BPuhl’s Blog

A little bit of everything without actually being much of anything

Stick a TXT in it

Posted by BPuhl on February 21, 2008

So how do you keep someone from giving a computer the same name as one of your domains?  This is one of the areas where WINS actually comes in really helpful for us internally.  Because a machine cannot dynamically overwrite a static record, we’ve always made sure that there were static WINS records for all of our domains (which we then have to manage when DC’s change IP’s).

Today we had an interesting thing happen though.  Someone got the great idea, to register a host address in DNS which is the same as the name of the domain.  In our case, what happened was that a user registered a record in the NTDEV.CORP.MICROSOFT.COM zone called NTDEV.  In general, most applications didn’t even notice that this occurred, but some tools (such as LDP) and in our case some of the RMS servers started having fits.  The reason was that we push domain search suffixes down to our clients.

The following info came through in the escalation:

I think we have a DNS/WINS problem here:

This doesn’t work:
D:\IPP.tms\test>ping -4 ntdev
Pinging ntdev.ntdev.corp.microsoft.com [172.31.233.151] with 32 bytes of data:
Reply from 172.31.233.151: bytes=32 time=1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Ping statistics for 172.31.233.151:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

D:\IPP.tms\test>ping -a 172.31.233.151
Pinging garisto-t3.ntdev.corp.microsoft.com [172.31.233.151] with 32 bytes of data:
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Reply from 172.31.233.151: bytes=32 time<1ms TTL=126
Ping statistics for 172.31.233.151:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Now using the FQDN for NTDEV:

But this works as expected
D:\IPP.tms\test>ping -4 ntdev.corp.microsoft.com
Pinging ntdev.corp.microsoft.com [157.54.104.75] with 32 bytes of data:
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Ping statistics for 157.54.104.75:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

D:\IPP.tms\test>ping -a 157.54.104.75
Pinging ntdev-dc-04.ntdev.corp.microsoft.com [157.54.104.75] with 32 bytes of data:
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Reply from 157.54.104.75: bytes=32 time=1ms TTL=57
Reply from 157.54.104.75: bytes=32 time<1ms TTL=57
Ping statistics for 157.54.104.75:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

Did you see what happened in the first ping? 

When the single label name of the domain NTDEV was entered, the search suffix automagically appended the name of the domain (ntdev.corp.microsoft.com) to it, to create ntdev.ntdev.corp.microsoft.com.  This is normal behavior, previously this query would fail, the client would move to the next suffix in the list which is just “corp.microsoft.com” and end up with ntdev.corp.microsoft.com which is the name of the domain they were looking for.  In this case, the first query worked, so the second one never occurred.

So what did we do, besides deleting the bad record from DNS?  We created a TXT record, with the name NTDEV.  The presence of a TXT record will prevent any other record types from being registered.

TA DA!

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: