Reply

Conditional forwarder works on Macbook resolvers, but not on Windows 10 clients

[ Edited ]
buskeyl
Techie
Posts: 2
1930     0

We are struggling with a forwarding issue.  We want to forward all DNS requests for a specific sub domain to a specific name server (AD name server),  The conditional forwarder was set up and tested fine on a Macbook, several of them.  However, Windows clients do not get forwarded..

 

Example, same networks etc..  On a Macbook we get: 

 

nslookup test.cdf2.bogusdomainame.net

 

;; Got recursion not available from 10.15188.11, trying next server

Server:             10.15.79.11

Address:           10.15.79.11#53

Non-authoritative answer:

Name:   test.cdf2.bogusdomainame.net

Address: 3.3.3.3

 

This 3.3.3.3 A record only exists in the AD DNS zone we are trying to forward to..

 

On a Windows machine, we get:

 

nslookup test.cdf2.bogusdomainame.net

Server: UnKnown

Address: 10.15.188.11

 

DNS request timed out.

   timeout was 2 seconds.

DNS request timed out.

   timeout was 2 seconds.

Non-authoritative answer:

Name:   test.cdf2.bogusdomainame.net

Addresses: 2.2.2.2

         2.2.2.2

         1.1.1.1

 

Where the 2.2.2.2 record is in the Infoblox Internal zone, and the 1.1.1.1 record is in the Infoblox external zone.  If I were to use a target that was not in either of those zones, but is known to the DNS server that forwarder points to, I'll get a host not found message.  So the Mac client works perfectly, and the Windows client does not work at all, as the forwarder appears to be getting ignored completely when the resolver is Windows 10.  

 

We really want this to work, but do not necessarily have the abiliity to change much on the client side.  Can anyone shed some light as to whay this is happening and what we can do to make the Windows resolvers get the same response as the Macbook resolvers?

Re: Conditional forwarder works on Macbook resolvers, but not on Windows 10 clients

Adviser
Posts: 62
1931     0
Hi Buskeyl,

I'm not sure if I understand your senario correctly. My DNS troubleshooting tool of preference would be dig rather than nslookup and would be the best way to get more info into this.

From this we can see both are trying to contact server 10.15188.11 and is getting ""Got recursion not available from 10.15188.11". May be this server do not allow recursive queries and might be providing referrals if it's authoritative to any parent zone it's part of. If the server is Infoblox/bind I would suggest you to look recursion is enabled or not and if the client is allowed for recursion.

Also nslookup in Windows will use dns suffice list before sending the actual query.so use a trailing dot. This would give more information that would help on troubleshooting.

If I understand correctly, the server you mention is authoritative for .bogusdomainame.net and have a forward zone defined for cdf2.bogusdomainame.net. can you confirm if the config has the statements written to it.

In short I expect below statements in this member config

Recursion yes
Allow recursion has the client ip/client network/any

cdf2.bogusdomainame.net
Type master/slave

cdf2.bogusdomainame.net
Type forward


Please take this as a guide line and statement formats are not exact as I'm updating from my mobile.

Hope this works for you.let me know if you need any additional info

Regards
Syam

Re: Conditional forwarder works on Macbook resolvers, but not on Windows 10 clients

[ Edited ]
TTiscareno Community Manager
Community Manager
Posts: 340
1931     0

When testing with nslookup, as mentioned previously, be sure to include a 'trailing dot' at the end of the name being queried. Example:

nslookup test.cdf2.bogusdomainame.net.

 

The reason is that nslookup, by default, will append any names configured in your DNS suffix search list before actually trying the name as you typed it (hence the two time outs that you are seeing). By including that trailing dot, that forces nslookup to send the query as you sent it. The other thing that stands out is that your Windows client is querying a different server from your Mac client:

 

MAC:

Server:  10.15.79.11
Address:  10.15.79.11#53

Windows:

Server:  UnKnown
Address:  10.15.188.11

 

Doing the following from the Windows client would be a better way to test this:

 

C:\>nslookup
Default Server:  UnKnown
Address:  10.15.188.11

> server 10.15.79.11
Default Server:  [10.15.79.11]
Address:  10.15.79.11

> test.cdf2.bogusdomainame.net.

You may also want to try testing 10.15.188.11 from your Mac:

 

dig @10.15.188.11 test.cdf2.bogusdomainame.net

With dig, you can still include the trailing dot at the end of the name being queried but that is more of an option as by default, it will send the query exactly as you type it.

 

Getting to the root of the issue, I would suspect that 10.15.188.11 is not assigned to the forward zone (cdf2.bogusdomainame.net). As a result, it is recursing out to resolve the query and is why it is returning a different answer.

 

Hope this helps!

 

-Tony

Re: Conditional forwarder works on Macbook resolvers, but not on Windows 10 clients

buskeyl
Techie
Posts: 2
1931     0
Tony,

Thanks a ton for the reply. I’m gong to recheck a few things and get back to you. Not sure I actually noticed the fact that the two name servers were different.

Sent via Outlook for IOS.
Showing results for 
Search instead for 
Do you mean 

Recommended for You