Announcement

Collapse
No announcement yet.

Nslookup Resolving Incorrectly Adding a External DNS IP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Nslookup Resolving Incorrectly Adding a External DNS IP

    Good day everyone. A have a question. My DNS seems to be working correctly but I noticed an issue that I can't seem to find an answer to.

    If I run nslookup from any of my servers in the environment attaching an external DNS server to the lookup, it resolves the non-authoritative answer by appending my internal domain to the name and giving 127.0.53.53 as the address.

    Example:

    C:\>nslookup www.google.com 8.8.8.8

    Server: google-public-dns-a.google.com
    Address: 8.8.8.8

    Non-authoritative answer:
    Name: google.com.internal.domain (where internal.domain is my internal domain)
    Address: 127.0.53.53


    The above nslookup resolves correctly if I do not enter a DNS server IP. It also doesn't matter what external DNS IP I use in the lookup. They all resolve the same as above.

    Any ideas what the issue could be here?

    I setup Forwarders on both of my DNS (Domain Controller) servers leveraging my ISP external DNS servers and Google's public DNS (8.8.8. as a third option. I also have all of my clients pointing DNS to my internal DNS servers.

  • #2
    nslookup will automatically append the DNS suffix list to the queries and will return the first response. If you want it to not use the suffix you can either specify a dot ( . ) at the end of the DNS name or use the -nosearch parameter. e.g.
    Code:
    nslookup www.google.com. 8.8.8.8
    
    nslookup -nosearch www.google.com 8.8.8.8
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Interesting. So this is common and isn't actually showing signs of something being wrong in our DNS configuration?

      Comment


      • #4
        nslookup does this when you submit a query that isn't fully qualified. If you submit a query that is fully qualified than you won't experience this behavior.

        Fully qualified query = www.google.com.

        Not fully qualified query = www.google.com

        Notice the . at the end? That's what makes it a fully qualified query. We don't usually consider or think about the . at the end because most DNS resolvers take care of it for us without needing us to actually type it. Nslookup doesn't take care of this for us and expects us to type it.

        Comment


        • #5
          For fun, if you want to see exactly what nslookup does, use the d2 switch. e.g.
          Code:
           nslookup -d2 www.google.com 8.8.8.8
          This will spit out a ton of info and you will see the exact queries that are run.

          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Originally posted by joeqwerty View Post
            Nslookup doesn't take care of this for us and expects us to type it.
            Not exactly true. nslookup does take care of this for us and that is why we get results when running the command without specifying the root. The issue comes when there is a result from the search list that you don't necessarily want. The list gets quired first before appending the root so if there is an answer returned to one in the list (like a wildcard record) then it stops the searching and returns the results, never getting to the actual query you wanted to make.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment

            Working...
            X