Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple .com.com on nslookup

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rands.rodriguez
      last edited by

      Hi there,

      I have this strange behavior in my nslookup:

      Microsoft Windows
      © 2012 Microsoft Corporation. All rights reserved.

      C:\Users\Administrator>nslookup
      Default Server:  UnKnown
      Address:  192.168.0.11

      microsoft.com
      Server:  UnKnown
      Address:  192.168.0.11

      Non-authoritative answer:
      Name:    microsoft.com.com.ph
      Address:  62.116.143.23

      www.microsoft.com
      Server:  UnKnown
      Address:  192.168.0.11

      Non-authoritative answer:
      Name:    www.microsoft.com.com.ph
      Address:  62.116.143.23

      I dont know if this causes why my browsing is slow and sometimes unable to browse some pages on the internet.

      I hope you could help me.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        nslookup (at least on Windows) adds your domain suffix automatically to whatever you type. It does not try and guess that you already ended in a top-level domain name like ".com".
        You have to put the, often unseen and assumed, root domain "." at the end. Do:

        nslookup microsoft.com.
        

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R
          rands.rodriguez
          last edited by

          I see, so that means this is normal right?

          1 Reply Last reply Reply Quote 0
          • R
            rands.rodriguez
            last edited by

            C:\Users\CORP>nslookup www.microsoft.com
            Server:  UnKnown
            Address:  192.168.0.11

            Non-authoritative answer:
            Name:    www.microsoft.com.com.ph
            Address:  62.116.143.24

            C:\Users\CORP>nslookup www.microsoft.com.
            Server:  UnKnown
            Address:  192.168.0.11

            Non-authoritative answer:
            Name:    lb1.www.ms.akadns.net
            Address:  134.170.188.84
            Aliases:  www.microsoft.com
                      toggle.www.ms.akadns.net
                      g.www.ms.akadns.net

            C:\Users\CORP>

            just curious why they have different result?

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              If you are pointing to some "special" DNS server from pfSense then, for unknown names like www.microsoft.com.com.ph it might return the address of some search server or standard "site not found" or… rather than returning NXDOMAIN (not found). For example, I use DynDNS and their "Internet Guide" filter. I put in some rubbish name:

              nslookup cqlry.com.
              Non-authoritative answer:
              Name:    cqlry.com
              Address:  69.16.143.63
              

              That address is actually for http://searchassist.dyndns.com which brings up some suggestions in a browser.
              So, depending on the public DNS that you use, you may still get answers to names that do not exist - the answers direct you to some search assistant thing.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                The default search domain + wildcard DNS on that domain can produce wacky results such as what you observe here.

                If you change the domain on the firewall to one that does not have wildcard DNS active, it would probably work fine.

                Either that, or your DNS server is returning the IP for a "search" page rather than a proper NXDOMAIN.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  While your fixing this I would also setup your reverse zone for your rfc1918 address so you don't get this for your dns server

                  Server:  UnKnown
                  Address:  192.168.0.11

                  if you have PTR for your network you would get something like this the IP of your dns server

                  C:>nslookup
                  Default Server:  pfsense.local.lan
                  Address:  192.168.1.253

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.