Ping a Specific Port

Question

Stuggi

Asked: 2018-09-13 04:00:08 +0800 CST2018-09-13 04:00:08 +0800 CST 2018-09-13 04:00:08 +0800 CST

Microsoft DNS behaving strangely

772

I'm having this peculiar issue with Microsoft DNS.

Basically, we have domain.com that's a split horizon setup (external public DNS and internal DNS are both authoritative for separate zones), don't ask me why, it was like this when I got here.

In this AD we have 3 domain controllers, serving as DNS servers for the internal zones. On top of this, we have 2 DNS servers that forwards queries to these AD servers, and cache the results.

Additionally, we have another domain, example.com that's only in our external public DNS servers.

Now to the problem; AD servers have taken an issue with the name subdomain.example.com. The return queries with "domain name can't be found", as an authoritative server does when it doesn't have a record. However, the DNS forwarders for clients do resolve the query.

Externally everything works fine, subdomain.example.com resolves as it should to a CNAME for www3.domain.com

However, the problem is not with the whole zone, it's only with that specific subdomain. www.example.com resolves both internally and externally as a CNAME for www3.domain.com.

So, how can a DNS server that's not authoritative for a zone reply that a record can't be found?

As a workaround, I created a new zone for subdomain.example.com and added an A record that's identical with the one for www3.domain.com. And an hour later this record was gone?

I'm close to giving up and becoming a goat farmer. :)

1 Answers

Voted

duct_tape_coder · Answer 1 · 2018-09-29T08:35:18+08:00

I'm having trouble understanding your flow from the description but...

I would encourage you to have separate recursive and authoritative servers for your domain on the external side and have the internal DCs point to the external recursive servers with server forwarding.

This setup is commonly referred to as split DNS. One advantage is that you can force internal clients to respond to certain addresses differently than external clients. The other advantage is you can more easily troubleshoot the flow of DNS.

To answer your question, a server that's not authoritative for a zone can say the record is not found if it couldn't find an authoritative answer for the zone. You may have a problem with your DC DNS being unable to perform recursive look ups. Ensure that the server forwarding on the DCs is enabled and goes to the recursive DNS servers. Then make sure the Recursive servers utilize the Global Hints correctly.

You can play around with NSlookup, setting the server with server = IP command and testing each server in turn for what it can see.

Microsoft DNS behaving strangely

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?