Windows DNS - SubDomain Blackhole

penguinpages 6 Reputation points
2023-10-18T12:23:30.72+00:00

Sorry that this is anohter posting of same question/ topic:


I have been working on this for a few weeks now.  I need tool and or fresh view of how to do root cause of DNS resolution issue.

System: 

Windows 11

All NICs and VPN services disabled except for 1Gb NIC and CISCO VPN (needed to connect to remote site)

WSL - service disabled and "bridge disconnected from NIC but lies like a rug.. as when I start service it can access internet

HyperV - disabled as service and disconnected from NIC

DNS structure:

labs.local

ps.labs.local

cnat.labs.local

Issue:  I can resolve local DNS, when VPN, DNS for connected domain "labs.local" A/PTR,  sub domain cnat.labs.local  A/PTR, but NOT any entries in ps.labs.local

But I can use tool like nslookup and resolve names within sub domain ps.labs.local

Baseline that other peers do not have issue.  Other computer within home that VPN do not have issue. So this is a local windows 11 issue.

I have loaded up wireshark.  I can see when I run ping to hostnames packets for any domain (internet or labs.local or cnat.labs.local) all send out DNS query lookup then communicate over ICMP.

But nslookup or direct shell communication attempt for that sub domain.. never even shows packet transfer or lookup in wireshark.   So its almost like something is black holing this environment.

Question:

1) Once hostname is able to resolve within nslookup client, how do I debug why it does not transfer or show up in windows shell (

###

PS C:\Users\*****> ping ps-vcenter-01.ps.labs.local 

Ping request could not find host ps-vcenter-01.ps.labs.local. Please check the name and try again.

PS C:\Users\*****> ping mspl-vcenter.cnat.labs.local 

 

Pinging mspl-vcenter.cnat.labs.local [10.89.100.60] with 32 bytes of data: 

Reply from 10.**.***.60: bytes=32 time=36ms TTL=62 

 

Ping statistics for 10.**.***.60: 

    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), 

Approximate round trip times in milli-seconds: 

    Minimum = 36ms, Maximum = 36ms, Average = 36ms 

Control-C 

PS C:\Users\*****> ipconfig /displaydns |findstr vcenter 

    mspl-vcenter.cnat.labs.local 

    Record Name . . . . . : mspl-vcenter.cnat.labs.local 

PS C:\Users\*****>

###

2) What tools within windows kernel can I use to track down where these requests are going..  As wireshark is not seeing packets.. I have to believe they are resolving local (and nothing but 127.0.0.1 is in hosts file .. and I did baseline if I add entry it works for that single record but this is not a long term fix)
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
768 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Jeremey Wise 11 Reputation points
    2023-10-24T14:57:31.7833333+00:00
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.