DNS server handing out wrong IP

Jump to latest Follow Reply
Muted (0)
Rick25

Rick25

Ars Tribunus Militum
2,511
Subscriptor
  • #1
    Looks like it's a DNS day given the other post

    We've for a forward zone for a certain domain, the IP address in that zone matches across all DNS servers

    One of the DNS servers is handing out the public IP for that zone instead of what is in the zone.
    If you're on the DC and nslookup to itself you get the correct IP. But clients or nslookup from another location are getting the incorrect one.

    I've cleared the DNS cache, checked /etc/hosts but can't seem to pin this down.
     
    D

    daveok

    Ars Centurion
    321
    Subscriptor
  • #2
    This isn’t DHCP “handing out” an IP for that zone. DNS is returning an answer. DHCP can influence which DNS server the client uses (and the suffix/search list), but it doesn’t decide whether a hostname resolves to a public or private address.
    Click to expand...

    What you’re describing almost always means some clients are not actually querying the DNS server/zone you think they are, so they fall back to public DNS and get the public record.

    Simple way to prove it:

    1) From a client that gets the public IP
    Check which DNS servers it’s using:
    Code: 
    Windows: ipconfig /all
Linux: resolvectl status (or check /etc/resolv.conf)

    2) Query each DNS server directly
    Don’t rely on “whatever the client picks”, force the server:
    Code: 
    Windows:
nslookup host.example.com <dns_server_ip>

Linux:
dig @<dns_server_ip> host.example.com +noall +answer

    Whichever DNS server returns the public IP is the one to fix. On that server, check:
    Code: 
    Does it actually host the forward zone (authoritative)?

Is there a conditional forwarder / stub zone for that domain?

Is it forwarding that domain to the internet?

    Also worth checking quickly: clients using DoH or hardcoded 8.8.8.8/1.1.1.1 will always get public answers.

    If you paste the output of:
    Code: 
    nslookup host.example.com <dns1>
nslookup host.example.com <dns2>
    …you’ll know immediately where the problem is.
     
    • Like
    Reactions: AnonymousCward, Axl and continuum
    A

    AnonymousCward

    Wise, Aged Ars Veteran
    172
  • #3
    If you're on Windows, don't forget to check that you haven't got something overriding DNS for DNS-over-HTTPS:

    Code: 
    netsh dnsclient show encryption
netsh dnsclient show global
netsh dnsclient show state

    Also, if Group Policy is involved, don't forget to check for Conditional DNS policies enforced on the client side too (just in case of an unusual config).
     
    You must log in or register to reply here.
    Jump to latest Follow Reply
    Jump to latest Follow Reply