Microsoft's nslookup Implementation Problems

Merton Campbell Crockett m.c.crockett at roadrunner.com
Sun Jul 4 03:42:13 UTC 2010 

The Cisco VPN Client does, indeed, change the Microsoft generated DNS search list.  The Microsoft DNS resolver routines will use the appropriate Microsoft or Cisco generated search list to resolve names and IP addresses.  The problem is that Microsoft's nslookup is isn't using this nor does it use the name server specified on the command line.

The problem isn't so much that Microsoft's nslookup implementation returns the wrong answer.  The problem is that Windows weanies believe that nslookup is returning the correct answer.

Thanks for your help.



On Jun 15, 2010, at 11:20 AM, Tim Maestas wrote:

> One thing I also learned recently is that the Cisco IPSEC VPN client
> dialer hijacks all UDP DNS packets and sends them to the DNS server
> handed out by the VPN concentrators.  So "dig @x.x.x.x" and "nslookup
> foo.bar x.x.x.x" queries don't actually go to x.x.x.x.  Don't know if
> that's in play here but thought it worth mentioning.
> 
> -Tim
> 
> 
> On Tue, Jun 15, 2010 at 11:06 AM, Steve Shockley
> <steve.shockley at shockley.net> wrote:
>> On 6/13/2010 4:00 PM, Merton Campbell Crockett wrote:
>>> 
>>> Inspecting the query log on the name server indicates that BIND never
>>> services a request from the system running Microsoft's nslookup tool. In
>>> addition, using tcpdump in controlled tests, I find that Microsoft's
>>> nslookup implementation never sends any requests to any name server that
>>> is designated in a "server" command unless it is one of the default name
>>> servers that the system would normally use.
>> 
>> WinXP and newer sometimes cache results in unexpected ways, including
>> caching failed lookups.  Perhaps flushing the DNS cache will help.
>> 
>> With that said, I could not duplicate the problem on Win7's nslookup:
>> 
>>> foo.shockley.net
>> Server:  server2003.internal.corporate
>> Address:  192.168.x.x
>> 
>> *** server2003.internal.corporate can't find foo.shockley.net: Non-existent
>> domain
>> 
>>> server 208.67.222.222
>> Default Server:  resolver1.opendns.com
>> Address:  208.67.222.222
>> 
>>> foo.shockley.net.
>> Server:  resolver1.opendns.com
>> Address:  208.67.222.222
>> 
>> Non-authoritative answer:
>> Name:    foo.shockley.net
>> Address:  67.215.65.132
>> 
>> (foo.shockley.net does not exist, that result is an opendns ad page.)
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>> 

--
Merton Campbell Crockett
m.c.crockett at roadrunner.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100703/541f5387/attachment.html>

More information about the bind-users mailing list