When I perform NSLOOKUP -q=a chinaa.cn I get the following result in WireShark:
Why did it FIRST look up the PTR of my ISP DNS before sending an A-request?
And why did the DNS server respond first with with No such name with .home-appended to it?
Asked
Active
Viewed 352 times
0
Kahn Kah
- 144
- 6
-
Probably so it can log which DNS server it used to do the lookup. – hardillb Nov 01 '21 at 12:29
-
@hardillb nope, because it only does this rarely – Kahn Kah Nov 01 '21 at 12:34
-
Edit the question to show what's in your `/etc/resolve.conf` – hardillb Nov 01 '21 at 12:36
-
@hardillb , what's the windows-equivalent? – Kahn Kah Nov 01 '21 at 12:47
1 Answers
4
NSLOOKUP first displays the IP address of the DNS server it sends the request to, along with its DNS name. If the DNS name is not already in the DNS cache, then it sends a PTR request to get the name.
longneck
- 23,082
- 4
- 52
- 86
-
1And the reason it only does it intermittently is because it will be caching the response for the TTL. The answer to the second question will be because your DHCP server will be returning `.home` as a search path so it will checked first – hardillb Nov 01 '21 at 13:36