Messed up DNS ??

  • Thread starter Thread starter Dev
  • Start date Start date
D

Dev

From my Windows 2000 server SP3 when I used to ping to a particular
machine I used to get proper reply.
Like "Ping Manoj" would result in a reply from the IP User "manoj" is
using.

C:\>ping manoj
Pinging Manoj[190.166.0.136] with 32 bytes of data:
Reply from 190.166.0.136: bytes=32 time< 10ms TTL=57
Reply from 190.166.0.136: bytes=32 time< 10ms TTL=57

But strangly from today morning I am getting a reply like this :-

C:\>ping manoj
Pinging premium4.geo.yahoo.akadns.net [66.218.79.140] with 32 bytes of
data:
Reply from 66.218.79.140: bytes=32 time=344ms TTL=57
Reply from 66.218.79.140: bytes=32 time=410ms TTL=57

How did the user "Manoj" resolve into "premium4.geo.yahoo.akadns.net
[66.218.79.140]" ?

This has happened to all the users in my domain. I tried ipconfig
/flushdns, but it didn`t work. What may be the problem? My Network is
down from the morning, please help.

Regards,
Dev
 
Dev said:
From my Windows 2000 server SP3 when I used to ping to a particular
machine I used to get proper reply.
Like "Ping Manoj" would result in a reply from the IP User "manoj" is
using.

C:\>ping manoj
Pinging Manoj[190.166.0.136] with 32 bytes of data:
Reply from 190.166.0.136: bytes=32 time< 10ms TTL=57
Reply from 190.166.0.136: bytes=32 time< 10ms TTL=57

But strangly from today morning I am getting a reply like this :-

C:\>ping manoj
Pinging premium4.geo.yahoo.akadns.net [66.218.79.140] with 32 bytes of
data:
Reply from 66.218.79.140: bytes=32 time=344ms TTL=57
Reply from 66.218.79.140: bytes=32 time=410ms TTL=57

How did the user "Manoj" resolve into "premium4.geo.yahoo.akadns.net
[66.218.79.140]" ?

This has happened to all the users in my domain. I tried ipconfig
/flushdns, but it didn`t work. What may be the problem? My Network is
down from the morning, please help.

Likely to be a combination of a wildcard CNAME and DNS suffix search list.
It could also be that you have your ISP's DNS in TCP/IP properties.

Post your ipconfig /all and I will see if I can reproduce the behavior. (I
want to verify you are not using an external DNS server, and try different
combinations of your DNS suffix search list.
The likely reason why all machines had the issue is because if the DNS
suffix search list contains an external domain name that cached the wildcard
CNAME in your DNS server.
 
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : LINDSAYINDIA.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LINDSAYINDIA.COM

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI
Ethernet Adapter (10/100) #2
Physical Address. . . . . . . . . : 00-07-E9-F3-3E-1F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 190.166.0.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 190.166.0.3
DNS Servers . . . . . . . . . . . : 202.54.9.1
 
Dev said:
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : LINDSAYINDIA.COM
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : LINDSAYINDIA.COM

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI
Ethernet Adapter (10/100) #2
Physical Address. . . . . . . . . : 00-07-E9-F3-3E-1F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 190.166.0.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 190.166.0.3
DNS Servers . . . . . . . . . . . : 202.54.9.1

Thanks for posting this, the problem I see here, assuming this is Active
Directory or if you have a local DNS server you must use your local DNS
only. (Or if you just expect local DNS resolution)
This problem is exacerbated by the fact that there is a wildcard CNAME
record in lindsayindia.com.
Since lindsayindia.com is in your DNS suffix search list any non-FQDN you
try to resolve is gong to resolve to this CNAME So I would be very surprised
to find that you could browse to any website, unless you add a trailing dot
to the name. Adding the trailing dot tells the DNS Client service (and
nslookup) to not append lindsayindia.com to queries.

Take a look at what happens when I append your DNS suffix to a
microsoft.com:
QUESTION SECTION:
microsoft.com.LINDSAYINDIA.COM. IN A

ANSWER SECTION:
microsoft.com.LINDSAYINDIA.COM. 334 IN CNAME
premium4.geo.yahoo.akadns.net.
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.148
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.161
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.140
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.155
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.149
premium4.geo.yahoo.akadns.net. 34 IN A 66.218.79.147

Query time: 16 ms
Server : 192.168.0.2:53 udp (192.168.0.2)
When : 12/26/2005 10:36:11 AM
Size rcvd : 187

Use only your local DNS server for all local machines, not external or ISP's
DNS allowed in any position on any interface of an Active Directory domain
member.
If you own a website at www.lindsayindia.com you will need to add a new
delegation named www and put these NS records in the delegation:
QUESTION SECTION:
LINDSAYINDIA.COM. IN NS

ANSWER SECTION:
LINDSAYINDIA.COM. 85381 IN NS ns9.san.yahoo.COM.
LINDSAYINDIA.COM. 85381 IN NS yns1.yahoo.COM.
LINDSAYINDIA.COM. 85381 IN NS yns2.yahoo.COM.
LINDSAYINDIA.COM. 85381 IN NS ns8.san.yahoo.COM.

ADDITIONAL SECTION:
yns1.yahoo.COM. 169860 IN A 66.218.71.205
yns2.yahoo.COM. 169860 IN A 216.109.116.20
ns9.san.yahoo.COM. 172800 IN A 216.109.116.20
ns8.san.yahoo.COM. 172800 IN A 66.218.71.205

You will need to use a delegation for this name because www.lindsayindia.com
points to this same wildcard CNAME record which returns six IP addresses.
This is common with yahoo web hosting.

If lindsayindia.com is an Active Directory domain, you cannot access the
website by using only http://lindsayindia.com because this name must resolve
only to IP addresses on domain controllers that have file sharing enabled.
This is where the domain's SYSVOL DFS share is found and how group policies
are applied. You can use a workaround by using IIS on your domain
controllers to redirect http://lindsayindia.com to
http://www.lindsayindia.com

Sorry for getting so long in this reply, but I wanted to cover all follow-up
questions you may have.
 
Kevin gave you a detailed answer for your "real problem".
(use that)

I would also suggest you get this server upgraded from
SP3 to SP4++++.

SP4 has practically no compatibily problems (your milage
may however vary) and SP4 offers many fixes.

Although these don't likely or necessarily address your
current problem, SP4 is the "right thing to do."
 
Thanks a TON for all the help. Actually it took me 12 long days to
resovle the complete issue exactly as you have mentioned. I am a litte
slow in learning things :)

Dev
 
Dev said:
Thanks a TON for all the help. Actually it took me 12 long days to
resovle the complete issue exactly as you have mentioned. I am a litte
slow in learning things :)

12 days seems kind of extreme, you could have cleared this up quickly by
removing the ISP DNS. Then, adding the delegation for the www record to the
internal DNS zone.
 
Back
Top