Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nslookup problem

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kevindd992002
      last edited by

      Now, there's another weird thing that's going on with my DNS. There's nothing wrong with the setup in the dropbox picture I've posted here. Computers in the testlab LAN, when used with nslookup can properly resolve, say, www.google.com.

      On my other pfsense box, in another home, when I do nslookup on one of the computers in its LAN it appends the connection-specifc DNS suffix that its LAN connection has. Of course, if the computer gets its DHCP assignment from pfsense, pfsense will assign a connection-specific DNS suffix to it. So let's say, I do "nslookup www.google.com" it returns the result for www.google.com.domain.com, domain.com being my domain. I know that that happens when the address you query is unqualified. So if I query the complete FQDN with the "." in the end, "nslookup www.google.com.", then it gives me a good result. I thought there was nothing wrong with this but why is it not giving me the same behavior as the one above? Take note, the computers in the testlab LAN in the situation above is not in any domain and so they have the exact same setup as the situation in this paragraph.

      What gives?

      Ping works in every situation as it seems that it does not work the same way as nslookup.

      That's exactly the behavior I notice in the network in my home. I expect it to work that way (it will append the suffix) as what I've read in several websites say the same thing you layed out in your reply.

      This means that my test setup (the network diagram in dropbox) does not work right. Anybody have an idea what's going on here?

      EDIT: Oh and by the way, the cause for this issue is definitely not because of the nslookup version as I've used the same test machine on both networks in question as to avoid component differences

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        This looks to me like just the way whatever nslookup client you're using works.  There's nothing the server can do if the client is appending domain.com to its requests.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by

          Take note, the computers in the testlab LAN in the situation above is not in any domain and so they have the exact same setup as the situation in this paragraph.

          If the test lab systems have no domain-suffix then there will be no chance for nslookup to automagically append the domain suffix to a name.
          And thus nslookup will go straight for google.com when you tell it just google.com

          I guess in testlab the clients are not getting DHCP from pfSense, or you have it set up so pfSense DHCP on testlab is not giving out a domain suffix, or?

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • K Offline
            kevindd992002
            last edited by

            @Derelict:

            This looks to me like just the way whatever nslookup client you're using works.  There's nothing the server can do if the client is appending domain.com to its requests.

            I'm using the same computer (so same nslookup tool in cmd) and test it out on both networks and get different results.

            @phil.davis:

            Take note, the computers in the testlab LAN in the situation above is not in any domain and so they have the exact same setup as the situation in this paragraph.

            If the test lab systems have no domain-suffix then there will be no chance for nslookup to automagically append the domain suffix to a name.
            And thus nslookup will go straight for google.com when you tell it just google.com

            I guess in testlab the clients are not getting DHCP from pfSense, or you have it set up so pfSense DHCP on testlab is not giving out a domain suffix, or?

            The computers in the testlab LAN does get their DHCP info from pfsense and they do have a domain-suffix. This is why I'm not sure what's different between my testlab LAN and my home LAN because they both have domain-suffixes and get their DHCP stats from pfsense directly. But nslookup behaves differently on each of the networks.

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              Sounds like a question for someone who supports your operating system.  If everything is the same and it's behaving differently, there's not a lot else to look at but the nslookup program itself.

              That said, nslookup pretty much sucks.

              dig and, lately, drill are your friends if you're serious about troubleshooting DNS.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • N Offline
                NOYB
                last edited by

                If the clients are Windows, take a look at the NIC TCP advanced DNS properties.
                There are settings for appending the primary and connection specific DNS suffix and parent of primary.  As well as creating custom suffixes to append.

                Including the trailing dot (.) to the domain name should prevent appending any suffixes.

                1 Reply Last reply Reply Quote 0
                • K Offline
                  kevindd992002
                  last edited by

                  @NOYB:

                  If the clients are Windows, take a look at the NIC TCP advanced DNS properties.
                  There are settings for appending the primary and connection specific DNS suffix and parent of primary.  As well as creating custom suffixes to append.

                  Including the trailing dot (.) to the domain name should prevent appending any suffixes.

                  Same exact setup because it's the same exact computer I'm testing in two different networks.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.