Multiple .com.com on nslookup



  • Hi there,

    I have this strange behavior in my nslookup:

    Microsoft Windows
    © 2012 Microsoft Corporation. All rights reserved.

    C:\Users\Administrator>nslookup
    Default Server:  UnKnown
    Address:  192.168.0.11

    microsoft.com
    Server:  UnKnown
    Address:  192.168.0.11

    Non-authoritative answer:
    Name:    microsoft.com.com.ph
    Address:  62.116.143.23

    www.microsoft.com
    Server:  UnKnown
    Address:  192.168.0.11

    Non-authoritative answer:
    Name:    www.microsoft.com.com.ph
    Address:  62.116.143.23

    I dont know if this causes why my browsing is slow and sometimes unable to browse some pages on the internet.

    I hope you could help me.



  • nslookup (at least on Windows) adds your domain suffix automatically to whatever you type. It does not try and guess that you already ended in a top-level domain name like ".com".
    You have to put the, often unseen and assumed, root domain "." at the end. Do:

    nslookup microsoft.com.
    


  • I see, so that means this is normal right?



  • C:\Users\CORP>nslookup www.microsoft.com
    Server:  UnKnown
    Address:  192.168.0.11

    Non-authoritative answer:
    Name:    www.microsoft.com.com.ph
    Address:  62.116.143.24

    C:\Users\CORP>nslookup www.microsoft.com.
    Server:  UnKnown
    Address:  192.168.0.11

    Non-authoritative answer:
    Name:    lb1.www.ms.akadns.net
    Address:  134.170.188.84
    Aliases:  www.microsoft.com
              toggle.www.ms.akadns.net
              g.www.ms.akadns.net

    C:\Users\CORP>

    just curious why they have different result?



  • If you are pointing to some "special" DNS server from pfSense then, for unknown names like www.microsoft.com.com.ph it might return the address of some search server or standard "site not found" or… rather than returning NXDOMAIN (not found). For example, I use DynDNS and their "Internet Guide" filter. I put in some rubbish name:

    nslookup cqlry.com.
    Non-authoritative answer:
    Name:    cqlry.com
    Address:  69.16.143.63
    

    That address is actually for http://searchassist.dyndns.com which brings up some suggestions in a browser.
    So, depending on the public DNS that you use, you may still get answers to names that do not exist - the answers direct you to some search assistant thing.


  • Rebel Alliance Developer Netgate

    The default search domain + wildcard DNS on that domain can produce wacky results such as what you observe here.

    If you change the domain on the firewall to one that does not have wildcard DNS active, it would probably work fine.

    Either that, or your DNS server is returning the IP for a "search" page rather than a proper NXDOMAIN.


  • LAYER 8 Global Moderator

    While your fixing this I would also setup your reverse zone for your rfc1918 address so you don't get this for your dns server

    Server:  UnKnown
    Address:  192.168.0.11

    if you have PTR for your network you would get something like this the IP of your dns server

    C:>nslookup
    Default Server:  pfsense.local.lan
    Address:  192.168.1.253


Log in to reply