nslookup server name changes now and again

  • Thread starter Thread starter mmac
  • Start date Start date
M

mmac

When I type nslookup, the server name changes to a couple of my web site
domain names that I host. the IP is correct just the name changed. This is
probably because I recently changed to "host headers" and removed the IP
entries from the nic card and added them to DNS. But it seems I added them
to one too many places?
The entries on dns are under www , but are also under "same as parent
folder. Should it be there as well?
 
In
mmac said:
When I type nslookup, the server name changes to a couple of my web
site domain names that I host. the IP is correct just the name
changed. This is probably because I recently changed to "host
headers" and removed the IP entries from the nic card and added them
to DNS. But it seems I added them to one too many places?
The entries on dns are under www , but are also under "same as parent
folder. Should it be there as well?
Click to expand...

Hi Michael!!

Michael, it seems that if you consolidated all those IPs you once had into
one IP and using host headers, then the behavior you're seeing would be
normal, since there are many reverse entries for the one IP. Make sense?




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Michael,
The PTR record registered for the DNS server's IP address is resposible for this name. Update this record with the name you'd like to appear there and this
will solve the issue.

Thank you,
Mike Johnston
Microsoft Network Support


--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
m> Should it be there as well?

You tell us.

The DNS database contains (amonst other things) two sets of mappings: a set of
mappings from domain names to (zero or more) IP addresses and a set of
mappings from IP addresses to (zero or more) domain names. What those
mappings actually are is entirely up to you, the DNS administrator.

Microsoft's DNS server provides a convenient mechanism such that if one is
entering a name->address mapping into the DNS database, the software will
automatically enter the inverse address->name mapping at the same time. This
is what the "Create associated pointer record" option controls. When you
added the "A" resource records for your web site domain names, mapping them to
your server's IP address, you had this option enabled and the software
automatically added a mapping from that IP address back to the web site domain
name. You'll find that if you perform an address->name lookup there are
probably quite a lot of mappings from that address to all of the different web
site domain names whose name->address mappings you entered.

Such an address->name lookup is exactly what the "nslookup" tool is doing.
One of the bad aspects of its design (that make it such a poor tool to use) is
that it performs an address->name lookup on the IP address of the DNS server
that it is querying, and displays the (first of the) domain name(s) that
result(s) from that lookup.

It doesn't really matter that what "nslookup" displays is surprising.
"nslookup" is a highly flawed tool, for this and for other reasons, and for
DNS diagnosis nearly every one of the regulars in every DNS software/protocol
discussion forum (with one lone exception) recommends that one use one of the
several better tools for the job that are widely available. What "nslookup"
does should be irrelevant.

However, what should matter is if _something else_, such as someone else's
SMTP Relay server, performs address->name lookups against your IP address.
You should ensure that the results that that something receives - the list of
domain names that the IP address maps to - are what you intend them to be. In
other words: You should only enable the "Create associated pointer record"
option if adding the inverse address->name mapping to your DNS database is
what you _actually intend_ to do. And you should edit the existing content of
your DNS database to excise the "PTR" resource records, that you have
_already_ added, that you don't actually intend to be there.
 
Hi Ace!
well, it almost makes sense that it responds that way, but at the same time
it doesn't seem right. To my mind, the NS record should be the name that
nslookup shows, not a website name that happens to share the IP. It seems
that I have traded... I used to type IPconfig and get a huge list of IP's
because they are on my Nic, now that list becomes a list of NS's?
mmac



"Ace Fekay [MVP]"
 
That makes me think that I should remove all the other reverse lookup ptr
records that exist with the website IP's using "host headers". Is that
right?


Michael Johnston said:
Michael,
The PTR record registered for the DNS server's IP address is resposible
Click to expand...
for this name. Update this record with the name you'd like to appear there
and this
will solve the issue.

Thank you,
Mike Johnston
Microsoft Network Support
Click to expand...
rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
Click to expand...
message are best directed to the newsgroup/thread from which they
originated.
 
That was fairly clear, thank you. You are correct that users outside the
lan have no problem reaching where they need to go and "dnsreports" shows
all the proper information, so I must be OK.
What tools do the pros use instead of nslookup?

If I read you correctly, can I assume that no one would lookup a web
site by IP normally anyway, so the ptr records created (in exactly the
manner you specify) are useless?
When IS a reverse lookup necessary?
 
If I read you correctly, can I assume that no one would lookup a web
site by IP normally anyway, so the ptr records created (in exactly the
manner you specify) are useless?
Click to expand...

Right, that would be unlikely.
When IS a reverse lookup necessary?
Click to expand...

When some specific application requires it -- there really isn't
a better answer except to list items that do this, like some
SMTP servers require that the SMTP and the reverse of the
IP match.

The other "class example" many people experienced was when
128-bit encryption was not allowed for export (by law) and the
MS web site wouldn't let you download these updates unless
your client machine reverse to a North American (ISP) physical
address -- This wasn't perfect so you also had to fill out a form,
promise your first born, etc....

For years most machines on the Internet could get along quite
nicely without reverse records -- Most? Almost all from a
percentage perspective.
 
Thank you all very much


Herb Martin said:
Right, that would be unlikely.


When some specific application requires it -- there really isn't
a better answer except to list items that do this, like some
SMTP servers require that the SMTP and the reverse of the
IP match.

The other "class example" many people experienced was when
128-bit encryption was not allowed for export (by law) and the
MS web site wouldn't let you download these updates unless
your client machine reverse to a North American (ISP) physical
address -- This wasn't perfect so you also had to fill out a form,
promise your first born, etc....

For years most machines on the Internet could get along quite
nicely without reverse records -- Most? Almost all from a
percentage perspective.
Click to expand...
 
m> What tools do the pros use instead of nslookup?

It's not just "the pros" that discard "nslookup" in favour of far better
tools.

One set of tools for DNS diagnosis that will run on Microsoft Windows NT
XP/2000/4 are the tools that come with the Win32 port of ISC's BIND: "dig",
"host", and "dnsquery". (One doesn't have to install and run the DNS server
proper in order to use the accompanying toolset.)

<URL:ftp://ftp.isc.org./isc/bind/contrib/ntbind-9.2.2/>

m> If I read you correctly, can I assume that no one would lookup
m> a web site by IP normally anyway, so the ptr records created
m> (in exactly the manner you specify) are useless?

"Looking up a web site by IP" is unrelated to "PTR" resource records. A URL
that uses a human-readable IP address, such as <URL:http://0.0.0.0/>, doesn't
involve DNS lookups at all, since the web browser already has the IP address
that it is to contact.

"PTR" resource records are used in reverse lookups, address->name mappings.
They are used by softwares that have an IP address and, for whatever reason,
want to map that to a domain name. (Some softwares do this in order to
present their network logs to humans. Others do it for Half-Baked "security"
reasons.)

m> When IS a reverse lookup necessary?

Herb's answer to this question pretty much covers it.

I only add that SMTP Relay servers that perform address->name mappings do so
in the name of "security", but this measure is in fact another Half-Baked Idea
from the Half-Baked Ideas Brigade. It doesn't actually increase security at
all. (An attacker who has enough access to create a TCP connection with a
forged source IP address has more than enough access to foil this Half-Baked
Idea.) If any of _your_ SMTP Relay servers perform such address->name
mappings in the name of security, you are better off disabling it (to reduce
the concomitant DNS load - which can be quite significant) and writing
whatever ACLs your SMTP Relay server has in terms of IP addresses, not domain
names.
 
Back
Top