0

This is a bit perplexing to me.

When I do a NSLOOKUP on 10.0.0.17 it comes back as "ProductionServer01.domain.com" which is a decommissioned server. 10.0.0.17 is actually ProductionServer02.domain.com, and when I NSLOOKUP that hostname, the correct IP comes back.

I logged into MainDC04 and checked the DNS records for ProductionServer02, and it is listed as 10.0.0.17, and ProductionServer01 is listed as 10.0.0.85. This is the correct addressing for these machines.

I did flush my DNS records, and test from a different machines (MainDC04 and another laptop I had lying around).

Is this even something I should be concerned about, or can it be ignored? Any thoughts on the cause of this issue would be appreciated.

TL:DR; ProductionServer01: 10.0.0.85 ProductionServer02: 10.0.0.17

DNS lookups put ProductionServer01 as 10.0.0.17 and 10.0.0.85

Our Main Domain Controller is a Windows Server 2012 machine, and we have 2 older DCs running 2k3.

David Liese
  • 145
  • 1
  • 10
  • I don't know if there's an equivalent in Windows, but if you have access to a unix box (or maybe cygwin), [dig](http://en.wikipedia.org/wiki/Dig_%28command%29) can be very handy for troubleshooting these sorts of things. In particular, the +trace and +nssearch options. – Phil Frost Feb 27 '13 at 15:12

1 Answers1

2

When you do a reverse lookup for an IP Address DNS does a lookup for a Reverse PTR record. It does not actually try to lookup forward records by their data (that would be a monstrous security hole).

You need to update your Reverse PTR record in DNS. Same MMC you were looking at for the Forward Record...

Chris S
  • 77,945
  • 11
  • 124
  • 216