0

This is a bit perplexing to me.

When I do a NSLOOKUP on 10.0.0.17 it comes back as "ProductionServer01.domain.com" which is a decommissioned server. 10.0.0.17 is actually ProductionServer02.domain.com, and when I NSLOOKUP that hostname, the correct IP comes back.

I logged into MainDC04 and checked the DNS records for ProductionServer02, and it is listed as 10.0.0.17, and ProductionServer01 is listed as 10.0.0.85. This is the correct addressing for these machines.

I did flush my DNS records, and test from a different machines (MainDC04 and another laptop I had lying around).

Is this even something I should be concerned about, or can it be ignored? Any thoughts on the cause of this issue would be appreciated.

TL:DR; ProductionServer01: 10.0.0.85 ProductionServer02: 10.0.0.17

DNS lookups put ProductionServer01 as 10.0.0.17 and 10.0.0.85

Our Main Domain Controller is a Windows Server 2012 machine, and we have 2 older DCs running 2k3.

Improve this question
1
  • I don't know if there's an equivalent in Windows, but if you have access to a unix box (or maybe cygwin), dig can be very handy for troubleshooting these sorts of things. In particular, the +trace and +nssearch options.
    – Phil Frost
    Commented Feb 27, 2013 at 15:12

1 Answer 1

Reset to default
2

When you do a reverse lookup for an IP Address DNS does a lookup for a Reverse PTR record. It does not actually try to lookup forward records by their data (that would be a monstrous security hole).

You need to update your Reverse PTR record in DNS. Same MMC you were looking at for the Forward Record...

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .