Re: DNS response for non-fqdn domain

Syafril Hermansyah wrote:
Hi there,

I am new to this list.
I would like to know how to change MS DNS (W2K3 or W2K)to response
NXDOMAIN instead of SERVFAIL when client query NON-FQDN domain just
like linux BIND did.

for example,
this query to BIND (expected response)
nslookup microsoft 192.168.1.10
Server: 192.168.1.10
Address: 192.168.1.10#53

** server can't find microsoft: SERVFAIL

syafril@server:~> nslookup microsoft 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find microsoft: NXDOMAIN

query to W2K3 DNS (no AD)

nslookup microsoft 192.168.1.10
Server: 192.168.1.10
Address: 192.168.1.10#53

** server can't find microsoft: SERVFAIL

Actually MS DNS is giving the correct response because the root servers
don't (or shouldn't) have A records for TLDs. So why should DNS query the
root for A records? The Root should only return NS or SOA records for TLDs,
which you didn't query for.

I believe this registry value still works, though I cannot be sure because
the DNS client and nslookup appends the DNS suffix search lists to non-FQDN,
apparently you don't have a DNS suffix search list, which would make this a
moot point. All you really need to do to get MS DNS to resolve single-label
names is to add a trailing "." to the query, which is what makes a name
fully-qualified.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
On the Edit menu, click Add Value, and then add the following registry
value:
Value Name: RecurseSingleLabel
Data Type: REG_DWORD
Value: 0 (Default)

When set to 0, DNS will not recurse Single Label Queries except NS and SOA
RR types,
setting RecurseSingleLabel to 1 will recurse all RR types.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: W2k DNS limitationload
    ... responsibility of the resolver to determine the kind of response it ... added sometime after W2k release in order to harden the DNS server ... >> William Stacey, MVP ...
    (microsoft.public.windows.server.dns)
  • Re: Secondary (backup) domain controller not working ?
    ... client side, as well as if the previous logon server and record was cached. ... is waiting for a response from the server. ... If the query sent to the first entry in the DNS ... As I mentioned, this is ALL based on the client side resolver, not the DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local machine - DNS issues?
    ... Response - DNS: 0x2623:Std Qry Resp. ... The request on the bad machine isn't a DNS request but a NETBIOS request. ... Stop the network traces and compare the results. ...
    (microsoft.public.win2000.networking)
  • Re: W2k DNS limitationload
    ... The request and the reply would be best (i.e. the ... William Stacey, MVP ... The application needs a recursive response from the DNS server ...
    (microsoft.public.windows.server.dns)
  • Re: Reverse DNS with Multiple Virtual Hosts
    ... Thanks for the response and detailed information, ... > public DNS, and it would be pointless besides simply because applications ... > reverse name for the sender's IP. ... > But if the receiving mail server is insisting that the reverse lookup map ...
    (microsoft.public.windows.server.dns)