4

Today I've recognized strange behaviour of our DNS-System, if I make a DNS reverse lookup for the server srvdefiler1 with System.net.dns.gethostentry("10.10.1.54") (done within powershell if it matters, .Net 4.5) it returns following record:

Hostname:     srvdedc3.de.xxx.ag
AddressList:  {10.10.1.32}

Which is our Domaincontroller running DNS-Service, too.

Because of the fact that there is no DNS-Entries for srvdefiler1 nor a reverse DNS ptr, I expected that the method throws a SocketException.

By the way:

  • nslookup 10.10.1.54 returns Non-existent domain.
  • ping -a shows an alias of our Domaincontroller (which is strange for me too)

I think that there is something wrong with our DNS/Netbios configuration on fileserver or domaincontroller.

But I couldn't find any issues, it's the only server which returns unexpected record.

Any suggestions to solve this problem or help to find the problem? Is there any other clear code to do a reverse DNS lookup in .net / powershellscript which exactly works like nslookup ?

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
fadanner
  • 158
  • 1
  • 8
  • If you do `nslookup srvdedc3.de.xxx.ag`, will it return more than a single IP address? If yes, check A records in your DNS, and check if your server has more than one IP address. This might be normal that looking up an IP then checking the IP of a resultant name returns a different IP. – Vesper Jul 09 '15 at 10:04
  • 1
    no `nslookup srvdedc3.de.xxx.ag` only returns one IP, which is the ip of the Domaincontroller. The result of `nslookup` for both servers is like expected. The problem isn't really that `gethostentry(ip)` returns an other ip, but that it returns a record of an other server. – fadanner Jul 09 '15 at 10:13
  • 1
    could you try `[System.net.dns]::gethostentry([ipaddress]"10.10.1.54")` ? – CB. Jul 09 '15 at 10:43
  • tested that already - same result. I think there must be something wrong with the underlying dns or netbios or something. – fadanner Jul 09 '15 at 10:44
  • Did you clear the DNS cache on client (`ipconfig /flushdns`) and all DNS servers (`dnscmd SERVERNAME /clearcache`)? – Ansgar Wiechers Jul 09 '15 at 11:21
  • did you check your `%windir%\System32\drivers\etc\hosts` file ? – Loïc MICHEL Jul 09 '15 at 11:35
  • caches are clear, hosts file is empty, the query returns the "wrong" answer on every client tested even on the DC, nslookup works fine on every clients tested – fadanner Jul 09 '15 at 11:41
  • Could you please post the output of `[System.Net.Dns]::GetHostEntry(ip).AddressList`. I realize at first glance it may seem like the same command, but you should get different output. – Colyn1337 Jul 09 '15 at 15:38

1 Answers1

-2

I was not able to reproduce the problem (calling [System.Net.Dns]::GetHostEntry('unusedIP') gave me an exception).

If there is in fact an issue with your DNS configuration, it's not clear from the information we have, and it would be more appropriate to post it on ServerFault.

Is there any other clear code to do a reverse DNS lookup in .net / powershellscript which exactly works like nslookup ?

I wouldn't say it works exactly like nslookup but there is a cmdlet for that (be aware that it requires PowerShell 3+ and Windows 8/2012 or higher):

Resolve-DnsName 10.10.1.54
briantist
  • 45,546
  • 6
  • 82
  • 127
  • Isn't `Resolve-DnsName` only applicable to Windows Server 2012 R2 and WIndows 8.1? So it not only requires Powershell 3+ ? Btw. thanks for the ServerFault suggestion. – fadanner Jul 10 '15 at 06:43
  • @fadanner It's also available on Windows 8 and Server 2012. The link I posted has a drop down for "other versions" but I've gone ahead and updated the link so it goes directly to the downlevel version. But you're right, this cmdlet does require more than just a PS version update, it needs the underlying OS to be at that minimum too. – briantist Jul 10 '15 at 14:53