nslookup and dot

  • Thread starter Thread starter Vasja
  • Start date Start date
V

Vasja

I have a problem with my Win2000 DC with DNS,

When I start nslookup (on DC) and query for

MYDOMAIN.CO.YU

I get response which lists all IP addresses of all our DCs. I get the
same when I query for

MYDOMAIN.CO.YU.

So for this type of query it is same wheather I use trailing DOT or
not.

But when I do

SET TYPE=SRV

and do a query for

_LDAP._TCP.MYDOMAIN.CO.YU.

it gives a list of all SRV records as it should but when I query for

_LDAP._TCP.MYDOMAIN.CO.YU (without a DOT)

it tries to reach _LDAP._TCP.MYDOMAIN.CO.YU.CO.YU. and of course goes
outside our realm.

Now IS THIS OK OR NOT? I ask because I have other problems with this
DC. Netdiag and Dcdiag keep reporting errors and netdom reports that
it cannot contact itself.

Any help will be much appreciated.
 
Nslookup is notoriously brain-dead on some things.

Technically it is ONLY a FQDN if you add the "." on the end -- many people
use this term (incorrectly) to mean anything that looks like a "complete
name"
as opposed to just a "domain" or a "server" (base) name.

(Technically I implied a misuse of the term "domain" in the above sentence,
but this is the
way that most people understand it and those that know the mistake don't
need
this explanation. <grin>)

When you leave of the terminating, and fully qualifying DOT, Nslookup is
free to append
the local machine's "domain" name (or not) and perhaps even perform the
lookup twice.

To SPECIFY the actual lookup to include the DOT; to avoid typing and depend
on the
good graces (defaults) then leave it off.
 
What I want to know is this:

I dont care what nslookup use, but actualy what NETDOM is using to determine connection to itself. When I try (I try this command on BGDDC computer)

NETDOM QUERY /DOMAIN:MYDOMAIN.CO.YU. /VERIFY DC

I get error:

Machine Status/Domain Domain Controller
======= ============= =================
\\BGDDC ERROR! ( The specified domain either does not exist
or could not be contacted. )
\\BGD03 MYDOMAIN.CO.YU. \\BGDDC.MYDOMAIN.CO.YU
\\NSAD MYDOMAIN.CO.YU. \\BGDDC.MYDOMAIN.CO.YU

Now this one I am trying to solve for days now. I thought that it might have something to do with DNS. In the above picture
BGDDC is 'main' DC which is on Windows 2000 SP4 and all other DCs are Windows 2003.
Do you have any idea how to resolve this error. I tried to reset machine account with netdom (as per MS KB about this with disabling and reenabling of KDC) couple of times but with no use.
 
If name is not fully qualified with a trailing dot, nslookup appends the
domain suffix first and if reply is NXDOMAIN, it makes the query again using
your host name as entered and appends the dot. To make matter worse, it
does not show you the dot in the std or debug output, so your left wondering
what exactly it sent. However all names in the query must end in a zero
length byte (i.e. which is the nothing after the dot, which most people just
refer to as the root label or dot.) for the server to process the question.
Hence the dot has to be there - the tool just does not show it. This is
reverse of what the dns resolver does, which appends the dot first on domain
names with two or more labels. If only one label, it appends the dns suffix
first. So your suffix must be set to YU.CO.YU. for you to see this
behavior. Use the dot to be sure or get NetDig at www.mvptools.com .
A diagnostic tool should not append anything, but do what you ask unless you
set some option to do different. One of the reasons some people don't care
for nslookup.
 
Herb, William

Many thanks for clearing at least nslookup features. Do you have any clue about DC error I receive

Regards
 
In Vasja <[email protected]> posted a question
Then Kevin replied below:
: Herb, William,
:
: Many thanks for clearing at least nslookup features. Do you have any
: clue about DC error I receive?
:
: Regards

Remove External domains from the domain search list on all machines.
Nslookup or not, Windows will append the names to all queries, if you have
an external name in the domain search list this name will be appended to all
DNS queries and get forwarded by your DNS server. Most will fail and cause
DNS errors.
 
Do you mean that I disable "Append parent suffixes of the primary DNS suffix" setting?
 
All that (disabling it) means is that you must be EXPLICIT in specifying the
parent when you wish to resolve names there.

These settings are MERELY 'convenience features.

--
Herb Martin
vasja said:
Do you mean that I disable "Append parent suffixes of the primary DNS
Click to expand...
suffix" setting?
 
Back
Top