NSLOOKUP command not resolving internet address

We had a problem resolving URLs and began using the NSLOOKUP command to debug the problem.

NSLOOKUP looks up the IP address of an URL using the DNS servers assigned to your network card.

This was in a Windows Active Directory environment so NSLOOKUP will send your request to the local DNS server – usually that serve,r if it cannot resolve the address, will go to the internet and get the address from your ISPs DNS server or specific DNS servers that you have allocated on your primary internet connection.

For example:

NSLOOKUP www.bbc.co.uk

Should return the IP address of the BBC web server, usually: 212.58.244.71

But it was returning instead:

Non-authoritative answer:
Name:    www.bbc.co.uk.CO.UK
Address:  67.215.65.132

The IP address returned is our external DNS provider’s default web page when it cannot resolve an IP address (in our case OpenDNS).

With the NSLOOKUP debug commands you can look more closely at the DNS conversation:

NSLOOKUP -d2 www.bbc.co.uk

This command will return a plethora of information but if you look closely it begins to make sense. In this case the address was attempted to be resolved on our local DNS servers and then when it couldn’t resolve it passed the query onto the external OpenDNS servers but, before it did this, it added the .CO.UK suffix.

This occurs because the local DNS server firstly adds the local domain so that it looks up e.g.: www.bbc.co.uk.adroot.yourdomain.co.uk

This does not resolve so it then drops the first part of your domain and tries again e.g.: www.bbc.co.uk.yourdomain.co.uk

This does not resolve so it then tries to drop the last part of your domain e.g.: www.bbc.co.uk.co.uk

Because this address is now outside your domain it sends the request off to the internet e.g. OpenDNS servers. Of course these DNS servers cannot resolve the address so it drops it and pushes back a fail or their default web page.

This is all by design. To resolve the address you need to remember to add a dot to the end of your request:

NSLOOKUP www.bbc.co.uk.

The dot tells the local DNS server not to attempt to resolve by adding the local domain – it immediately just tries to resolve www.bbc.co.uk and because it is not in your domain it sends the request to your internet DNS which resolves it successfully.

Use: NSLOOKUP -d2 www.bbc.co.uk. and you will see the difference.

 

 

Advertisements

Author: James

IT Manager - Network, Web coding, MS SQL and Online Mapping expert

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s