PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   General XP issues or comments (http://www.pcbanter.net/forumdisplay.php?f=18)
-   -   nslookup weird behavior (http://www.pcbanter.net/showthread.php?t=1109038)

Lu Wei October 23rd 19 03:28 AM
nslookup weird behavior
 
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address. Is
this normal?

full log:
nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: www.kingoffighters.com
Address: 50.63.202.64
--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA

Mike Easter October 23rd 19 04:40 AM
nslookup weird behavior
 
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.Â* Is
this normal?

My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails. If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.

--
Mike Easter

JJ[_11_] October 23rd 19 10:52 AM
nslookup weird behavior
 
On Tue, 22 Oct 2019 20:40:46 -0700, Mike Easter wrote:
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.* Is
this normal?

My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails. If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.

Wireshark shows that Windows' nslookup only uses the specified name server
for query. Yet, an answer is replied from the specified name server. I
tested it using 10.0.0.x as the name server.

FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS
setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN
uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the
gateway (my router). I stopped Dnscrypt before I test nslookup.

Even with debug logging enabled, nslookup doesn't show where the answer
actually came from. I also can't find any option to disable that weird
behaviour.

Lu Wei October 23rd 19 11:12 AM
nslookup weird behavior
 
On 2019-10-23 11:40, Mike Easter wrote:
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.Â* Is
this normal?

My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails.Â* If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.

I think that possibility should be excluded because I see in Wireshark
log that exact "ghost" server returned the dns answer.
The snapshot:
http://androidhost.org/v27jSOB
--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA

Lu Wei October 23rd 19 11:29 AM
nslookup weird behavior
 
On 2019-10-23 17:52, JJ wrote:

Wireshark shows that Windows' nslookup only uses the specified name server
for query. Yet, an answer is replied from the specified name server. I
tested it using 10.0.0.x as the name server.

FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS
setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN
uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the
gateway (my router). I stopped Dnscrypt before I test nslookup.

Even with debug logging enabled, nslookup doesn't show where the answer
actually came from. I also can't find any option to disable that weird
behaviour.

So I am not alone! Where are you located? I suspect maybe it's the great
firewall that actually answered, but if you are not in china, then maybe
it's the weirdness (or feature?) of Windows.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA

😉 Good Guy 😉 October 23rd 19 04:39 PM
nslookup weird behavior
 
On 23/10/2019 03:28, Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address. Is
this normal?

full log:
nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: www.kingoffighters.com
Address: 50.63.202.64




Domain Name: KINGOFFIGHTERS.COM
Registry Domain ID: 14637266_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-12-06T10:27:41Z
Creation Date: 1999-12-05T13:06:45Z
Registry Expiry Date: 2019-12-05T13:06:45Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS61.DOMAINCONTROL.COM
Name Server: NS62.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/


Non-authoritative answer:
Name: kingoffighters.com
Address: 50.63.202.64

--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.


All times are GMT +1. The time now is 07:47 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters