none
Clients having problem accessing internal websites from another lookup zone in DNS RRS feed

  • Question

  • We are having a strange DNS issue that seemed to crop up that last few months.  We have a single domain and we have some other DNS lookup zones for some other domain names that we own.  We recently have been having problems accessing websites that we host internally on those other lookup zones.  The issue seems to be intermittent when we do a nslookup on the other zones we get a non-authoritive response for our external ip address.  Than other times it will resolve to the internal IP for our HA proxy server that hosts our websites internally.  I haven’t been able to find significant errors at this point in the logs but I was doing some research and I decided to put those dns names into our search suffix order in our network properties.  When I do that everything resolves correctly.  When I take them out it starts acting flaky.   I thought that was used to help resolve shorts names for names that exist in other lookup zones.  My question is what exactly does me putting those domain names in the search suffix do and is it is something that we should have been doing all along or do you think we have a misconfiguration somewhere else.

    So basically when i do a nlsookup on ourADdomain.com it works fine but when I try to do an nslookup on hostedWebsiteNameDomain.com it comes back with a non-authoritative answer of the external ip address instead of the internal address.  The zone hostedWebsiteNameDomain.com exist as another forward lookup zone in our DNS.

    Any help would be greatly appreciated.!!!


    Wednesday, July 12, 2017 3:34 PM

All replies

  • Hi,

    I have a little confused about your network architecture.

    Could you provider a screenshot of your DNS consloe tree?

    Please post the result of nslookup website  in your test client.

    Best Regards,

    Frank song


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 13, 2017 6:38 AM
  • Hi Frank, thanks for getting back to me.  It ended up being an issue with our new Cisco Umbrella configuration.  It was set to force all DNS queries that were not considered local to go through trusted DNS servers.  We had to make a change to allow the other forward look up zones to be treated as local dns lookup zones.  It is working fine now.
    Wednesday, July 26, 2017 3:15 PM
  • Hi,

    Was your issue resolved? 


    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,
    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 11, 2017 4:25 AM