Nslookup Resolving Incorrectly Adding a External DNS IP

Home Forums Microsoft Networking and Management Services DNS Nslookup Resolving Incorrectly Adding a External DNS IP

This topic contains 5 replies, has 4 voices, and was last updated by  kuvain 1 year, 7 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts

  • mig1980
    Member
    #166995

    Good day everyone. A have a question. My DNS seems to be working correctly but I noticed an issue that I can’t seem to find an answer to.

    If I run nslookup from any of my servers in the environment attaching an external DNS server to the lookup, it resolves the non-authoritative answer by appending my internal domain to the name and giving 127.0.53.53 as the address.

    Example:

    C:>nslookup http://www.google.com 8.8.8.8

    Server: google-public-dns-a.google.com
    Address: 8.8.8.8

    Non-authoritative answer:
    Name: google.com.internal.domain (where internal.domain is my internal domain)
    Address: 127.0.53.53

    The above nslookup resolves correctly if I do not enter a DNS server IP. It also doesn’t matter what external DNS IP I use in the lookup. They all resolve the same as above.

    Any ideas what the issue could be here?

    I setup Forwarders on both of my DNS (Domain Controller) servers leveraging my ISP external DNS servers and Google’s public DNS (8.8.8.8) as a third option. I also have all of my clients pointing DNS to my internal DNS servers.


    JeremyW
    Moderator
    #271481

    nslookup will automatically append the DNS suffix list to the queries and will return the first response. If you want it to not use the suffix you can either specify a dot ( . ) at the end of the DNS name or use the -nosearch parameter. e.g.

    nslookup http://www.google.com. 8.8.8.8

    nslookup -nosearch http://www.google.com 8.8.8.8
    [/CODE][CODE]
    nslookup http://www.google.com. 8.8.8.8

    nslookup -nosearch http://www.google.com 8.8.8.8
    [/CODE]


    kuvain
    Member
    #385494

    Interesting. So this is common and isn’t actually showing signs of something being wrong in our DNS configuration?


    joeqwerty
    Moderator
    #304601

    nslookup does this when you submit a query that isn’t fully qualified. If you submit a query that is fully qualified than you won’t experience this behavior.

    Fully qualified query = http://www.google.com.

    Not fully qualified query = http://www.google.com

    Notice the . at the end? That’s what makes it a fully qualified query. We don’t usually consider or think about the . at the end because most DNS resolvers take care of it for us without needing us to actually type it. Nslookup doesn’t take care of this for us and expects us to type it.


    JeremyW
    Moderator
    #271482

    For fun, if you want to see exactly what nslookup does, use the d2 switch. e.g.

    Code:
    nslookup -d2 http://www.google.com 8.8.8.8

    This will spit out a ton of info and you will see the exact queries that are run.


    JeremyW
    Moderator
    #271483
    joeqwerty;n510516 wrote:
    Nslookup doesn’t take care of this for us and expects us to type it.

    Not exactly true. nslookup does take care of this for us and that is why we get results when running the command without specifying the root. The issue comes when there is a result from the search list that you don’t necessarily want. The list gets quired first before appending the root so if there is an answer returned to one in the list (like a wildcard record) then it stops the searching and returns the results, never getting to the actual query you wanted to make.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.