I
I
igortru2021-09-11 10:52:21
Domain Name System
igortru, 2021-09-11 10:52:21

Connection DNS suffix and query processing order?

Good day to all!

I ran into a problem and I don't know how to fix it.

There is a domain (AD), the main DNS suffix of the domain is company.ru. Inside the network, everything works correctly, but there are problems with remote users.

Domain machines have the following DNS suffix settings.

Windows IP Setting

Computer Name . . . . . . . . . : USER-LAPTOP
Primary DNS suffix . . . . . . : company.ru
Node type. . . . . . . . . . . . . : Hybrid
IP Routing is enabled. . . . : No
WINS proxy enabled. . . . . . . : No
DNS suffix lookup order. : company.ru

Recently, a domain name - company.ru - has been registered in the RU zone. Not registered by us.
Remote users, when connected to a guest (personal home network), start submitting requests - for example. ya.ru, the system automatically adds the suffix - company.ru and a request like "ya.ru.company.ru" flies to the DNS server of the newly registered domain in the RU zone. DNS servers that support this domain always give "positive" answers to A-records and a station that is not in the enterprise network receives left IP addresses for its queries.
For example:
nslookup ya.ru
╤хЁтхЁ: hdns1.corbina.net
Address: 213.234.192.8 Untrustworthy

response:
╚ь : ya.ru.company.ru
Address: xx.xx.xx.xx

A week ago, attackers tried to configure users' browsers via wpad.
Users address with impossibility to be connected through cisco anyconnect, at the same time there are machines (domain) which normally work. Browsers, for example, work everywhere without problems, but nslookup always produces such entries when debugging a problem.
Right now I am writing from a laptop with this problem, the browser works, cisco anyconnect works correctly, but almost every day users contact me.

It is not entirely clear why the browser works? Request processing order?
What to do in this situation? We need to fix this problem, but there is no understanding yet.
I would appreciate any advice.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexey Kharchenko, 2021-09-12
@AVX

Why was it necessary to use "company.ru" in the settings if this name was not registered by your company?
SSZB, as they say.
Now there are not so many options:
1. Try to buy the company.ru domain
2. Change the dns suffix to something like oao.company (or at least company.local, or register a name in another zone and specify it, like company. com)
3. Change the method of connecting from the Internet to company resources (vpn, etc.)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question