2

I recently installed a Windows 2008r2 server (workgroup only, no AD or Domain). This server has DNS enabled.

From a different client machine on the LAN, I run NSLOOKUP to test DNS operation.

When starting up, it correctly lists the server name and IP address.

when I type in "realdomain.com" from the > prompt, NSLOOKUP returns:

Non-authoritative answer:
Name:   realdomain.com.my.domain.net
Address:  67.215.65.132

The client system is able to resolve names, so DNS is working to some extent, but I don't understand why "my.domain.net" is appended.

The 67.215.65.132 address returned for realdomain.com is also incorrect. The address actually belongs to OpenDNS. I am using OpenDNS as the forwarders, but those addresses are 208.67.xxx.xxx.

"my.domain.net" is the primary DNS suffix of the my local LAN server. It is not a publicly visible domain, since the server is on a private network.

This question seems to be quite similar, but I don't understand how to apply the solution: "...remove the wild card entry from your network solutions configuration". What wild card entry? Where is the "network solutions configuration"?

As in the referenced question, if I enter realdomain.com. (with the period at the end), it works correctly and returns the correct address.

Community
  • 1
tim11g
  • 425
  • 5
  • 11
  • 21

2 Answers2

2

I get a similar result:

D:\Users\tannerf>nslookup domain.net 208.67.222.222
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    domain.net.MYSUFFIX.COM
Address:  67.215.65.132

Looks like OpenDNS is redirecting when the name can't be resolved. You can change the query to any subdomain that won't resolve, and it will return the same:

D:\Users\tannerf>nslookup mdmarra.local 208.67.222.222
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    mdmarra.local.microsoft.com
Address:  67.215.65.132

nslookup is, by default, appending the search suffix. Take a look at this question. And here's a thread bemoaning OpenDNS' decision. I find it terribly confusing myself.

If you'd like to prevent OpenDNS from redirecting, you might take a look here.

Community
  • 1
rtf
  • 884
  • 2
  • 17
  • 31
  • Yes, the problem is with OpenDNS. I switched the server over to the Google DNS at 8.8.8.8 and 8.8.4.4 – tim11g Dec 27 '13 at 16:08
2

when I type in "realdomain.com" from the > prompt, NSLOOKUP returns: Non-authoritative answer: Name: realdomain.com.my.domain.net Address: 67.215.65.132

This happens when you submit a query in nslookup that isn't fully qualified. Nslookup needs the trailing . in order for the query to be fully qualified. Lacking the trailing . causes nslookup to append the primary and/or connection specific DNS suffixes to the query.

The client system is able to resolve names, so DNS is working to some extent, but I don't understand why "my.domain.net" is appended.

Yes. The DNS client is working correctly. See my previous statement as to why nslookup behaves this way.

The 67.215.65.132 address returned for realdomain.com is also incorrect. The address actually belongs to OpenDNS. I am using OpenDNS as the forwarders, but those addresses are 208.67.xxx.xxx.

OpenDNS is hijacking the NXDOMAIN response for realdomain.com.my.domain.net and is returning the ip addresses of what is presumably some type of landing page offering their services. The ip addresses returned aren't the ip addresses of their DNS servers, they're the ip addresses to which they are redirecting the NXDOMAIN responses. - http://en.wikipedia.org/wiki/DNS_hijacking

my.domain.net" is the primary DNS suffix of the my local LAN server. It is not a publicly visible domain, since the server is on a private network.

mydomain.net is the primary DNS suffix of your server. That is the DNS suffix that nslookup will append to unqualified queries while running nslookup from the server.

This question seems to be quite similar, but I don't understand how to apply the solution: "...remove the wild card entry from your network solutions configuration". What wild card entry? Where is the "network solutions configuration"?

This isn't applicable in your case. The NXDOMAIN response is being hijacked by OpenDNS.

As in the referenced question, if I enter realdomain.com. (with the period at the end), it works correctly and returns the correct address.

Exactly. This is the correct way to use nslookup.

Everything you've described in your question is perfectly normal behavior, as far as nslookup is concerned. The only issue is the fact that OpenDNS is hijacking the NXDOMAIN response, which it really ought not to do.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • This answer is AWESOME! I was wondering the same things. May I add to the question; I have never seen this behavior before. In my old environments, dns was handled by another department, and the nslookup always looked 'normal'. How would I configure the server (or client) to return a single domain at nslookup. Assuming I have been hyjacked as well, is just changing my forwarders enough? – Manly Boots Apr 09 '19 at 23:43