Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, April 24, 2010 1:20 PM
Somebody can explain this?
C:\nslookup
Default Server: major.domain.local
Address: 192.168.2.8
> set d2
> localhost
Server: major.domain.local
Address: 192.168.2.8
SendRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
localhost**.domain.local**, type = A, class = IN
Got answer (103 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
localhost.domain.local , type = A, class = IN
AUTHORITY RECORDS:
-> domain.local
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = major.domain.local
responsible mail addr = hostmaster.domain.local
serial = 83592
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
***** major.domain.local can't find localhost: Non-existent domain
**> localhost.
Server: major.domain.local
Address: 192.168.2.8
SendRequest(), len 27
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
localhost, type = A, class = IN
Got answer (43 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
localhost, type = A, class = IN
ANSWERS:
-> localhost
type = A, class = IN, dlen = 4
internet address = 127.0.0.1
ttl = 600 (10 mins)
**Non-authoritative answer:
Name: localhost
Address: 127.0.0.1
**>exit
C:\
File %systemroot%\system32\drivers\etc\hosts contain:
127.0.0.1 localhost
::1 localhost
WHY by default it add local domain suffics to DNS query for localhost? But if i add . to "localhost" it do it right?
Regards, Dmitriy Ilyin
All replies (15)
Saturday, April 24, 2010 1:30 PM
Also maybe this info would be helpfull:
C:\ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\ipconfig /displaydns
Windows IP Configuration
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
Record Name . . . . . : 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 593338
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
1.0.0.127.in-addr.arpa
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 593338
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost
localhost
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 593338
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1
localhost
Record Name . . . . . : localhost
Record Type . . . . . : 28
Time To Live . . . . : 593338
Data Length . . . . . : 16
Section . . . . . . . : Answer
AAAA Record . . . . . : ::1
C:\
Regards, Dmitriy Ilyin
Monday, April 26, 2010 6:45 AM | 1 vote
Hi,
Thank you for your post here.
I think it should be expected that the DNS client will append the system suffix and try to resolve the FQDN localhost.domain.local when you attempt to resolve Localhost (single label name) from a domain joined computer. If you Nslookup Localhost on a workgroup client (with no system suffix) you will be able to resolve it properly.
When you add . after localhost, system will consider as a non-single label name hostname and will not append system suffix behind it.
If you have any questions or concerns, please do not hesitate to let me know.
Monday, April 26, 2010 8:16 AM
Miles, thanks! You was right! The difference was that machines not joined domain resolve localhost correct. But domain machines are not.
Well, then the question is: how i can prevent adding domain siffuxes to localhost on domain joined machines?
Regards, Dmitriy Ilyin
Monday, April 26, 2010 8:45 AM
Well, i think i found solution.
Just need to add another DNS suffix - .
And place it before others.
**UPDATED
**In my case this workaround was not acceptable :(.
Regards, Dmitriy Ilyin
Tuesday, April 27, 2010 6:43 AM | 1 vote
Hi,
Thank you for your post here.
I thought that the following information will be useful:
The DNS client resolver cache stores entries for both successful and unsuccessful DNS name resolutions. A name that was queried but was not successfully resolved is known as a negative cache entry.
The following list describes the attributes of the DNS client resolver cache:
It is built dynamically from the Hosts file and from DNS queries.
Entries obtained from DNS queries are kept only for a period of time known as the Time to Live (TTL), which is set by the DNS server that has the name-to-IP address mapping stored in a local database.
Entries obtained from the Hosts file do not have a TTL and are kept until the entry is removed from the Hosts file.
Tuesday, April 27, 2010 7:27 AM
Anand, thanks for reply.
I read this http://technet.microsoft.com/en-us/library/cc775637(WS.10).aspx and has some questions...
In this article:
In general, the DNS query process occurs in two parts:
- A name query begins at a client computer and is passed to a resolver, the DNS Client service, for resolution.
- When the query cannot be resolved locally, DNS servers can be queried as needed to resolve the name.
If the query does not match an entry in the cache, the resolution process continues with the client querying a DNS server to resolve the name.
Well, but in my case i have local cashed DNS records.
Question: why dns resolver did not use local cashe?
**UPDATED:
**Miles, sory but i should uncheck your post as answer (but mark it as usefull) because problem some deeper then just domain joined. Maybe some GPO?
Regards, Dmitriy Ilyin
Thursday, May 13, 2010 4:13 AM
If I understand your question right, the nslookup.exe doesn't use the local resolver cache or the host file.
Per your initial steps I see that you are trying to do an extensive debugging using nslookup and Nslookup is used to directly query the DNS servers for resolving the names.
I hope this helps. Please let us know if you have further questions.
Thursday, May 13, 2010 4:25 AM | 1 vote
Hi Dmitriy,
I thought the following KB might provide more clarity.
http://support.microsoft.com/kb/200525
The following excerpt from the KB article is worth looking into:
The first time a query is made for a remote name, the answer is authoritative, but subsequent queries are nonauthoritative. The first time a remote host is queried, the local DNS server contacts the DNS server that is authoritative for that domain. The local DNS server will then cache that information, so that subsequent queries are answered nonauthoritatively out of the local server's cache.
I'm trying to relate this to your initial post of performing a debug output using nslookup where you had got a non-authoritative response.
Thursday, May 13, 2010 6:26 AM
Hi Anand,
Yes, you understand my question correct.
Thanks for KB. I read it.
May be i should describe my initial problem that forced me to start this thread. Because it can be out of problems with DNS.
Lets say that we have some selfmade tool that connect to http://localhost/ and get some data.
We couldn't use boxes DNS names because it (localhost query) hardcoded.
The broblem is that when we try to access http://localhost/ all requests go to our firewall (default gateway). And we get 403 (firewall is Lunix machine and has apache server).
Regards, Dmitriy Ilyin
Thursday, May 13, 2010 7:25 AM
Where is the website hosted? Is it on the same box as the selfmade tool?
Thursday, May 13, 2010 7:54 AM
yes. sure. IIS on the same box.Regards, Dmitriy Ilyin
Monday, May 17, 2010 4:18 PM
On Thu, 13 May 2010 07:54:00 +0000, Dmitriy Ilyin wrote:
>yes. sure. IIS on the same box.
>Regards, Dmitriy Ilyin
Dmitriy,
Is there a Proxy entry in IE? If so, or possibly, is there a GPO
providing a Proxy entry for IE?
As for using nslookup on a machine with no Primary DNS Suffix, (which
results in no Search Suffix), localhost should resolve to 127.0.0.1.
If tested on a joined machine, which of course will have the domain's
zone as the Primary DNS Suffix, as well as the same zone name as the
Search Suffix, then you will need the period, otherwise it is
suffixing the zone name to the query. The period prevents that. This
is default behavior.
You had already mentioned you had added a suffix, but what suffix did
you add? By default, the domain's zone is the Search Suffix.
I believe this is not related to trying to get to the localhost using
IE, meaning that you are trying to access the web server on the
machine itself, and not elsewhere. IE will recognize to look at the
local machine using localhost, so I am not sure why it will be
resolving to the router/firewall.
Are you using the Linux box for DNS in the machine's IP properties? If
the machine is joined, and you use a period, it will send the query to
the Linux box, if it is using the LInux box as the first DNS entry in
its config. That *may* explain why you are getting the HTTP 403
(forbidden) in the response, unless the self-made app is misconfgured?
Based on what's been transpired in this thread, regarding the way IE
is handling it, it *appears* to be more of a Proxy setting. Otherwise,
and I'm just conjecturing here since I don't know anything about the
app that's being used, if the app is set to use a non-default web
port (other than 80 or 443) and it tries to connect to the self-made
app on some other port, it would need to be stated in the URL.
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Thursday, March 29, 2012 11:41 AM
Hi,
Create reverse lookup zone on the DNS server and create PTR record, it will resolve the "nslookup error unknown can't find non-existent domain"
Dinesh S.
Thursday, January 26, 2017 11:26 PM
Hi,
Create the PTR but still the same?
As
Thursday, February 8, 2018 9:56 PM
Been searching for a correct answer on this issue, believe it or not, a Cisco forum has the answer:
DHCP Auto registration with MS DNS
I encountered the exact same issue in my domain. MS & Win7 environment but can't use MS DHCP for political reasons, can't "ping -a" any of the clients on my network.
I did figure out a simple workaround and wanted to post it in case it helps anyone else.
Go into the config of a Windows client's network adapter.
IPv4 TCP/IP settings > "Advanced" button > "DNS" tab.
There are two checkboxes for "Register this connection's addresses in DNS" and "Use this connection's DNS suffix in DNS registration." If you check both checkboxes and ipconfig release & renew, a PTR record will appear.
To automate that across the entire environment I added two settings to our workstation GPO.
- Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix > Enabled
- Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register PTR Records > Register if A record registration succeeds
My Reverse Lookup Zone is populating as the workstations reboot.
JM