Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, June 10, 2010 9:46 AM
I have very weird replies when i do a NSLOOKUP. No matter which site i lookup ("yahoo.com" or "msn.com", etc) i get the same address in return. Is that normal? ALSO, the name returned always get appended to be "msn.com.com.my" or "yahoo.com.com.my".
This looks scary because it's appending suffixes for no reason...
All replies (2)
Thursday, June 10, 2010 10:09 AM ✅Answered | 2 votes
tonymoey wrote:
> I have very weird replies when i do a NSLOOKUP. No matter which site i
> lookup ("yahoo.com" or "msn.com", etc) i get the same address in return.
> Is that normal? ALSO, the name returned always get appended to be
> "msn.com.com.my" or "yahoo.com.com.my".
>
> This looks scary because it's appending suffixes for no reason...
>
NsLookup always appends suffixes unless you terminate the name with a
period.
e.g.
nslookup msn.com.
And, if you have a wildcard-record for your domain, or one of the
domains in the search list you will find that is appended and that you
get an answer.
For example, if you have this:
*.domain.com. IN A 1.2.3.4
And the system you use has domain.com as the Primary DNS Suffix, or in
the DNS Suffix Search List you will find that NsLookup replies to
everything with 1.2.3.4.
e.g.
nslookup www.google.com
Reply: www.google.com.domain.com
Except when terminated with a period as above.
The DNS Client does not necessarily exhibit the same behaviour (can be
tested with Ping). It can be controlled by setting
AppendToMultiLabelName in the registry, or by changing this setting in
Group Policy:
Computer Configuration \ Administrative Templates \ Network \ DNS Client
Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries
For most systems, by default, it will not append the suffix to a
multi-label name. Do note that this setting has no impact on NsLookup.
HTH
Chris
Saturday, June 12, 2010 5:46 AM ✅Answered | 3 votes
Is this a duplicate thread? Chris, I think you mentioned that in the other thread. In case Tonymoey can't find the other thread, I'll post my response from that thread here, too.
==========
Hi tonymoey,
Funny, this question came up the other day as well, but I'm not sure if it's the same one Chris mentioned. Here was my response on it, which pretty much reflects Chris' response on how nslookup behaves. I hope you find it helpful.
Keep in mind, nslookup's resolver service has its own built-in resolver service and is totally *independent* of the operating system's client side resolver, (although it will use the machine's suffixes to devolve names), and will behave differently than if you were to say ping a host by single name. When using nslookup, you need to fully qualify the name you are querying with a trailing dot. If not, it will append the current context, that is the suffix on the machine.
Here's are some links explaining what I mean. The first one is a doc that explains more of this in greater detail. This doc actually was compiled from KB200525, the second link, which is also mentioned in the Microsoft Official Curriculum #688 Using TCP/IP Courseware.
Using NSlookup (File Format: Microsoft Word) - Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be ...;
http://mcse.villanova.edu/Courses/688/documents/Using%20NSlookup.doc
Using NSlookup.exe
http://support.microsoft.com/?id=200525
Using NSlookupFile Format: Microsoft Word - View as HTML
Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be ...
http://mcse.villanova.edu/Courses/688/documents/Using%20NSlookup.doc
NslookupSep 28, 2007 ... This applies when the set and the lookup request contain at least one period, but do not end with a trailing period. Nslookup /set srchlist ...
http://technet.microsoft.com/en-us/library/cc725991(WS.10).aspx
As the last link suggests, you can use the Nslookup /set srchlist switch to set your own search lists that changes the default search suffix nslookup uses. You can also sepecific it in interactive mode by the following and leaving it blank to remove any search suffixes it's pulling from the machine:
nslookup
> set srchlist
So basically you will need to use the dot unless you remove the search suffix. You can also remove the suffix from the machine, and it will work without a trailing dot. But the search suffix is derived from the Primary DNS Suffix, which is set by the domain it's joined to. You can remove it in the registry and not touch the Primary DNS Suffix.
Will it affect AD functionality? Yes if you remove the Primary DNS Suffix, which the default search list comes from and the machine uses in such cases as DirectSMB connectivity, among other things, and No, nslookup's requirement of using a dot doesn't affect or indicate any issues with AD, it's just an nslookup thing.
It just something to keep in mind when using nslookup.
========
Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.