Share via

Windows DNS Client Not Querying Specified DNS Server Without Connection Specific Suffix

AdamWaring-0245 0 Reputation points
2023-08-10T13:15:23.94+00:00

We have 3 DCs, all running the DNS role. These servers hold the records for the domain itself but also "external" records using split-horizon DNS. IP Addresses for the servers are all static whereas the clients all have DHCP-assigned addresses.

Currently, we are testing a new subdomain we'll call this timesheets.domain.co.uk, internal IP is 10.2.2.21, and this is hosted on DC04.domain.local. We also have remote.domain.co.uk which is also using split DNS, external DNS is in Cloudflare, internal record points to 10.2.2.102.

(If relevant, the DHCP server assigned domain.local as a DNS suffix. But we've tried changing that with no difference)

Running

NSLOOKUP timesheets.domain.co.uk
NXDOMAIN

Whereas

NSLOOKUP remote.domain.co.uk
A: <external IP>

returns external IP.

If we check wireshark for DNS queries against that server, we can see that every DNS query coming from Windows clients has the domain appended. For instance, testing.domain.co.uk.domain.local.

i.e.

NSLOOKUP timesheets.domain.co.uk.domain.local

Whereas the Windows servers all attempt to resolve the suffix first before removing the suffix.

i.e.

NSLOOKUP timesheets.domain.co.uk.domain.local
NXDOMAIN
NSLOOKUP timesheets.domain.co.uk
A: 10.2.2.21 

Any ideas, suggestions or tips on where to look for a difference between the servers and clients as to why they would be doing this?

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Client for IT Pros Networking Network connectivity and file sharing
Windows for business Windows Server User experience Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-12-22T03:04:41.2233333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    You can check the DNS Fuffix configuraiton by below method:

    1. On windows client, open adaptor property and go to advanced TCP/IP setting, you will be able to configure the Domain Search List Order and Connection-specific DNS suffix.

    There's high possibility that it's caused by the configuration here.

    1. On DHCP Server configuration, you can also check "Option" if there's any preference setting related to DNS suffix.
    2. You can double check if there's any configuration dispatched from Group Policy Settings.

    Hope the answer can help you better troubleshoot this issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.