question

DjerkGeurts-1250 avatar image
0 Votes"
DjerkGeurts-1250 asked LimitlessTechnology-2700 answered

PC can't resolve CNAME when domain search-list is set

I've found that Windows 7 or 10 won't accept a CNAME reply for FQDNs in a local domain (or a domain part of the search list).

We're migrating servers to a new data center and changing the primary A record for the new IP address. As these include the data center code. As this is an old environment there are a fair few internal hostnames tired to reach server. Rather than update all the A records with the new IP addresses, we've upted to use CNAME records pointing to the A record with the new FQDN of the new IP address. The intention is to make it easy to b change the IP address back of we need to roll back a migrated Windows server VM.

This works great for Linux and Mac clients, but not for Windows.

Packet captures show that the client gets a CNAME reply to the DNS request. But the result of an nslookup is empty except for the shown headers (DNS server etc). Next we reconfigured the client with a static IP address and no domain search list. The result is that Windows clients can now resolve the domain to an IP address, nslookup shows the alias (CNAME) as expected.

However, without a local domain, (and search list) we can no longer resolve hostnames, all requests must be for FQDNs

In summary:
api.google.com always resolves
test.domain.com only resolves if domain.com is not the local domain or in the search list.
"nslookup test" only works with domain.com in the search list.

windows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

If the record you are looking up is a CNAME it will always return the alias it is pointing to, not the IP. If you want to resolve the alias you would need to use a further nslookup on that.

Have you tried power cycling the switches?

Have you tried flushing and re-registering the DNS on the client computers?

ipconfig /flushdns

ipconfig /registerdns

Also, try unjoining and rejoining the computers to the domain.



--If the reply is helpful, please Upvote and Accept it as an answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.