Re: nslookup fails

Hi Kevin I am confused at the purpose of putting a trailing dot behind a DNS
query.

--
Spin

"Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx> wrote in message
news:%23ZxM9%23UDGHA.3920@xxxxxxxxxxxxxxxxxxxxxxx
> hinarei <hinarei@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> that KB article refers to ISA 2000. Do you know if this is still
>> relevant in ISA 2004? If it is, I can't find what it's talking about
>
> I would supposed not, since it say the problem was fixed in ISA 2000 SP1.
>
> 1. Does this DNS server have a Forwarder configured?
>
> a. If a Forwarder is configured, does the forwarder allow recursive
> lookups?
>
> b. If the forwarder does not allow recursive lookups, remove that
> forwarder and use one that does, if you don't know one try 4.2.2.2.
>
> 2. Do you have "Do not use recursion" checked on the forwarders tab?
> a. If "Do not use recursion" is checked, from the DNS server machine
> run a query to the forwarders IP address using
> nslookup -d2 google.com. <ip-of-forwarder>
> (Notice the dot after the domain name, make sure you include the dot)
>
> b. If "Do not use recursion" is NOT checked run these queries
> against
> the IP of your DNS server. Does is return the NS records, and IP addresses
> for all NS records?
>
> nslookup -qtype=ns .
> and
> nslookup -qtype=ns google.com.
>
> Post the results of both queries and don't forget to include the dots.
> (the
> first query is making sure your DNS server can resolve the root servers to
> IP addresses, you may need to run the root query several times to resolve
> all the root servers to their IP addresses.
> You should get these for google.com.
> google.com nameserver = ns1.google.com
> google.com nameserver = ns2.google.com
> google.com nameserver = ns3.google.com
> google.com nameserver = ns4.google.com
>
> ns1.google.com internet address = 216.239.32.10
> ns2.google.com internet address = 216.239.34.10
> ns3.google.com internet address = 216.239.36.10
> ns4.google.com internet address = 216.239.38.10
>
> If the NS records are not returned for google.com. then your DNS server is
> unable to contact the com. parent servers to get the NS records for
> google.com. And is a possible mis-configuration of ISA.
>
> I want to compare them to what they are supposed to be. The root query may
> differ, depending on what root your DNS server resolves, default is the
> ICANN Root. Here is the ICANN Root:
>
> (root) nameserver = D.ROOT-SERVERS.NET
> (root) nameserver = E.ROOT-SERVERS.NET
> (root) nameserver = F.ROOT-SERVERS.NET
> (root) nameserver = G.ROOT-SERVERS.NET
> (root) nameserver = H.ROOT-SERVERS.NET
> (root) nameserver = I.ROOT-SERVERS.NET
> (root) nameserver = J.ROOT-SERVERS.NET
> (root) nameserver = K.ROOT-SERVERS.NET
> (root) nameserver = L.ROOT-SERVERS.NET
> (root) nameserver = M.ROOT-SERVERS.NET
> (root) nameserver = A.ROOT-SERVERS.NET
> (root) nameserver = B.ROOT-SERVERS.NET
> (root) nameserver = C.ROOT-SERVERS.NET
>
> D.ROOT-SERVERS.NET internet address = 128.8.10.90
> E.ROOT-SERVERS.NET internet address = 192.203.230.10
> F.ROOT-SERVERS.NET internet address = 192.5.5.241
> G.ROOT-SERVERS.NET internet address = 192.112.36.4
> H.ROOT-SERVERS.NET internet address = 128.63.2.53
> I.ROOT-SERVERS.NET internet address = 192.36.148.17
> J.ROOT-SERVERS.NET internet address = 192.58.128.30
> K.ROOT-SERVERS.NET internet address = 193.0.14.129
> L.ROOT-SERVERS.NET internet address = 198.32.64.12
> M.ROOT-SERVERS.NET internet address = 202.12.27.33
> A.ROOT-SERVERS.NET internet address = 198.41.0.4
> B.ROOT-SERVERS.NET internet address = 192.228.79.201
> C.ROOT-SERVERS.NET internet address = 192.33.4.12
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>


.

Relevant Pages

  • Re: Root hints with Forwarders?
    ... When configured with a forwarder, the DNS server will perform a recursive query; that is, it will forward the query to the forwarder then sit back and wait for the response. ...
    (microsoft.public.windows.server.dns)
  • Re: W2K3 - Forwarders/Root Hints
    ... When the DNS server receives a query, ... query using the primary and secondary zones that it hosts and its cache. ... The DNS server will wait briefly for an answer from the forwarder ... >>is the way to go due to the ISPs cache and faster resolution. ...
    (microsoft.public.windows.server.dns)
  • Re: Fowarder failover
    ... forward only configuration so no root queries. ... What I have found is the default forwarder query timeout - 5 seconds ... I don't believe you can configure Forwarders in a DNS server's properites using a GPO. ... GPOs set numerous options for users and computers, but not a Forwarder for a DNS server. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Issues and MS Exchange
    ... which is our DNS Server. ... A forwarder is not just for a specific machine, but a global setting for all ... Any machine will query for an outside domain name to your ... Ace ...
    (microsoft.public.exchange.admin)
  • Re: DNS Issues and MS Exchange
    ... which is our DNS Server. ... A forwarder is not just for a specific machine, but a global setting for all ... Any machine will query for an outside domain name to your ... Ace ...
    (microsoft.public.windows.server.general)