Unable to resolve MX using nslookup

Discussion in 'DNS Server' started by Alex White, Aug 16, 2005.

  1. Alex White

    Alex White Guest

    Hello,

    I am experiencing a problem performing nslookups of MX records under Windows
    2000/2003 boxes that are joined to a domain. More broadly, I experience the
    problem on (at least) any Windows 2000/2003/XP machine which uses a DNS
    suffix (so far I have only tested on boxes joined to a domain ending with
    ".com.au")

    Say I have an server joined to the "company.com.au" domain. I open an
    nslookup:
    Default Server: [xxx.xxx.xxx.xxx]
    Address: xxx.xxx.xxx.xxx
    Server: anynameserver.anywhere.com
    Address: xxx.xxx.xxx.xxx

    nz.com.au
    primary name server = ns.redirection.net
    responsible mail addr = hostmaster.redirection.net
    serial = 2004081100
    refresh = 172800 (2 days)
    retry = 3600 (1 hour)
    expire = 1728000 (20 days)
    default TTL = 172800 (2 days)

    -----

    What the? I said I wanted MX, not SRV?

    As a workaround, I append a period (.) to the end of my MX query, and no
    problem:

    -----

    Server: oznet.ozemail.com.au
    Address: 203.2.193.124

    Non-authoritative answer:
    nzherald.co.nz MX preference = 15, mail exchanger = mail2.apn.co.nz
    nzherald.co.nz MX preference = 10, mail exchanger = mail.apn.co.nz

    nzherald.co.nz nameserver = dns1.apn.co.nz
    nzherald.co.nz nameserver = dns2.apn.co.nz
    mail2.apn.co.nz internet address = 203.99.65.14
    mail.apn.co.nz internet address = 203.99.65.13
    dns1.apn.co.nz internet address = 203.99.65.8
    dns2.apn.co.nz internet address = 203.99.65.9

    -----

    Well, that's a bit better.

    Is this a bug in the nslookup client, or Windows? Or am I doing something
    naughty?

    Any help is appreciated.

    Regards,

    Alex White
     
    Alex White, Aug 16, 2005
    #1
    1. Advertisements

  2. In
    Curious, can you post an ipconfig /all of this client machine? I am curious
    to see the exact search suffix(es) set on the machine.

    This was discussed in the past, but I can't recall the specifics. Let's
    start with the info above please.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Aug 17, 2005
    #2
    1. Advertisements

  3. Alex White

    Alex White Guest

    Hi Ace,

    Thanks for responding.

    Here's the ipconfig output. The behavious is typical for anything which is
    uses foo.com.au as a suffix.

    Regards,

    Alex

    ==========

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : blahblahblah
    Primary Dns Suffix . . . . . . . : blah.com.au
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : blah.com.au
    com.au

    Ethernet adapter Intel Fast Ethernet LAN Controller - Onboard:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
    Physical Address. . . . . . . . . : 00-06-5B-88-7D-BC
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.12.41
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.12.1
    DNS Servers . . . . . . . . . . . : 192.168.12.40
    192.168.12.41
    Primary WINS Server . . . . . . . : 192.168.12.40
    Secondary WINS Server . . . . . . : 192.168.12.41


    "Ace Fekay [MVP]"
     
    Alex White, Aug 17, 2005
    #3
  4. I believe this is caused by the DNS suffix search list and having com.au in
    the list. If you will clear the check box "Append parent suffixes of the
    Primary DNS suffix" on the DNS tab of TCP/IP properties it will stop this
    behavior. Then run ipconfig /flushdns to clear the client cache.
    After verification that is does stop the behavior, you can make this setting
    in your default domain policy to XP and Win2k3 clients.
    Computer Configuration
    -Administrative templates
    -Network
    -DNS Client
    Primary DNS suffix devolution (Disable)

    Apply the policy to all XP clients by running this in a command prompt:
    gpupdate /force
    Then enter Y to reboot if it asks.

    This policy won't work on Win2k clients, they will need to be manually
    configured as in the first paragraph.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 17, 2005
    #4
  5. In
    Kevin,

    I remember it had something to do with the parent suffix. I'm glad you
    remembered!

    Ace
     
    Ace Fekay [MVP], Aug 18, 2005
    #5
  6. Ace Fekay [MVP]
    Yes, it is usually the parent suffix. You want to know what causes a real
    big problem?
    If the Externally hosted zone for the parent level domain has a wildcard
    record in it. I've comacross this a lot lately and some of these DNS
    providers give no option to delete the Wildcard record. If you don't stop
    the suffix devolution, you have to create a shadow zone.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 18, 2005
    #6
  7. Alex White

    Alex White Guest

    Yep, it works.

    Thank you both :)

     
    Alex White, Aug 18, 2005
    #7
  8. Alex White

    Alex White Guest

    Whoops, spoke too soon.

    It seems while lookups for *.co.uk return okay for some reason, *.co.nz
    lookups still exhibit the same behaviour:
    Server: vnsc-bak.sys.gtei.net
    Address: 4.2.2.2

    nz.com.au
    primary name server = ns.redirection.net
    responsible mail addr = hostmaster.redirection.net
    serial = 2004081100
    refresh = 172800 (2 days)
    retry = 3600 (1 hour)
    expire = 1728000 (20 days)
    default TTL = 172800 (2 days)
    Server: vnsc-bak.sys.gtei.net
    Address: 4.2.2.2

    Non-authoritative answer:
    hello.co.nz MX preference = 10, mail exchanger =
    mail.discountdomains.co.nz
    hello.co.nz MX preference = 20, mail exchanger =
    mail2.discountdomains.co.nz

    My ipconfig now looks like:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : blahblahblah
    Primary Dns Suffix . . . . . . . : blah.com.au
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : blah.com.au

    Ethernet adapter Intel Fast Ethernet LAN Controller - Onboard:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
    Physical Address. . . . . . . . . : 00-06-5B-88-7D-BC
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.12.41
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.12.1
    DNS Servers . . . . . . . . . . . : 192.168.12.40
    192.168.12.41
    Primary WINS Server . . . . . . . : 192.168.12.40
    Secondary WINS Server . . . . . . : 192.168.12.41
     
    Alex White, Aug 18, 2005
    #8
  9. Do this MX lookup again with the -d2 switch, so we can see exactly what is
    searched.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 18, 2005
    #9
  10. In
    I've always wondered why some ISPs do this. It just creates alot of
    headaches.

    Ace
     
    Ace Fekay [MVP], Aug 19, 2005
    #10
  11. Ace Fekay [MVP]
    Who knows, if they use host headers, the wilcard won't work for the web site
    anyway. Otherwise, all a wildcard record is good for is typos.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 19, 2005
    #11
  12. In
    True...

    :)
     
    Ace Fekay [MVP], Aug 19, 2005
    #12
  13. Alex White

    Alex White Guest

    nzherald.co.nz
    Server: vnsc-bak.sys.gtei.net
    Address: 4.2.2.2

    ------------
    SendRequest(), len 45
    HEADER:
    opcode = QUERY, id = 8, rcode = NOERROR
    header flags: query, want recursion
    questions = 1, answers = 0, authority records = 0, additional = 0

    QUESTIONS:
    nzherald.co.nz.blah.com.au, type = MX, class = IN

    ------------
    ------------
    Got answer (102 bytes):
    HEADER:
    opcode = QUERY, id = 8, rcode = NXDOMAIN
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 0, authority records = 1, additional = 0

    QUESTIONS:
    nzherald.co.nz.blah.com.au, type = MX, class = IN
    AUTHORITY RECORDS:
    -> blah.com.au
    type = SOA, class = IN, dlen = 45
    ttl = 1171 (19 mins 31 secs)
    primary name server = ns0.easydns.com
    responsible mail addr = admin.easydns.com
    serial = 1122336935
    refresh = 21600 (6 hours)
    retry = 7200 (2 hours)
    expire = 604800 (7 days)
    default TTL = 1200 (20 mins)

    ------------
    ------------
    SendRequest(), len 39
    HEADER:
    opcode = QUERY, id = 9, rcode = NOERROR
    header flags: query, want recursion
    questions = 1, answers = 0, authority records = 0, additional = 0

    QUESTIONS:
    nzherald.co.nz.com.au, type = MX, class = IN

    ------------
    ------------
    Got answer (104 bytes):
    HEADER:
    opcode = QUERY, id = 9, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 0, authority records = 1, additional = 0

    QUESTIONS:
    nzherald.co.nz.com.au, type = MX, class = IN
    AUTHORITY RECORDS:
    -> nz.com.au
    type = SOA, class = IN, dlen = 53
    ttl = 10791 (2 hours 59 mins 51 secs)
    primary name server = ns.redirection.net
    responsible mail addr = hostmaster.redirection.net
    serial = 2004081100
    refresh = 172800 (2 days)
    retry = 3600 (1 hour)
    expire = 1728000 (20 days)
    default TTL = 172800 (2 days)

    ------------
    nz.com.au
    type = SOA, class = IN, dlen = 53
    ttl = 10791 (2 hours 59 mins 51 secs)
    primary name server = ns.redirection.net
    responsible mail addr = hostmaster.redirection.net
    serial = 2004081100
    refresh = 172800 (2 days)
    retry = 3600 (1 hour)
    expire = 1728000 (20 days)
    default TTL = 172800 (2 days)
     
    Alex White, Aug 22, 2005
    #13
  14. In
    Try it again, this time using putting a period on the end of nzherald.co.nz.

    Ace
     
    Ace Fekay [MVP], Aug 22, 2005
    #14
  15. Alex White

    Alex White Guest

    Skips the blah.com.au suffix:
    Server: vnsc-bak.sys.gtei.net
    Address: 4.2.2.2

    ------------
    SendRequest(), len 32
    HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags: query, want recursion
    questions = 1, answers = 0, authority records = 0, additional = 0

    QUESTIONS:
    nzherald.co.nz, type = MX, class = IN

    ------------
    ------------
    Got answer (79 bytes):
    HEADER:
    opcode = QUERY, id = 4, rcode = NOERROR
    header flags: response, want recursion, recursion avail.
    questions = 1, answers = 2, authority records = 0, additional = 0

    QUESTIONS:
    nzherald.co.nz, type = MX, class = IN
    ANSWERS:
    -> nzherald.co.nz
    type = MX, class = IN, dlen = 13
    MX preference = 10, mail exchanger = mail.apn.co.nz
    ttl = 9284 (2 hours 34 mins 44 secs)
    -> nzherald.co.nz
    type = MX, class = IN, dlen = 10
    MX preference = 15, mail exchanger = mail2.apn.co.nz
    ttl = 9284 (2 hours 34 mins 44 secs)

    ------------
    Non-authoritative answer:
    nzherald.co.nz
    type = MX, class = IN, dlen = 13
    MX preference = 10, mail exchanger = mail.apn.co.nz
    ttl = 9284 (2 hours 34 mins 44 secs)
    nzherald.co.nz
    type = MX, class = IN, dlen = 10
    MX preference = 15, mail exchanger = mail2.apn.co.nz
    ttl = 9284 (2 hours 34 mins 44 secs)
    "Ace Fekay [MVP]"
     
    Alex White, Aug 22, 2005
    #15
  16. It looks like the problem is in the DNS suffix search list, caused by a
    combination in the DNS suffix devolution and a Wildcard record in nz.com.au.
    On the DNS tab of TCP/IP Properties, clear the checkbox for "Append parent
    suffixes of the Primary DNS suffix" should clear this up. You can assign
    this in a group policy to XP and Win2k3 clients.
    Default Domain Policy
    Computer Configuration
    -Administrative Templates
    -Network
    -DNS Client
    Primary DNS suffix devolution (Disable)


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 22, 2005
    #16
  17. Alex White

    Alex White Guest

    Thanks for following up, I'll apply this tonight out of hours and see how I
    go.
     
    Alex White, Aug 22, 2005
    #17
  18. Alex White

    Alex White Guest

    Out of interest, is there any way outside of GP to disable suffix
    devolution?
     
    Alex White, Aug 22, 2005
    #18
  19. Alex White

    Alex White Guest

    I couldn't get this to work using a local policy on my PC without manually
    specifying blah.com.au as the suffix search list. When I manually specify
    the search list it behaves as desired, hence I'm pretty sure that things
    will go to plan tonight.

    Thanks Kevin and Ace for your help.
     
    Alex White, Aug 22, 2005
    #19
  20. In
    Gald we could help, but we have to give more of the credit to Kevin with
    figuring out the wildcard issue. I think Kevin likes those wildcards!

    Ace
     
    Ace Fekay [MVP], Aug 22, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.