I have a Win2k network. From any client on the network I have no
problem reaching websites. I do have a curious problem however when
using nslookup.
The results are as follows:

>nslookup www.google.com
Server: Loopback
Address: 192.168.1.5

Non-Authoritative Answer
Name:  www.google.com
Address: 216.239.33.101

The puzzling part is why my DNS server has the name Loopback.
What I have found so far

1. There is no entry in HOSTS or LMHOSTS that automatically assigns my
DNS server's name Loopback.
2. My DNS server has both an NS record and an A record in DNS.
3. I don't have my reverse lookup zone configured correctly (I don't
think that matters)
4. I am using forwarders. I believe they are working correctly.
5. My DNS implementation is Win2K Active Directory Integrated.
6. I have one name server.

---

Request for Question Clarification by twitch-ga on 01 Nov 2002 09:19 PST

pg3phillip-

Since I can't be certain that this answer will do the trick for you,
I'm just posting it as a clarification request. But I think that it
will solve the mystery. Consider the two following statements that you
made:

3. I don't have my reverse lookup zone configured correctly (I don't
think that matters)
4. I am using forwarders. I believe they are working correctly.

The reverse zone _does_ matter. Whenever you use nslookup one of the
first things that it does is find the name associated with the IP
address of your primary name server. Consider the following:

c:\>nslookup
Default Server:  myns.mydom.org
Address:  192.168.1.3

> ns.google.com
Default Server:  myns.mydom.org
Address:  192.168.1.3

Name:    ns.google.com
Address:  216.239.32.10

> server 216.239.32.10
Default Server:  ns1.google.com
Address:  216.239.32.10


So, the name associated with the address is not always the same in
forward and reverse mappings.

What I think is happening is that nslookup is trying to find the name
associated with 192.168.1.5. Since you don't have a zone file for the
1.168.192.in-addr.arpa zone, the name server forwards to someone else.
That server either has a zone file for 1.168.192.in-addr.arpa or knows
someone that does, and finds the name 'Loopback' associated with that
address. You can test this with nslookup by setting the server to one
of your forward servers and looking up 192.168.1.5.

If having this system named Loopback is annoying to you, all that you
need to do is create a zone file for 1.168.192.in-addr.arpa and give a
PTR entry for 192.168.1.5 and name it whatever you like.


Hopefully this helped you out. Again, this is just a guess at what the
issue is, so I'm only posting as a clarification request. Let me know
if this solved the mystery.

---

Clarification of Question by pg3phillip-ga on 01 Nov 2002 11:03 PST

Twitch......
I am not sure I completely understand the part of you explanation
where you write, "Since you don't have a zone file for the
1.168.192.in-addr.arpa zone, the name server forwards to someone else.
That server either has a zone file for 1.168.192.in-addr.arpa or knows
someone that does, and finds the name 'Loopback' associated with that
address."

Are you suggesting that the Forwarders are receiving this request and
returning loopback as the name?

---

Request for Question Clarification by twitch-ga on 01 Nov 2002 12:54 PST

pg3phillip-

"I am not sure I completely understand the part of you explanation
where you write...Are you suggesting that the Forwarders are receiving
this request and returning loopback as the name?"

Yes, exactly. Again, you can test to see if this is the case by
setting the server in nslookup to be one of your forwarders and asking
it for the name associated with 192.168.1.5. For instance, let's say
that the IP address of a forwarder is 192.168.3.9. You would do this:

c:\>nslookup
Server: Loopback
Address: 192.168.1.5

> server 192.168.3.9
Default Server:  ns.somedom.com
Address:  192.168.3.9

> 192.168.1.5
 ...


Then the answer, I think, will look something like this:

> 192.168.1.5
Default Server:  ns.somedom.com
Address:  192.168.3.9

Name:    Loopback
Address:  192.168.1.5


Give that a try and let me know what you find.

I am not familiar with Win2k services, so I'm not posting this as an
answer, but I can make a suggestion:

"Loopback" is the common term for the IP address "127.0.0.1", which
refers to the "current machine", or "localhost".

Is it possible that the DNS server is configured with an address of
"127.0.0.1" somewhere, referring to the fact that it itself is a DNS
server?

In my HOSTS file 127.0.0.1 is listed as Local Host not Loopback. This
is pretty standard. This in no way refers to either the DNS Server's
ip address of 192.168.1.5 or name.
It is possible that somewhere my server has a name of Loopback
assigned but it isn't in any of the likely places ie. TCP/IP settings
etc.
The server also only has one network card if this helps.

Check out this thread:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&threadm=%232OqIaJgCHA.2584%40tkmsftngp12&rnum=5&prev=/groups%3Fq%3D%2522server:%2Bloopback%2522%2Bnslookup%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26selm%3D%25232OqIaJgCHA.2584%2540tkmsftngp12%26rnum%3D5

What does your hosts file have for the 192.168.1.* zone?

Hey, wait, that thread's verrrrrrrry recent. Is that you? :)

1) Can you post an ipconfig /all from the machine you are running the
nslookup from?
2) Download the windows 2000 support tools, there are 2 very useful
utils, dcdiag and netdiag, they can verify the domain and network
config.

Dawid
MCSE Support Professional

In Reply to the comment from: alexander-ga on 31 Oct 2002 15:39 PST 
I checked the thread you linked and curiously enough that is not me.
It is however a tech from my VAR who I have enlisted to help me. Very
small cyberworld indeed.:)

In Reply to the comment by alexander-ga on 31 Oct 2002 15:39 PST 
There is nothing in my HOSTS file other than the entry
127.0.0.1 localhost

The obvious thing to do here is:

>nslookup
Server: Loopback 
Address: 192.168.1.5 
>set type=ptr
>192.168.1.5

nslookup should then display not only what the PTR record is (Loopback
likely) but also details about how it got answered. You can try for
example:

>set type=ptr
>216.239.39.100
Server:  Loopback
Address:  192.168.1.5

Non-authoritative answer:
100.39.239.216.in-addr.arpa     name = www.google.com

39.239.216.in-addr.arpa nameserver = NS4.google.com
39.239.216.in-addr.arpa nameserver = NS3.google.com
39.239.216.in-addr.arpa nameserver = NS2.google.com
39.239.216.in-addr.arpa nameserver = NS1.google.com
NS4.google.com  internet address = 216.239.38.10
NS3.google.com  internet address = 216.239.36.10
NS2.google.com  internet address = 216.239.34.10
NS1.google.com  internet address = 216.239.32.10

Here you'll see that the answer came from one of Google's 4
nameservers originally but is now cached locally (Non-Authorative).