A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

nslookup weird behavior



 
 
Thread Tools Display Modes
  #1  
Old October 23rd 19, 03:28 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 29
Default nslookup weird behavior

I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address. Is
this normal?

full log:
nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: www.kingoffighters.com
Address: 50.63.202.64
--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
Ads
  #2  
Old October 23rd 19, 04:40 AM posted to microsoft.public.windowsxp.general
Mike Easter
external usenet poster
 
Posts: 891
Default nslookup weird behavior

Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.Â* Is
this normal?


My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails. If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.

--
Mike Easter
  #3  
Old October 23rd 19, 10:52 AM posted to microsoft.public.windowsxp.general
JJ[_11_]
external usenet poster
 
Posts: 685
Default nslookup weird behavior

On Tue, 22 Oct 2019 20:40:46 -0700, Mike Easter wrote:
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.* Is
this normal?


My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails. If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.


Wireshark shows that Windows' nslookup only uses the specified name server
for query. Yet, an answer is replied from the specified name server. I
tested it using 10.0.0.x as the name server.

FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS
setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN
uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the
gateway (my router). I stopped Dnscrypt before I test nslookup.

Even with debug logging enabled, nslookup doesn't show where the answer
actually came from. I also can't find any option to disable that weird
behaviour.
  #4  
Old October 23rd 19, 11:12 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 29
Default nslookup weird behavior

On 2019-10-23 11:40, Mike Easter wrote:
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address.Â* Is
this normal?


My linux nslookup uses the default sequence of nameservers if the
command designated one doesn't work/ fails.Â* If the first default fails
then it uses the next, etc.

Likely Win has a similar strategy.

I think that possibility should be excluded because I see in Wireshark
log that exact "ghost" server returned the dns answer.
The snapshot:
http://androidhost.org/v27jSOB
--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #5  
Old October 23rd 19, 11:29 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 29
Default nslookup weird behavior

On 2019-10-23 17:52, JJ wrote:

Wireshark shows that Windows' nslookup only uses the specified name server
for query. Yet, an answer is replied from the specified name server. I
tested it using 10.0.0.x as the name server.

FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS
setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN
uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the
gateway (my router). I stopped Dnscrypt before I test nslookup.

Even with debug logging enabled, nslookup doesn't show where the answer
actually came from. I also can't find any option to disable that weird
behaviour.

So I am not alone! Where are you located? I suspect maybe it's the great
firewall that actually answered, but if you are not in china, then maybe
it's the weirdness (or feature?) of Windows.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #6  
Old October 23rd 19, 04:39 PM posted to microsoft.public.windowsxp.general
😉 Good Guy 😉
external usenet poster
 
Posts: 874
Default nslookup weird behavior

On 23/10/2019 03:28, Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com
202.30.50.1" will return nothing for the first time but return correct
result for the second. 202.30.50.1 is just a random typed address. Is
this normal?

full log:
nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

nslookup www.kingoffighters.com 202.30.50.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 202.30.50.1: Timed out
Server: UnKnown
Address: 202.30.50.1

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: www.kingoffighters.com
Address: 50.63.202.64





Domain Name: KINGOFFIGHTERS.COM
Registry Domain ID: 14637266_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-12-06T10:27:41Z
Creation Date: 1999-12-05T13:06:45Z
Registry Expiry Date: 2019-12-05T13:06:45Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited
https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS61.DOMAINCONTROL.COM
Name Server: NS62.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/


Non-authoritative answer:
Name: kingoffighters.com
Address: 50.63.202.64

--
With over 1,000,000 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 04:06 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright ©2004-2019 PCbanter.
The comments are property of their posters.