dns timeout and suffixes

[steve_keith_capell]

It's been discussed on this group before that nslookup can produce
timeouts when DNS suffixes are appended automatically under Windows
2000/XP (as set in the networking properties). I believe that this
behavior effects all DNS lookups (not just nslookup) so programs that
use DNS a lot, such as Perforce, run slowly.

I've been trying to figure out how to get rid of the timeouts without
resorting to not using suffixes. Some suffixes seem to cause timeouts
while others don't. With an offending suffix, the results of "nslookup
cnn.com" are:

--------------------------------------------------------------------------
Server: <dns server name>
Address: <dns server address>

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.84, 64.236.16.116, 64.236.24.4, 64.236.24.12
64.236.24.20, 64.236.24.28, 64.236.16.20, 64.236.16.52

 

[Kevin D. Goodknecht Sr. [MVP]]

In

It's been discussed on this group before that nslookup
can produce timeouts when DNS suffixes are appended
automatically under Windows 2000/XP (as set in the
networking properties). I believe that this behavior
effects all DNS lookups (not just nslookup) so programs
that use DNS a lot, such as Perforce, run slowly.

I've been trying to figure out how to get rid of the
timeouts without resorting to not using suffixes. Some
suffixes seem to cause timeouts while others don't. With
an offending suffix, the results of "nslookup cnn.com"
are:

--------------------------------------------------------------------------
Server: <dns server name>
Address: <dns server address>

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.84, 64.236.16.116, 64.236.24.4,
64.236.24.12
64.236.24.20, 64.236.24.28, 64.236.16.20, 64.236.16.52
--------------------------------------------------------------------------

Use this command to see what the full query is:
nslookup -d2 cnn.com

 

[Steve Capell]

Use this command to see what the full query is:
nslookup -d2 cnn.com

Thanks, that helped. In either case (timeout or no timeout) the
system first makes a request applying the suffix, and if that fails,
makes a request without the suffix. In a good case (no timeout), the
response refers to an AUTHORITY which is based on the supplied suffix.
For example, when requesting "cnn.com.<suffix>", which doesn't exist,
the DNS server responds promptly with NXDOMAIN based on the AUTHORITY
named "<suffix>". In a bad case (timeout), no such AUTHORITY is
cited.

So is this a recursive procedure, implying that the problem is that
the domain "<suffix>" is not providing the appropriate DNS services?
Or is the problem that the primary DNS is not keeping appropriate
records?

Thanks,
Steve

 

[Ace Fekay [MVP]]

In

Thanks, that helped. In either case (timeout or no timeout) the
system first makes a request applying the suffix, and if that fails,
makes a request without the suffix. In a good case (no timeout), the
response refers to an AUTHORITY which is based on the supplied suffix.
For example, when requesting "cnn.com.<suffix>", which doesn't exist,
the DNS server responds promptly with NXDOMAIN based on the AUTHORITY
named "<suffix>". In a bad case (timeout), no such AUTHORITY is
cited.

So is this a recursive procedure, implying that the problem is that
the domain "<suffix>" is not providing the appropriate DNS services?
Or is the problem that the primary DNS is not keeping appropriate
records?

Thanks,
Steve

DNS just responds to queries. It's not a matter of if it keeping appropriate
records or not. DNS will cache whatever queries it has answered for the TTL
of the record. The issue is the querying application. In this case,
nslookup, since it's a "name server lookup" tool, is designed to query by
suffixing the system's search suffix entry (found in IP Properties, DNS
tab). It's the way it works. If you don't want it to suffix a query, enter a
period at the end of the query:

nslookup -d2 cnn.com.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.