3

I have two DNS resolvers in /etc/resolv.conf file. The top one is Windows DNS server, and the bottom one is my wi-fi router. Please see below. nameserver 192.168.1.126 nameserver 192.168.1.1

In Windows DNS server, the sole "Forward Lookup Zone" is biman.net

When I query for host in the zone (biman.net) the Windows DNS server works fine-- either it returns the IP or NXDOMAIN. But when I query for anything for non-existing zone it returns SERVFAIL. But the wifi router returns NXDOMAIN even when zone name is bogus.

How can I get NXDOMAIN response from Windows DNS server when zone does not exist?

Below are the queries and the responses.

root@VDIkali:~# nslookup -q=A kali2.biman.net Server: 192.168.1.126 Address: 192.168.1.126#53

Name: kali2.biman.net Address: 192.168.1.122

root@VDIkali:~# nslookup -q=A NOHOST.biman.net Server: 192.168.1.126 Address: 192.168.1.126#53

** server can't find NOHOST.biman.net: NXDOMAIN

root@VDIkali:~# nslookup -q=A kali2.NONEXTING.net ;; Got SERVFAIL reply from 192.168.1.126, trying next server Server: 192.168.1.1 Address: 192.168.1.1#53

** server can't find kali2.NONEXTING.net: NXDOMAIN

Biman Roy
  • 167
  • 1
  • 6
  • have either. net or notexisting.net as domain running? can you upload a screen shot.? – djdomi Feb 02 '20 at 15:48
  • NONEXiSTING.net domain does not exist. biman.net domain exists. Kali2 host exists in biman.net domain – Biman Roy Feb 03 '20 at 22:25
  • I got another question related to DNS again. was analysing my DNS traffic using tcpdump (not verbose mode) in a AIX client. I found that a lot of repeat of transaction IDs over matter of hours, and even for different query (see the evidence below. Is it expected? 19:30:06.039765 IP 172.18.140.80.43852 > 172.28.3.40.53: 56554+ AAAA? 172.18.140.80.sg.uobnet.com. (45) 19:30:06.040741 IP 172.28.3.40.53 > 172.18.140.80.43852: 56554 NXDomain* 0/1/0 (110) 19:30:06.644668 IP 172.18.140.80.43873 > 172.28.3.40.53: 56554+ AAAA? DMPCUSG01. (27) 19:30:06.645465 IP 172.28.3.40.53 > – Biman Roy Feb 04 '20 at 01:00
  • And one more evidence where transaction ID repeats over an hour : 19:20:00.768582 IP 172.18.140.80.43432 > 172.28.3.40.53: 62969+ AAAA? DMPCUSG01. (27) 19:20:00.769278 IP 172.28.3.40.53 > 172.18.140.80.43432: 62969 ServFail 0/0/0 (27) 19:20:00.769344 IP 172.18.140.80.43433 > 172.18.3.40.53: 62969+ AAAA? DMPCUSG01. (27) 19:20:00.769775 IP 172.18.3.40.53 > 172.18.140.80.43433: 62969 ServFail 0/0/0 (27) 20:30:01.433471 IP 172.18.140.80.46031 > 172.28.3.40.53: 62969+ AAAA? DMPCUSG01. (27) – Biman Roy Feb 04 '20 at 01:02

0 Answers0