none
DNS server strange behavior

    Question

  • Hello our 2008 DNS server acts differently that it is supposed to.  Please could you help me solve this?

    server name is  hpserver.mysub.mydomain.com (192.168.1.10) it should be authoritative for mysub. The mydomain.com is managed by linux DNS server at our hosting provider (let's call it PROVDNS with PROVIP address). Our server uses (I dont know why) PROVDNS server for queries which do not belong to its zone, the provdns is set to report *.mydomain.com to www.mydomain.com. Our server SHOULD use root servers for its queries so why it doesnt?

    When I run nslookup on hpserver I got this unepected results:

    1) nslookup hpserver> Server: UnKnown Address: ::1 Name: hpserver.mysub.mydomain.com Address: 192.168.1.10 ---- IT IS OK

    2) nslookup www.google.com> Server: UnKnown Address: ::1 Not authorized reply: Name: mydomain.com Address: provip Aliases: www.google.com.mydomain.com ----- SHOULD RETURN IP ADDRESS OF google.com

    3) nslookup www.google.com. > Server: UnKnown Address: ::1 Not authorized reply: Name: www.google.com Addresses:  2a00:1450:4008:c01::68          173.194.35.84          173.194.35.82          173.194.35.83          173.194.35.81          173.194.35.80 -----IT IS OK

    Thank you for help.
    Saturday, February 9, 2013 11:33 PM

Answers

  • I assume the server is a DC. How many DCs exist in the domain? Is there only one domain?

    Please post an unedited ipconfig /all from the server. This will help determine your DCs' configuration and relation to DNS.

    Also, to get rid of the ::1 entry, in NIC properties, IPv6 properties, for the DNS setting, make sure it's set to get a DNS address from DHCP, whether DHCP is set up for it or not. Steps below.  That will get rid of it.

    Also, make sure you have a reverse zoe for 192168.1.0/24.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, February 11, 2013 2:35 AM
  • Did you uncheck IPv6 in the NIC properties? If you did, it must be checked.

    As for your original questions regarding nslookup:

    2) nslookup www.google.com> Server: UnKnown Address: ::1 Not authorized reply: Name: mydomain.com Address: provip Aliases: www.google.com.mydomain.com ----- SHOULD RETURN IP ADDRESS OF google.com

    3) nslookup www.google.com. > Server: UnKnown Address: ::1 Not authorized reply: Name: www.google.com Addresses: 2a00:1450:4008:c01::68          173.194.35.84          173.194.35.82          173.194.35.83          173.194.35.81          173.194.35.80 -----IT IS OK

    I now see what the problem is. Or rather, it is NOT a problem. It is a feature that is suffixing your Search Suffix (mysub.mydomain.com), which is why #2 didn't work. When you put a period on the end of the query, as you did in #3, then it resolves it because the period makes it so it does NOT suffix the search suffix (mysub.mydomain.com).

    YOu can see this in action by running nslookup in diagnostic mode:

    nslookup
    set d2
    www.google.com

    THen try it again with the period. Look at the results, and you will see the suffix being appended.

    I can understand your concerns, but it does NOT affect resolution for web or other external sites, just the fact you running nslookup is doing that. That's the way nslookup works. NO concerns at all.

    .

    If you want to stop that when running nslookup, in my screeshot above, in the last window to the right, select Append These Suffixes" radio button, but leave the list blank. Click Ok. THen test it again.

    In  my opinion, I would leave it default because removing it will affect iternal single name resolution for the operating system, I would leave it checked and just remember to put a period on the end of it whenever you need to use nslookup.

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MichalRC Saturday, February 16, 2013 9:41 PM
    Thursday, February 14, 2013 11:00 PM
  • Due to many folks having problems understanding nslookup and its behavior, and worrying about if it is a DNS issue or not, I put together a blog on nslookup. I hope you find it helpful:

    Nslookup suffixing behavior
    http://blogs.msmvps.com/acefekay/2013/02/17/nslookup-suffixing-behavior/


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MichalRC Monday, February 18, 2013 9:57 AM
    Sunday, February 17, 2013 6:15 PM

All replies

  • I assume the server is a DC. How many DCs exist in the domain? Is there only one domain?

    Please post an unedited ipconfig /all from the server. This will help determine your DCs' configuration and relation to DNS.

    Also, to get rid of the ::1 entry, in NIC properties, IPv6 properties, for the DNS setting, make sure it's set to get a DNS address from DHCP, whether DHCP is set up for it or not. Steps below.  That will get rid of it.

    Also, make sure you have a reverse zoe for 192168.1.0/24.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, February 11, 2013 2:35 AM
  • Hi MichalRC,


    Besides to the above suggestions, would you please provide us ipconfig /all of this server for further research.


    Thanks.


    Jeremy Wu
    TechNet Community Support

    Wednesday, February 13, 2013 4:28 PM
    Moderator
  • Hello thanks for DHCP advice, I've already done that and ::1 is away. Server is the only DC in domain.
    • Edited by MichalRC Thursday, February 14, 2013 10:15 PM
    Thursday, February 14, 2013 10:14 PM
  • sorry for translator

      Host name. . . . . . . . . : hpserver
        The primary DNS suffix. . . . . . . : mysub.mydomain.com
        Node type. . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . : No
        WINS Proxy Enabled. . . . . . . : No
        Scanning the list of DNS suffixes. . : mysub.mydomain.com

    Ethernet adapter Local Area Connection:

        Specific DNS Suffix. . . :
        Description. . . . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
        Physical Address. . . . . . . . . . : 00-77-77-E6-21-66
        DHCP is enabled. . . . . . : No
        Autoconfiguration Enabled: Yes
        Local IPv6 address of the link. . . : Fe80 :: 4c1c: f72e: 8c47: 1dbe% 10 (Preferred)
        IPv4 address. . . . . . . . . . . : 192.168.1.10 (Preferred)
        Subnet mask. . . . . . . . . . : 255.255.255.0
        Default gateway. . . . . . . . . . : 192.168.1.1
        Iaido DHCPv6. . . . . . . . . . : 234890675
        DHCPv6 Client DUID. . . . . . . : 00-01-00-01-12-D1-4A-28-00-25-B3-E6-48-8A
        DNS servers. . . . . . . . . . . : 192.168.1.10
                                            127.0.0.1
        NetBIOS over TCP / IP. . . . . . . . : Enabled

    Adapter for connecting tunnel isatap. {0AA0D36D-CA55-4186-A18F-C892D2D75B0C}:

        Condition media. . . . . . . . . . . : disconnected
        Specific DNS Suffix. . . :
        Description. . . . . . . . . . . . . . Microsoft ISATAP Adapter
        Physical Address. . . . . . . . . . : 00-00-00-00-00-00-00-E0
        DHCP is enabled. . . . . . : No
        Autoconfiguration Enabled: Yes

    Adapter for tunnel connecting the Local Area Connection * 6:

        Condition media. . . . . . . . . . . : disconnected
        Specific DNS Suffix. . . :
        Description. . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . . : 00-00-00-00-00-00-00-E0
        DHCP is enabled. . . . . . : No
        Autoconfiguration Enabled: Yes

    Thursday, February 14, 2013 10:21 PM
  • Did you uncheck IPv6 in the NIC properties? If you did, it must be checked.

    As for your original questions regarding nslookup:

    2) nslookup www.google.com> Server: UnKnown Address: ::1 Not authorized reply: Name: mydomain.com Address: provip Aliases: www.google.com.mydomain.com ----- SHOULD RETURN IP ADDRESS OF google.com

    3) nslookup www.google.com. > Server: UnKnown Address: ::1 Not authorized reply: Name: www.google.com Addresses: 2a00:1450:4008:c01::68          173.194.35.84          173.194.35.82          173.194.35.83          173.194.35.81          173.194.35.80 -----IT IS OK

    I now see what the problem is. Or rather, it is NOT a problem. It is a feature that is suffixing your Search Suffix (mysub.mydomain.com), which is why #2 didn't work. When you put a period on the end of the query, as you did in #3, then it resolves it because the period makes it so it does NOT suffix the search suffix (mysub.mydomain.com).

    YOu can see this in action by running nslookup in diagnostic mode:

    nslookup
    set d2
    www.google.com

    THen try it again with the period. Look at the results, and you will see the suffix being appended.

    I can understand your concerns, but it does NOT affect resolution for web or other external sites, just the fact you running nslookup is doing that. That's the way nslookup works. NO concerns at all.

    .

    If you want to stop that when running nslookup, in my screeshot above, in the last window to the right, select Append These Suffixes" radio button, but leave the list blank. Click Ok. THen test it again.

    In  my opinion, I would leave it default because removing it will affect iternal single name resolution for the operating system, I would leave it checked and just remember to put a period on the end of it whenever you need to use nslookup.

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MichalRC Saturday, February 16, 2013 9:41 PM
    Thursday, February 14, 2013 11:00 PM
  • Hello, my original problem was in other DHCP server which was unexpectedly started after upgrade of other debian machine, so some machines in network has problems with DNS because of bad settings from debian DHCP until they got right settings from SBS2008. My investigation led to SBS2008 which was supposed to be DHCP and DNS. As said by Ace Fekay this behavior IS normal, I just wanted to find some problem to solve behavior caused by other DHCP.

    I looked to other servers (different networks) which resolves #2 to googles IP address and thought that is normal. The other servers were set a bit differently and  have .local suffix so I think they do not use suffixing for internet domains, could someone please confirm this (that .local servers do not use suffixing in nslookup)?

    Friday, February 15, 2013 10:35 PM
  • Suffixing is how a resolver works, whether it's a Windows machine, Linux, Unix, etc. It's based on an industry standard RFC. 

    Nslookup has it's own built-in resolver algorithm independent of a machine's client side resolver. That's why in some cases, a ping command may result in a different answer than an nslookup query. 

    I'm not sure what or how a DHCP server would affect nslookup's behavior. Nslookup is a nameserver resolver utility and will use whatever DNS address is set as the primary DNS address. And it will use the machine's Search Suffix, which is devolved from the Primary DNS Suffix. If the machine is joined to a domain, then the Primary DNS Suffix is the AD DNS domain name it's joined to. 

    Did you run nslookup and set it to diagnostic mode as I suggested? If so, please post the full output to help you and show you how nslookup tries to resolve a name. 


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, February 16, 2013 4:21 AM
  • You can also download BIND from www.disc.net and use its nslookup command. Matter of fact, a better tool is the DIG command part if BINd that provides better results than either version of nslookup.

    What would also help is seeing an ipconfig /all from a DHCP client that got an IP from the Debian DHCP, and an ipconfig /all from the client after it received an IP from a  Windows DHCP.

    And note that DNS registration is not related whatsoever to how nslookup works whatsoever.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    Saturday, February 16, 2013 4:25 AM
  • Problem with other DHCP was solved immediatelly by disabling it, so the network is fine now. I try to simplify the question, everything else is clear. Is it normal behavior that nslookup does NOT suffix when SBS domain is set to "something.local" and does suffix whet domain is "something.other.com" ?
    Saturday, February 16, 2013 9:49 PM
  • This really depends on the query and what DNS server it's using, not the multiple, devolved suffixes. Since you haven't posted a diagnostic nslookup -d2 result, I can't provide a specific response. Nslookup will try to resolve the query, and if it can't using the DNS server it's set to, it will then use the suffix(es) configured.

    If you can't post a diagostic due to security concerns or security policies, I understand. Maybe this link will help understand it better:

    Weird NSLOOKUP results
    http://social.technet.microsoft.com/Forums/sk/winserverNIS/thread/8f29df1a-46dc-4b3b-946c-528b10f7223e

    hWindows Appending Domain Suffix To All Lookups
    ttp://serverfault.com/questions/74067/windows-appending-domain-suffix-to-all-lookups


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Sunday, February 17, 2013 5:44 PM
  • Maybe this will help, too:

    Nslookup, Sep 28, 2007 ... This applies when the set and the lookup request contain at least one period, but do not end with a trailing period. Nslookup /set srchlist ...
    http://technet.microsoft.com/en-us/library/cc725991(WS.10).aspx

    As the last link suggests, you can use the Nslookup /set srchlist  switch to set your own search lists that changes the default search suffix nslookup

    uses. You can also sepecific it in interactive mode by the following and leaving it blank to remove any search suffixes it's pulling from the machine:

    nslookup
    > set srchlist

    .


    Using NSlookup (File Format: Microsoft Word) - Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query

    (that is, use trailing dot), the query will be ...;
    http://mcse.villanova.edu/Courses/688/documents/Using%20NSlookup.doc

    Using NSlookup.exe
    http://support.microsoft.com/?id=200525

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Sunday, February 17, 2013 5:47 PM
  • Due to many folks having problems understanding nslookup and its behavior, and worrying about if it is a DNS issue or not, I put together a blog on nslookup. I hope you find it helpful:

    Nslookup suffixing behavior
    http://blogs.msmvps.com/acefekay/2013/02/17/nslookup-suffixing-behavior/


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MichalRC Monday, February 18, 2013 9:57 AM
    Sunday, February 17, 2013 6:15 PM