NSLOOKUP Failing

[Gongalong]

Hi folks,

I'm trying to use NSLOOKUP on our Windows network to identify some PCs reported in our web filtering system (they're only reported by IP address) but it's not working - I get a "dnsserver.domain.local can't find X.X.X.X: Non-existent domain". (DNS server names and IP addresses have been changed to protect the innocent)

There are relevant reverse lookup zones for the ranges in question on the DNS server, although at my level of knowledge I'm not sure if they have been setup correctly.

As background my TCP/IP and DNS knowledge isn't great, but I know a bit at least.

Anyone know where to start troubleshooting?

TIA

[jinnantonnixx]

This smells like a DNS suffix problem.

Try NSLOOKUP interaactively.

From a command line

NSLOOKUP

See what is says about the Default Server.
Make sure there are no errors at this point.

Now type
SET DEBUG
and then type BBC.CO.UK to check.
See if there are any errors.

Now try typing in a name of one of your servers, see what happens. Try it with the FQDN suffix and without.

You can test the reverse-lookup resolution by typing in the IP address in the interactive session.

[Gongalong]

Typing NSLOOKUP returns the DNS server, so that part seems ok.

Typing bbc.co.uk returns bbc.co.uk with the domain suffix attached, and it fails to identify it.

Typing in a FQ server name returns its IP address (along with other data).

Typing in the IP address of said server then returns information about that, pretty much as per via its server name.

Typing in the FQ name of a client PC returns its IP address (along with other data).

Typing in the IP address of this client PC returns some data, but at the end of this I again get the "can't find" error with "Non-existent domain".

So a problem with client PCs it seems. The client PCs are on DHCP, whereas the servers are using static addresses. Could this be related? Although an IPCONFIG /ALL for the client PC shows the correct IP address for the DNS server.

[sonofsanta]

In your DHCP settings, properties of the server, DNS tab, are DNS dynamic updates enable and always allowed for DNS A and PTR records? FWIW I have all three checkboxes filled for my settings.

[jinnantonnixx]

Typing in the IP address of this client PC returns some data, but at the end of this I again get the "can't find" error with "Non-existent domain".

That means that there's no reverse record (PTR) for that particular computer.

I suggest that your DHCP is not creating PTR records for its clients.

[Gongalong]

I can only see relevant property pages for the actual scope, but I assume that's OK? (it's a 2008 R2 server)

Under the DNS tab the following options are selected:

- Dynamically update DNS A and PTR records only if requested by the DHCP clients.
- Discard A and PTR records when lease is deleted.

The following aren't selected:

- Always dynamically update DNS A and PTR records.
- Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0).

FWIW the affected clients are Win 7, as are most PCs here.

Should I select the two that aren't selected? Could it cause anything to "go bang"?

[sonofsanta]

Yeah give it a go, it won't make anything go wrong, and as far as I know it's not a security risk either - it certainly sounds like the PTR records are the problem, and if the issue is specific to DHCP clients, it seems a pretty good guess for the cause of the problem.

I can set the DNS on the server and on the scope, but if you only have one scope on a server anyway, it won't matter where you set it. I imagine scope would override server settings so may as well set it there.

[jinnantonnixx]

Should I select the two that aren't selected? Could it cause anything to "go bang"?

1. Yes.
2. I don't think so.

[Gongalong]

Ta. Will do it and advise if things go bang

[sonofsanta]

Ta. Will do it and advise if things go bang

You might have to renew the DHCP lease to test if it's fixed - find a machine that you can replicate the problem on now, run ipconfig /renew at the command prompt on that machine, and then test again. If it works, the entire problem should then be fixed in 4 days, assuming a default configuration on your DHCP scope and no other problems prevent updates at the 50% mark of the lease.

[ArchersIT]

One thing I notice that keeps getting missed is the need to setup a reverse dns zone for a new subnet. Are the clients on a different subnet to the servers? Is there a reverse zone setup for it? I will edit this post in a minute and add an image of my test dns setup so you can see what I mean.

DNS Reverse Zone.JPG

You need one of these reverse zones for each relevant subnet, and this is where the pointer records are stored. I only have one for this test environment, but a production environment will have more. As the ptr records for the servers exist and the clients don't then if the subnets are different, this could be causing the problem

HTH

Jonathan

[Gongalong]

There are two reverse zones, although it looks like we require a third for another subnet. Certainly PCs I was running NSLOOKUP on were within the subnets already setup.

[ArchersIT]

Hmmm - can you do some screenshots or text file copies of what you are seeing when you run your NSLOOKUP and IPCONFIG commands? I know some people are worried about names and IP addresses, so please feel free to edit if you need to. I would investgate the following (with results from my test network)

Code:

C:\Users\jonathan>nslookup
Default Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

Any timeouts or failed lookups here should be investigated

Then type in the name of the machine (FQDN if the DNS suffixes are not in place)

Code:

> jon-win8
Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

Name:    jon-win8.jonathan.local
Address:  192.168.101.17

The first line shows you the dns server resolving it and the second the resolved name

You should then be able to put in the IP address as follows:

Code:

> 192.168.101.17
Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

Name:    jon-win8.jonathan.local
Address:  192.168.101.17

If you do not have a reverse DNS zone setup, then you get the following (note the change to the IP address I am looking up)

Code:

> 192.168.10.17
Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

*** jon-dc01.jonathan.local can't find 192.168.10.17: Non-existent domain

But you will also get this message if the DNS zone is setup but the IP address is not registered. To help with deciding this, I would turn debug mode on so you can see where the response is coming from:

Code:

> set debug

If there is no reverse DNS zone then it will look as follows

Code:

> 192.168.10.17
Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        17.10.168.192.in-addr.arpa, type = PTR, class = IN
    AUTHORITY RECORDS:
    ->  168.192.in-addr.arpa
        ttl = 749 (12 mins 29 secs)
        primary name server = prisoner.iana.org
        responsible mail addr = hostmaster.root-servers.org
        serial  = 1
        refresh = 604800 (7 days)
        retry   = 60 (1 min)
        expire  = 604800 (7 days)
        default TTL = 604800 (7 days)

------------
*** jon-dc01.jonathan.local can't find 192.168.10.17: Non-existent domain

As you can see, it has looked out onto the internet in an attempt to resolve it. If the DNS record is just not being registered, you will see the following:

Code:

> 192.168.101.99
Server:  jon-dc01.jonathan.local
Address:  192.168.101.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 9, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        99.101.168.192.in-addr.arpa, type = PTR, class = IN
    AUTHORITY RECORDS:
    ->  101.168.192.in-addr.arpa
        ttl = 3600 (1 hour)
        primary name server = jon-dc01.jonathan.local
        responsible mail addr = hostmaster.jonathan.local
        serial  = 26
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
*** jon-dc01.jonathan.local can't find 192.168.101.99: Non-existent domain

Here, you can see it is still being resolved locally, but not finding anything.

If the results are similar to the second one, then you need to look at the DNS settings on the client to see where it thinks it should be trying to register it. You can also force it by ipconfig/registerdns (on the client)

Jonathan

[Gongalong]

If it works, the entire problem should then be fixed in 4 days, assuming a default configuration on your DHCP scope and no other problems prevent updates at the 50% mark of the lease.

If all our machines are rebooted every day, would it still take 4 days?

[sonofsanta]

If all our machines are rebooted every day, would it still take 4 days?

AFAIK, DHCP leases are for 8 days by default and the computer first tries to renew it at the halfway mark, although you can force it with ipconfig /renew at the command prompt. If it's not urgent though I'd just try that to test it and then wait for the computers to naturally renew their lease.