+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 29
Wired Networks Thread, NSLOOKUP Failing in Technical; Hi folks, I'm trying to use NSLOOKUP on our Windows network to identify some PCs reported in our web filtering ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9

    Question NSLOOKUP Failing

    Hi folks,

    I'm trying to use NSLOOKUP on our Windows network to identify some PCs reported in our web filtering system (they're only reported by IP address) but it's not working - I get a "dnsserver.domain.local can't find X.X.X.X: Non-existent domain". (DNS server names and IP addresses have been changed to protect the innocent)

    There are relevant reverse lookup zones for the ranges in question on the DNS server, although at my level of knowledge I'm not sure if they have been setup correctly.

    As background my TCP/IP and DNS knowledge isn't great, but I know a bit at least.

    Anyone know where to start troubleshooting?

    TIA

  2. #2

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,954
    Thank Post
    109
    Thanked 482 Times in 331 Posts
    Blog Entries
    2
    Rep Power
    281
    This smells like a DNS suffix problem.

    Try NSLOOKUP interaactively.

    From a command line

    NSLOOKUP

    See what is says about the Default Server.
    Make sure there are no errors at this point.

    Now type
    SET DEBUG
    and then type BBC.CO.UK to check.
    See if there are any errors.

    Now try typing in a name of one of your servers, see what happens. Try it with the FQDN suffix and without.

    You can test the reverse-lookup resolution by typing in the IP address in the interactive session.
    Last edited by jinnantonnixx; 1st February 2012 at 10:49 AM.

  3. Thanks to jinnantonnixx from:

    Gongalong (1st February 2012)

  4. #3
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9
    Typing NSLOOKUP returns the DNS server, so that part seems ok.

    Typing bbc.co.uk returns bbc.co.uk with the domain suffix attached, and it fails to identify it.

    Typing in a FQ server name returns its IP address (along with other data).

    Typing in the IP address of said server then returns information about that, pretty much as per via its server name.

    Typing in the FQ name of a client PC returns its IP address (along with other data).

    Typing in the IP address of this client PC returns some data, but at the end of this I again get the "can't find" error with "Non-existent domain".

    So a problem with client PCs it seems. The client PCs are on DHCP, whereas the servers are using static addresses. Could this be related? Although an IPCONFIG /ALL for the client PC shows the correct IP address for the DNS server.

  5. #4

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,939
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    In your DHCP settings, properties of the server, DNS tab, are DNS dynamic updates enable and always allowed for DNS A and PTR records? FWIW I have all three checkboxes filled for my settings.

  6. Thanks to sonofsanta from:

    Gongalong (1st February 2012)

  7. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,954
    Thank Post
    109
    Thanked 482 Times in 331 Posts
    Blog Entries
    2
    Rep Power
    281
    Typing in the IP address of this client PC returns some data, but at the end of this I again get the "can't find" error with "Non-existent domain".
    That means that there's no reverse record (PTR) for that particular computer.

    I suggest that your DHCP is not creating PTR records for its clients.

  8. Thanks to jinnantonnixx from:

    Gongalong (1st February 2012)

  9. #6
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9
    I can only see relevant property pages for the actual scope, but I assume that's OK? (it's a 2008 R2 server)

    Under the DNS tab the following options are selected:

    - Dynamically update DNS A and PTR records only if requested by the DHCP clients.
    - Discard A and PTR records when lease is deleted.

    The following aren't selected:

    - Always dynamically update DNS A and PTR records.
    - Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0).

    FWIW the affected clients are Win 7, as are most PCs here.

    Should I select the two that aren't selected? Could it cause anything to "go bang"?

  10. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,939
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Yeah give it a go, it won't make anything go wrong, and as far as I know it's not a security risk either - it certainly sounds like the PTR records are the problem, and if the issue is specific to DHCP clients, it seems a pretty good guess for the cause of the problem.

    I can set the DNS on the server and on the scope, but if you only have one scope on a server anyway, it won't matter where you set it. I imagine scope would override server settings so may as well set it there.

  11. Thanks to sonofsanta from:

    Gongalong (1st February 2012)

  12. #8

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,954
    Thank Post
    109
    Thanked 482 Times in 331 Posts
    Blog Entries
    2
    Rep Power
    281
    Quote Originally Posted by Gongalong View Post

    Should I select the two that aren't selected? Could it cause anything to "go bang"?
    1. Yes.
    2. I don't think so.

  13. Thanks to jinnantonnixx from:

    Gongalong (1st February 2012)

  14. #9
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9
    Ta. Will do it and advise if things go bang

  15. #10

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,939
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Quote Originally Posted by Gongalong View Post
    Ta. Will do it and advise if things go bang
    You might have to renew the DHCP lease to test if it's fixed - find a machine that you can replicate the problem on now, run ipconfig /renew at the command prompt on that machine, and then test again. If it works, the entire problem should then be fixed in 4 days, assuming a default configuration on your DHCP scope and no other problems prevent updates at the 50% mark of the lease.

  16. Thanks to sonofsanta from:

    Gongalong (1st February 2012)

  17. #11
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20
    One thing I notice that keeps getting missed is the need to setup a reverse dns zone for a new subnet. Are the clients on a different subnet to the servers? Is there a reverse zone setup for it? I will edit this post in a minute and add an image of my test dns setup so you can see what I mean.

    DNS Reverse Zone.JPG

    You need one of these reverse zones for each relevant subnet, and this is where the pointer records are stored. I only have one for this test environment, but a production environment will have more. As the ptr records for the servers exist and the clients don't then if the subnets are different, this could be causing the problem

    HTH

    Jonathan
    Last edited by ArchersIT; 1st February 2012 at 12:23 PM. Reason: Added Image, and then clarified text

  18. Thanks to ArchersIT from:

    Gongalong (1st February 2012)

  19. #12
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9
    There are two reverse zones, although it looks like we require a third for another subnet. Certainly PCs I was running NSLOOKUP on were within the subnets already setup.

  20. #13
    ArchersIT's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire
    Posts
    114
    Thank Post
    14
    Thanked 24 Times in 20 Posts
    Rep Power
    20
    Hmmm - can you do some screenshots or text file copies of what you are seeing when you run your NSLOOKUP and IPCONFIG commands? I know some people are worried about names and IP addresses, so please feel free to edit if you need to. I would investgate the following (with results from my test network)

    Code:
    C:\Users\jonathan>nslookup
    Default Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    Any timeouts or failed lookups here should be investigated

    Then type in the name of the machine (FQDN if the DNS suffixes are not in place)
    Code:
    > jon-win8
    Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    
    Name:    jon-win8.jonathan.local
    Address:  192.168.101.17
    The first line shows you the dns server resolving it and the second the resolved name

    You should then be able to put in the IP address as follows:
    Code:
    > 192.168.101.17
    Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    
    Name:    jon-win8.jonathan.local
    Address:  192.168.101.17
    If you do not have a reverse DNS zone setup, then you get the following (note the change to the IP address I am looking up)

    Code:
    > 192.168.10.17
    Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    
    *** jon-dc01.jonathan.local can't find 192.168.10.17: Non-existent domain
    But you will also get this message if the DNS zone is setup but the IP address is not registered. To help with deciding this, I would turn debug mode on so you can see where the response is coming from:

    Code:
    > set debug
    If there is no reverse DNS zone then it will look as follows

    Code:
    > 192.168.10.17
    Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 7, rcode = NXDOMAIN
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0
    
        QUESTIONS:
            17.10.168.192.in-addr.arpa, type = PTR, class = IN
        AUTHORITY RECORDS:
        ->  168.192.in-addr.arpa
            ttl = 749 (12 mins 29 secs)
            primary name server = prisoner.iana.org
            responsible mail addr = hostmaster.root-servers.org
            serial  = 1
            refresh = 604800 (7 days)
            retry   = 60 (1 min)
            expire  = 604800 (7 days)
            default TTL = 604800 (7 days)
    
    ------------
    *** jon-dc01.jonathan.local can't find 192.168.10.17: Non-existent domain
    As you can see, it has looked out onto the internet in an attempt to resolve it. If the DNS record is just not being registered, you will see the following:

    Code:
    > 192.168.101.99
    Server:  jon-dc01.jonathan.local
    Address:  192.168.101.1
    
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 9, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0
    
        QUESTIONS:
            99.101.168.192.in-addr.arpa, type = PTR, class = IN
        AUTHORITY RECORDS:
        ->  101.168.192.in-addr.arpa
            ttl = 3600 (1 hour)
            primary name server = jon-dc01.jonathan.local
            responsible mail addr = hostmaster.jonathan.local
            serial  = 26
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)
    
    ------------
    *** jon-dc01.jonathan.local can't find 192.168.101.99: Non-existent domain
    Here, you can see it is still being resolved locally, but not finding anything.

    If the results are similar to the second one, then you need to look at the DNS settings on the client to see where it thinks it should be trying to register it. You can also force it by ipconfig/registerdns (on the client)

    Jonathan

  21. #14
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    868
    Thank Post
    776
    Thanked 17 Times in 15 Posts
    Rep Power
    9
    Quote Originally Posted by sonofsanta View Post
    If it works, the entire problem should then be fixed in 4 days, assuming a default configuration on your DHCP scope and no other problems prevent updates at the 50% mark of the lease.
    If all our machines are rebooted every day, would it still take 4 days?

  22. #15

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,939
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    Quote Originally Posted by Gongalong View Post
    If all our machines are rebooted every day, would it still take 4 days?
    AFAIK, DHCP leases are for 8 days by default and the computer first tries to renew it at the halfway mark, although you can force it with ipconfig /renew at the command prompt. If it's not urgent though I'd just try that to test it and then wait for the computers to naturally renew their lease.

  23. Thanks to sonofsanta from:

    Gongalong (2nd February 2012)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. nslookup failing
    By sparkeh in forum Wireless Networks
    Replies: 2
    Last Post: 9th January 2009, 12:28 PM
  2. Sims failing to load
    By snakepottery in forum Windows
    Replies: 3
    Last Post: 8th January 2006, 11:27 PM
  3. Delayed Write Failed when saving over a network
    By indiegirl in forum Wireless Networks
    Replies: 15
    Last Post: 4th November 2005, 10:21 AM
  4. failed redundancy - what to do?
    By browolf in forum Hardware
    Replies: 3
    Last Post: 2nd November 2005, 08:59 AM
  5. Replies: 18
    Last Post: 14th October 2005, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •