This was resolved via posting https://github.com/tailscale/tailscale/issues/9948
Windows DNS - SubDomain Blackhole
penguinpages
6
Reputation points
Sorry that this is anohter posting of same question/ topic:
I have been working on this for a few weeks now. I need tool and or fresh view of how to do root cause of DNS resolution issue.
System:
Windows 11
All NICs and VPN services disabled except for 1Gb NIC and CISCO VPN (needed to connect to remote site)
WSL - service disabled and "bridge disconnected from NIC but lies like a rug.. as when I start service it can access internet
HyperV - disabled as service and disconnected from NIC
DNS structure:
labs.local
ps.labs.local
cnat.labs.local
Issue: I can resolve local DNS, when VPN, DNS for connected domain "labs.local" A/PTR, sub domain cnat.labs.local A/PTR, but NOT any entries in ps.labs.local
But I can use tool like nslookup and resolve names within sub domain ps.labs.local
Baseline that other peers do not have issue. Other computer within home that VPN do not have issue. So this is a local windows 11 issue.
I have loaded up wireshark. I can see when I run ping to hostnames packets for any domain (internet or labs.local or cnat.labs.local) all send out DNS query lookup then communicate over ICMP.
But nslookup or direct shell communication attempt for that sub domain.. never even shows packet transfer or lookup in wireshark. So its almost like something is black holing this environment.
Question:
1) Once hostname is able to resolve within nslookup client, how do I debug why it does not transfer or show up in windows shell (
###
PS C:\Users\*****> ping ps-vcenter-01.ps.labs.local
Ping request could not find host ps-vcenter-01.ps.labs.local. Please check the name and try again.
PS C:\Users\*****> ping mspl-vcenter.cnat.labs.local
Pinging mspl-vcenter.cnat.labs.local [10.89.100.60] with 32 bytes of data:
Reply from 10.**.***.60: bytes=32 time=36ms TTL=62
Ping statistics for 10.**.***.60:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 36ms, Average = 36ms
Control-C
PS C:\Users\*****> ipconfig /displaydns |findstr vcenter
mspl-vcenter.cnat.labs.local
Record Name . . . . . : mspl-vcenter.cnat.labs.local
PS C:\Users\*****>
###
2) What tools within windows kernel can I use to track down where these requests are going.. As wireshark is not seeing packets.. I have to believe they are resolving local (and nothing but 127.0.0.1 is in hosts file .. and I did baseline if I add entry it works for that single record but this is not a long term fix)