On Mon, Nov 28, 2011 at 9:51 AM, Greg Sweers <gswe...@acts360.com> wrote:
> Sorry should have been more clear. The NSlookup is to the internal DC
> server. When you try and query it comes up with service failure or
> timeout.
Right, but the question is, do you get different behaviors depending
on what name you query. If my DC/DNS server is 192.0.2.10, and my AD
domain is <example.net.>, I would compare:
nslookup example.net. 192.0.2.10
with
nslookup google.com. 192.0.2.10
I'd also check a site unlikely to be cached, such as:
nslookup purple.com. 192.0.2.10
I'd also run a query against an external resolver:
nslookup google.com. 8.8.8.8
I'd also avoid NSLOOKUP and use DIG (you can get it from the ISC
BIND distribution). NSLOOKUP is historically prone to giving bad
diagnostics. I don't know if Microsoft has fixed their version, but
DIG gives better information than NSLOOKUP even when both are working
correctly. Example syntax:
dig example.net. @192.0.2.10
> When you try and query it comes up with service failure or
> timeout.
Be aware that SERVFAIL is an actual DNS result code from a
nameserver, while a timeout is NSLOOKUP getting tired of waiting for
the nameserver to respond.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
