix searchlist" is probably  "xxx.ahi.com" and "ahi.com"

On a DNS-Lookup these to entry will appended to your searchstring.
If your looking for microsoft.com it gets "microsoft.com.xxx.ahi.com". Serverlooks inside your DNS-Zone, which is a primary Zone an doesn't find anything.
Trys second entry in your dns suffix search list. "microsoft.com.ahi.com"
You don't have a Zone on your Server for "ahi.com", so it goes to your DNS-forwarder, thats as you said google-dns. Google-DNS has the public entries provided from ahi.com DNS, theres the wildcard entry. You get the answer everyone in the Internet would get :)

So, how do you handle the "problem"... I guess there are two obvious possibilities...

  1. If "ahi.com" is purely a domain for Internettraffic, that has nothing to do with your "local" domain, just reconfigure your DNS-Suffix to not using "ahi.com".
  2. If "ahi.com" is connected to your network, configure a dns-fowarder for this domain, and let them remove the Wildcard for internal purposes

For local domains, I personally prefer to use domainnames, that are not part of any webdomain. (e.g. ahi.local) That will get rid of such problems :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DrDave242Senior Support EngineerCommented:
It sounds like either the server's DNS suffix search list is incorrect, or the DNS suffix devolution setting is. If you run ipconfig /all on that server, what's listed in the DNS suffix search list near the top of the results?
0
WilfAuthor Commented:
MS  We have situation 2.  I tried adding just xxx.com to the forwarders, which is the web site address. The forwarder resoves to the correct address, but indicates an unknown error.
If I put the local server name in xxx.ahi.com, it resolves to the unwanted address, and also indicates an unknown error.  My assumption is with the error and red x remaining that it will do no good to have these entries.
Is there anything short of changing the local server name to make the system not refer to the wildcard DNS?

I have changed the domain name in a network with two servers, but is it possible to change the domain with only one server in the network?
0
WilfAuthor Commented:
The Primary DNS suffix is xxx.ahi.com.  The DNS servers are 10.10.30.1 which is the server and 127.0.0.1
0
WilfAuthor Commented:
DNS search list is also xxx.ahi.com

Host name is Server1
0
DrDave242Senior Support EngineerCommented:
The behavior of nslookup may not accurately reflect the behavior of the Windows DNS resolver, as they are separate.  Avoiding devolution in nslookup is very simple: just add a dot (.) to the end of the name you're trying to resolve. For example, to query for www.microsoft.com, you'd enter www.microsoft.com. (notice the dot at the end). That'll tell nslookup not to add any suffixes at all but only query for that exact name.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.