On Mon, Nov 28, 2011 at 9:51 AM, Greg Sweers <gswe...@acts360.com> wrote: > Sorry should have been more clear. The NSlookup is to the internal DC > server. When you try and query it comes up with service failure or > timeout.
Right, but the question is, do you get different behaviors depending on what name you query. If my DC/DNS server is 192.0.2.10, and my AD domain is <example.net.>, I would compare: nslookup example.net. 192.0.2.10 with nslookup google.com. 192.0.2.10 I'd also check a site unlikely to be cached, such as: nslookup purple.com. 192.0.2.10 I'd also run a query against an external resolver: nslookup google.com. 8.8.8.8 I'd also avoid NSLOOKUP and use DIG (you can get it from the ISC BIND distribution). NSLOOKUP is historically prone to giving bad diagnostics. I don't know if Microsoft has fixed their version, but DIG gives better information than NSLOOKUP even when both are working correctly. Example syntax: dig example.net. @192.0.2.10 > When you try and query it comes up with service failure or > timeout. Be aware that SERVFAIL is an actual DNS result code from a nameserver, while a timeout is NSLOOKUP getting tired of waiting for the nameserver to respond. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin