Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 27, 2016 6:47 PM
[EDIT]I have noticed after posting that the nbtstat returns WORKGRP for type GROUP instead of domain name.(Added the copy below in the original text) Why does nslookup returns the answer as if the printer is in the domain?
Hello,
Since I am not network engineer, all your professional advice will be very much appreciated.
My questions is this network printer returns the following results from nbtstat and nslookup, however there’s NO entry on Forward Lookup Zone. (Or cache etc entirely as far as I searched)
Where could it possibly be registered?
-Printer name: printer_a
-IP address: 10.220.110.160
-Domain: MyDomain
>nbtstat –a printer_a
NetBIOS Remote Machine Name Table
Name Type Status
printer_a <00> UNIQUE Registered
printer_a <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered
MAC Address = xx-xx-xx-xx-xx-xx
>nbtstat –a 10.220.110.160
Returns NetBIOS Remote Machine Name Table
>nslookup –type=A –debug printer_a
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
1.11.220.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 10.220.11.1.in-addr.arpa
name = dcserver_x.MyDomain
ttl = 600 (10 mins)
Server: dcserver_x.MyDomain
Address: 10.220.11.1
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
printer_a.MyDomain, type = A, class = IN
ANSWERS:
-> printer_a.MyDomain
internet address = 10.220.110.160
ttl = 900 (15 mins)
Name: printer_a.MyDomain
Address: 10.220.110.160
All replies (7)
Monday, February 1, 2016 8:54 AM ✅Answered
Hi S.kc,
Right click on the zone in DNS manager, open properties. Select WINS tab, check if WINS lookup is enabled.
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, January 27, 2016 7:38 PM
It appears you've attempted to edit the results by replacing the actual IPs with made-up substitutes. But you've done a poor job of doing so by misplacing dots throughout, making it hard to decipher what is what. Not to mention, you missed a spot anyway.
Oh no, horror of horrors! Now the whole Internet knows that the internal IP of your printer is 10.220.110.160! Gasp!
Really annoys me when people make it difficult to help them by pointlessly trying to hide information that doesn't even need to be kept secret in the first place.
Thursday, January 28, 2016 3:17 AM
Hi S.kc,
I suppose you could perform a network capture to analyze the issue.
Here is the link:
| http://www.microsoft.com/en-us/download/details.aspx?id=4865 |
Start a new capture and run nslookup command. Check the packets to see if the answer is sent from DNS server.
If yes, check the forward lookup zone again.
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, January 28, 2016 5:41 PM
Hi Leo,
Thank you for the reply!
The result shows as below and it seems pretty much like what I got when I ran nslookup with debug mode. The Protocol returning this result is DNS on "10.220.11.1".(DNS runs as Active Directory-Integrated) I checked again Forward Lookup Zone on "10.220.11.1" and can not find the entry. I have been looking for the record on other ADs' but no luck. Any other possible areas that this record is registered?
=====================================
986 9:12:06 AM 1/28/2016 34.5674410 10.220.52.89 10.220.11.1 DNS DNS:QueryId = 0x1, QUERY (Standard query), Query for 1.11.220.10.in-addr.arpa of type PTR on class Internet {DNS:74, UDP:73, IPv4:7}
987 9:12:06 AM 1/28/2016 34.5679165 10.220.11.1 10.220.52.89 DNS DNS:QueryId = 0x1, QUERY (Standard query), Response - Success, {DNS:74, UDP:73, IPv4:7}
988 9:12:06 AM 1/28/2016 34.5688612 10.220.52.89 10.220.11.1 DNS DNS:QueryId = 0x2, QUERY (Standard query), Query for printer_a.MyDomain of type Host Addr on class Internet {DNS:76, UDP:75, IPv4:7}
989 9:12:06 AM 1/28/2016 34.5696872 10.220.11.1 10.220.52.89 DNS DNS:QueryId = 0x2, QUERY (Standard query), Response - Success, 10.220.110.160 {DNS:76, UDP:75, IPv4:7}
990 9:12:06 AM 1/28/2016 34.5699730 10.220.52.89 10.220.11.1 DNS DNS:QueryId = 0x3, QUERY (Standard query), Query for printer_a.MyDomain of type AAAA on class Internet {DNS:78, UDP:77, IPv4:7}
991 9:12:06 AM 1/28/2016 34.5704467 10.220.11.1 10.220.52.89 DNS DNS:QueryId = 0x3, QUERY (Standard query), Response - Success {DNS:78, UDP:77, IPv4:7}
=====================================
Friday, January 29, 2016 8:22 AM
Hi S.kc,
>>Any other possible areas that this record is registered?
Since the result was sent by DNS server, I suppose it exists on DNS server.
>>Or cache etc entirely as far as I searched)
Have you cleared cache in DNS manager?
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, January 29, 2016 8:09 PM
Hi Leo,
Thank you for the response.
I cleared the cache (DNS Manager "Action">"Clear Cache") and nslookup/Network monitor still give the same result.
When I search this printer on Active Directory with the name "printer_a" then the search result returns not found. However when I search this printer with the name that shows up on Devices and Printers "CANON_iRC3480" then it shows up on AD. I can not log on to the printer since I have no privilege so am not sure if there's any setting for the host name "printer_a.MyDomain" anywhere on the printer itself. Is it to do with NetBIOS setting? since nbtstat also returns results.
I still have no clue why the result is returned from DNS. Active-directly integrated DNS does something like this under some specific scenario?
Thanks.
Monday, February 1, 2016 5:21 PM
Hi Leo,
Thank you for the reply.
Yes it is enabled (checked on Use WINS forward lookup) but since there was no entry that I could confirm on WINS on designated servers, I was disregarding the WINS lookup possibility.
However - I noticed now that I need to run a search for displaying WINS registration records from:
Active Registrations -> right click and "Display Records" -> input filter in "Record Mapping" tab.
I finally fond the record of the printer that I was looking for. I should have paid more attention to find the registration records. The record was on one of the servers that were listed on DNS.
It is interesting that nslookup/Network Monitor returns results as if the record exists on a specific server that I specified for nslookup even when not only that the entry does not exists on DNS but also the actual WINS records exist on a different server, like:
>nslookup -type=A -debug printer_a server_x
*Where server_x is a DNS server and actual WINS records exist on server_y. Result seems to be showing that the DNS entry was found on server_x and there is no trace that shows server_y was questioned for finding the actual WINS record.
Is it just the way WINS/DNS is designed?
Still open to the question above, but I will mark up your reply as answer - thanks for your help!