Multiple .com.com on nslookup
-
Hi there,
I have this strange behavior in my nslookup:
Microsoft Windows
2012 Microsoft Corporation. All rights reserved.C:\Users\Administrator>nslookup
Default Server: UnKnown
Address: 192.168.0.11microsoft.com
Server: UnKnown
Address: 192.168.0.11Non-authoritative answer:
Name: microsoft.com.com.ph
Address: 62.116.143.23www.microsoft.com
Server: UnKnown
Address: 192.168.0.11Non-authoritative answer:
Name: www.microsoft.com.com.ph
Address: 62.116.143.23I dont know if this causes why my browsing is slow and sometimes unable to browse some pages on the internet.
I hope you could help me.
-
nslookup (at least on Windows) adds your domain suffix automatically to whatever you type. It does not try and guess that you already ended in a top-level domain name like ".com".
You have to put the, often unseen and assumed, root domain "." at the end. Do:nslookup microsoft.com.
-
I see, so that means this is normal right?
-
C:\Users\CORP>nslookup www.microsoft.com
Server: UnKnown
Address: 192.168.0.11Non-authoritative answer:
Name: www.microsoft.com.com.ph
Address: 62.116.143.24C:\Users\CORP>nslookup www.microsoft.com.
Server: UnKnown
Address: 192.168.0.11Non-authoritative answer:
Name: lb1.www.ms.akadns.net
Address: 134.170.188.84
Aliases: www.microsoft.com
toggle.www.ms.akadns.net
g.www.ms.akadns.netC:\Users\CORP>
just curious why they have different result?
-
If you are pointing to some "special" DNS server from pfSense then, for unknown names like www.microsoft.com.com.ph it might return the address of some search server or standard "site not found" or… rather than returning NXDOMAIN (not found). For example, I use DynDNS and their "Internet Guide" filter. I put in some rubbish name:
nslookup cqlry.com. Non-authoritative answer: Name: cqlry.com Address: 69.16.143.63
That address is actually for http://searchassist.dyndns.com which brings up some suggestions in a browser.
So, depending on the public DNS that you use, you may still get answers to names that do not exist - the answers direct you to some search assistant thing. -
The default search domain + wildcard DNS on that domain can produce wacky results such as what you observe here.
If you change the domain on the firewall to one that does not have wildcard DNS active, it would probably work fine.
Either that, or your DNS server is returning the IP for a "search" page rather than a proper NXDOMAIN.
-
While your fixing this I would also setup your reverse zone for your rfc1918 address so you don't get this for your dns server
Server: UnKnown
Address: 192.168.0.11if you have PTR for your network you would get something like this the IP of your dns server
C:>nslookup
Default Server: pfsense.local.lan
Address: 192.168.1.253