If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
nslookup weird behavior
I accidentally found that "nslookup" works even if I specify a
non-existent dns server. For example "lookup www.kingoffighters.com 202.30.50.1" will return nothing for the first time but return correct result for the second. 202.30.50.1 is just a random typed address. Is this normal? full log: nslookup www.kingoffighters.com 202.30.50.1 DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 202.30.50.1: Timed out Server: UnKnown Address: 202.30.50.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out nslookup www.kingoffighters.com 202.30.50.1 DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 202.30.50.1: Timed out Server: UnKnown Address: 202.30.50.1 DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name: www.kingoffighters.com Address: 50.63.202.64 -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
Ads |
#2
|
|||
|
|||
nslookup weird behavior
Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a non-existent dns server. For example "lookup www.kingoffighters.com 202.30.50.1" will return nothing for the first time but return correct result for the second. 202.30.50.1 is just a random typed address.Â* Is this normal? My linux nslookup uses the default sequence of nameservers if the command designated one doesn't work/ fails. If the first default fails then it uses the next, etc. Likely Win has a similar strategy. -- Mike Easter |
#3
|
|||
|
|||
nslookup weird behavior
On Tue, 22 Oct 2019 20:40:46 -0700, Mike Easter wrote:
Lu Wei wrote: I accidentally found that "nslookup" works even if I specify a non-existent dns server. For example "lookup www.kingoffighters.com 202.30.50.1" will return nothing for the first time but return correct result for the second. 202.30.50.1 is just a random typed address.* Is this normal? My linux nslookup uses the default sequence of nameservers if the command designated one doesn't work/ fails. If the first default fails then it uses the next, etc. Likely Win has a similar strategy. Wireshark shows that Windows' nslookup only uses the specified name server for query. Yet, an answer is replied from the specified name server. I tested it using 10.0.0.x as the name server. FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the gateway (my router). I stopped Dnscrypt before I test nslookup. Even with debug logging enabled, nslookup doesn't show where the answer actually came from. I also can't find any option to disable that weird behaviour. |
#4
|
|||
|
|||
nslookup weird behavior
On 2019-10-23 11:40, Mike Easter wrote:
Lu Wei wrote: I accidentally found that "nslookup" works even if I specify a non-existent dns server. For example "lookup www.kingoffighters.com 202.30.50.1" will return nothing for the first time but return correct result for the second. 202.30.50.1 is just a random typed address.Â* Is this normal? My linux nslookup uses the default sequence of nameservers if the command designated one doesn't work/ fails.Â* If the first default fails then it uses the next, etc. Likely Win has a similar strategy. I think that possibility should be excluded because I see in Wireshark log that exact "ghost" server returned the dns answer. The snapshot: http://androidhost.org/v27jSOB -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
#5
|
|||
|
|||
nslookup weird behavior
On 2019-10-23 17:52, JJ wrote:
Wireshark shows that Windows' nslookup only uses the specified name server for query. Yet, an answer is replied from the specified name server. I tested it using 10.0.0.x as the name server. FYI... my system uses Dnscrypt and it's bound to 127.0.0.1. My system's DNS setting is set to 127.0.0.1 for primary and nothing for secondary. My LAN uses 192.168.1.x range and my NIC is at 192.168.1.2 with 192.168.1.1 as the gateway (my router). I stopped Dnscrypt before I test nslookup. Even with debug logging enabled, nslookup doesn't show where the answer actually came from. I also can't find any option to disable that weird behaviour. So I am not alone! Where are you located? I suspect maybe it's the great firewall that actually answered, but if you are not in china, then maybe it's the weirdness (or feature?) of Windows. -- Regards, Lu Wei IM: PGP: 0xA12FEF7592CCE1EA |
#6
|
|||
|
|||
nslookup weird behavior
On 23/10/2019 03:28, Lu Wei wrote:
I accidentally found that "nslookup" works even if I specify a non-existent dns server. For example "lookup www.kingoffighters.com 202.30.50.1" will return nothing for the first time but return correct result for the second. 202.30.50.1 is just a random typed address. Is this normal? full log: nslookup www.kingoffighters.com 202.30.50.1 DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 202.30.50.1: Timed out Server: UnKnown Address: 202.30.50.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out nslookup www.kingoffighters.com 202.30.50.1 DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 202.30.50.1: Timed out Server: UnKnown Address: 202.30.50.1 DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name: www.kingoffighters.com Address: 50.63.202.64 Domain Name: KINGOFFIGHTERS.COM Registry Domain ID: 14637266_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2018-12-06T10:27:41Z Creation Date: 1999-12-05T13:06:45Z Registry Expiry Date: 2019-12-05T13:06:45Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: Registrar Abuse Contact Phone: 480-624-2505 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS61.DOMAINCONTROL.COM Name Server: NS62.DOMAINCONTROL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ Non-authoritative answer: Name: kingoffighters.com Address: 50.63.202.64 -- With over 1,000,000 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
Thread Tools | |
Display Modes | |
|
|