Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 30, 2017 11:17 AM
Hi,
I have a conditional forwarder on my DC (DC1, IP = 10.0.0.10) pointing at 51.8.8.8 for DNS zone "gsi.gov.uk", I've noticed some odd behaviour:
-If I do an nslookup on DC1 for gsi.gov.uk I get a response as follows:
Server DC1.contoso.com
Address: 10.0.0.10
Name: gsi.gov.uk
In fact, I get the same response if I do an nslookup for any sub domain of that domain, e.g. nonexistent23.gsi.gov.uk
Server DC1.contoso.com
Address: 10.0.0.10
Name: nonexistent23.gsi.gov.uk
I would have expected the conditional forwarder to error and respond no domain, but that doesn't happen. Why doesn't the forwarding DNS server respond with an IP address or error for the query?
The reason why I'm asking is that we use mail checking to check for existent SMTP domains, some valid domains are being accepted such as "dwp.gsi.gov.uk" other domains are not e.g. "homeoffice.gsi.gov.uk", I'm thinking of creating a new internal DNS zone called "homeoffice.gsi.gov.uk" with an SOA record of my DNS server and an Nameserver record of 51.8.8.8 to ensure my mail appliance check passes on the domain lookup.
Thank you
All replies (2)
Tuesday, January 31, 2017 8:36 AM
Hi Euro,
>>Why doesn't the forwarding DNS server respond with an IP address or error for the query?
Have you tried to ping gsi.gov.uk to check if gsi.gov.uk could be ping correctly?
You could use Debug Logging tools that was in DNS server to check if DNS server has accepted query result from conditional forwarder.
Here is information about Debug Logging for your reference:
DNS Logging and Diagnostics
https://technet.microsoft.com/en-us/library/dn800669(v=ws.11).aspx
Best Regards
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, February 2, 2017 1:13 PM
Hi,
The server isn't pingable, only port 53 is open. The DNS debug logs are partially helpful, maybe I'm just not good at interpreting the results
I do see NXDOMAIN in the detailed logs and searches for AAA, A, plus multiple DNS lookups such as gsi.gov.uk, as well as gsi.gov.uk.contoso.local and gov.uk.contoso.local
I'm still not sure why the standard nslookup doesn't return an IP address or error though.