none
Could not resolve external/internal domain name on premise from client PC RRS feed

  • Question

  • Hello Folks, 

    Good morning!

    I'm facing with strange issue while using nslookup to resolve internal and external domain name (type A and MX). Whenever I query with domain have suffix such as .vn or .jp.

    Our Internal DNS Server return to us only SOA information as below information:

    (1). When using A record

    PS C:\> nslookup
    Default Server:  a016.domain.com.vn
    Address:  10.203.192.47

    > google.com
    Server:  a016.domain.com.vn
    Address:  10.203.192.47

    Non-authoritative answer:
    Name:    google.com
    Addresses:  2404:6800:4005:80d::200e
              216.58.220.206

    > google.com.vn
    Server:  a016.domain.com.vn
    Address:  10.203.192.47

    Non-authoritative answer:
    Name:    google.com.vn.com.vn
    Address:  203.119.8.107

    > PS C:\> nslookup
    Default Server:  a016.domain.com.vn
    Address:  10.203.192.47

    > google.co.jp
    Server:  a016.nok.com.vn
    Address:  10.203.192.47

    Non-authoritative answer:
    Name:    google.co.jp.com.vn
    Address:  199.59.242.151


    (2) MX Record

    PS C:\> nslookup
    Default Server:  a016.domain.com.vn
    Address:  10.203.192.47

    > set q=mx
    > google.com
    Server:  a016.domain.com.vn
    Address:  10.203.192.47

    Non-authoritative answer:
    google.com      MX preference = 10, mail exchanger = aspmx.l.google.com
    google.com      MX preference = 40, mail exchanger = alt3.aspmx.l.google.com
    google.com      MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
    google.com      MX preference = 50, mail exchanger = alt4.aspmx.l.google.com
    google.com      MX preference = 30, mail exchanger = alt2.aspmx.l.google.com

    aspmx.l.google.com      internet address = 74.125.203.27
    aspmx.l.google.com      AAAA IPv6 address = 2404:6800:4008:c04::1a
    alt3.aspmx.l.google.com internet address = 64.233.177.26
    alt3.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:4002:c08::1b
    alt1.aspmx.l.google.com internet address = 64.233.178.26
    alt1.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:4003:c0a::1b
    alt4.aspmx.l.google.com internet address = 173.194.175.26
    alt4.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:400d:c0b::1a
    alt2.aspmx.l.google.com internet address = 64.233.191.27
    alt2.aspmx.l.google.com AAAA IPv6 address = 2607:f8b0:4001:c0c::1a
    > google.com.vn
    Server:  a016.domain.com.vn
    Address:  10.203.192.47

    vn
            primary name server = ns-hold.vnnic.vn
            responsible mail addr = postmaster.vnnic.vn
            serial  = 2017040701
            refresh = 1800 (30 mins)
            retry   = 3600 (1 hour)
            expire  = 86400 (1 day)
            default TTL = 6400 (1 hour 46 mins 40 secs)
    > google.co.jp
    Server:  a016.domain.com.vn
    Address:  10.203.192.47

    jp.com.vn
            primary name server = ns1.bodis.com
            responsible mail addr = dnsadmin.bodis.com
            serial  = 2017062202
            refresh = 10800 (3 hours)
            retry   = 3600 (1 hour)
            expire  = 1209600 (14 days)
            default TTL = 3600 (1 hour)

    --> if domain name is chosen only .com is alright, but domain name with .vn, .jp. The result are being return with suffix .com.vn in every case. Consequently, domain name is resolved incorrect.

    (*) Update 01:

    One more information, when I tried to query domain name from DNS Server, everything is resolved correctly. 

    (*) Update 02:

    We are using both DNS Server for resolving domain name inside our Organization. However, only primary DNS Server could resolve domain name, the other cannot resolve.

    Does anyone here get this issue?

    Please help to give some instruction.

    Thank you all in advance.




    Thursday, January 24, 2019 1:40 AM

All replies

  • Hi,

    If you launch nslookup and turn on debugging you'll see that Windows always tries to append its suffix first.

    There may be an external DNS server responding the google.com.vn.com.vn.

    Please refer to the link below:

    https://serverfault.com/questions/74067/windows-appending-domain-suffix-to-all-lookups 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, January 24, 2019 6:49 AM
    Moderator
  • Hello Travis, 

    Thanks for your advice.

    Is there any way except appending . (dot) after domain need to query?

    I read your link reference which there is a way to resolve is delete wildcard. But I did not know how to figure it out. Could you please give me more suggestion?

    Best Regards,

    Trieu



    Thursday, January 24, 2019 9:17 AM
  • Hi,

    Sorry for late reply.

    I would suggest you enable DNSSEC on DNS server.

    Domain Name System Security Extensions (DNSSEC) is a suite of extensions that add security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Specifically, DNSSEC provides origin authority, data integrity, and authenticated denial of existence. With DNSSEC, the DNS protocol is much less susceptible to certain types of attacks, particularly DNS spoofing attacks.

    Please refer to the link below:

    https://blogs.technet.microsoft.com/wsnetdoc/2014/03/26/dnssec-on-windows-server/  

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 28, 2019 5:52 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 29, 2019 6:51 AM
    Moderator