question

YannDublanche-8545 avatar image
0 Votes"
YannDublanche-8545 asked DSPatrick commented

Windows 11 - DNS issue

Hello

I am currently testing the compatibility of our organization with Windows 11 and I am facing a strange behavior. The DNS service is not working well with Windows 11.

On Windows 10 there is no issue and all the IP addresses are resolved correctly from our DNS, but on Windows 11, the DNS results are strange:

  • If the request belongs to our main domain, nslookup provides the correct internal IP address

  • If the request belongs to an internal domain only, nslookup provides the correct internal IP address

  • If the request belongs to any other domain, nslookup provides the public IP address instead of the internal IP address

This is only happening from the internal network. If I connect by VPN, using the same DNS servers, then the result is correct in every case.

Has anybody experienced the same issue? Is this a problem of the Windows 11 desktop, the DNS server...?

Thanks in advance

Best regards

Yann

windows-11windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YannDublanche-8545 avatar image
0 Votes"
YannDublanche-8545 answered DSPatrick commented

Dear all

I have found a solution that solve my issue but generate a bigger concern.
I have just tried to configure manually the network connection of the laptop, using exactly the same IP address, mask, gateway and dns server that I was getting before from the DHCP server. And it works! Like this the DNS is correctly providing the internal IP address instead of the external one.

If I then configure back the network through DHCP, it fails again.

It looks like if the DHCP server is giving more information than just the IP configuration.

Has anybody experienced this kind of issue?

Thanks in advance

Best regards

Yann

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'd start a new thread for this new topic.

--please don't forget to upvote and Accept as answer if the reply is helpful--







0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

If the request belongs to any other domain, nslookup provides the public IP address instead of the internal IP address

Do you happen to have a public web site with the same name as internal domain? If so a split brain deployment may be needed.
https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment

--please don't forget to upvote and Accept as answer if the reply is helpful--







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YannDublanche-8545 avatar image
0 Votes"
YannDublanche-8545 answered YannDublanche-8545 edited

Hello Patrick

Thanks a lot for your answer. I will review it. But the strange thing is that we are having the correct behavior on Windows 10 client but it is failing on windows 11 client.

Best regards

Yann

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Hello Patrick

I have reviewed it and everything is correct.
In fact, the AD DNS services only contains the internal IP addresses.
As a consequence, there is no reason it answers the public IP address.

Best regards

Yann

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered YannDublanche-8545 commented

As a work-around you could try adding an A record named "www" and point it to the public domain address.

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

My mistake in my last reply. The AD DNS service only contains internal IP addresses, so should never reply the IP it is providing.

nslookup
Default Server: name.domain
Address: aa.aa.aa.aa

intranet.domain

Server: name.domain
Address: aa.aa.aa.aa

Non-authoritative answer:
Name: webproxy.domain
Address: bb.bb.bb.bb
Aliases: intranet.domain

Thanks

Yann
0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

You never really answered; is there a public domain with the same name as internal?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YannDublanche-8545 avatar image
0 Votes"
YannDublanche-8545 answered

Yes, there is a public domain with the same name as internal but in another DNS server that is not accessible from the internal network.

As a consequence, it cannot be the one replying.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

As a consequence, it cannot be the one replying.

Not sure what is meant? Any of the many public DNS could be replying. You could try the split brain or the "www" work-arounds. Windows 11 did not bring this problem on, its hard to say what has aggravated the issue at this point but it is an age old very well known issue.

--please don't forget to upvote and Accept as answer if the reply is helpful--










5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YannDublanche-8545 avatar image
0 Votes"
YannDublanche-8545 answered

The issue is that it is perfectly working for all the computers and my laptop just started this strange behavior after the upgrade to Windows 11.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Regardless, it is an age old very well known issue when the internal domain name is the same as public domain.

--please don't forget to upvote and Accept as answer if the reply is helpful--






· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Not yet. I am still working on it to find a solution.

0 Votes 0 ·

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered YannDublanche-8545 commented

Hello @YannDublanche-8545

This may have a very simple solution:

A) verify that both Primary and Secondary DNS are set to Domain DNS servers
B) Flush DNS records and re-register the computer:
from CMD as admin:

ipconfig /flushdns
ipconfig /registerdns

Run a "ipconfig /displaydns" to ensure that the proper resolvers are configured.

Hope this helps with your query,


--If the reply is helpful, please Upvote and Accept as answer--

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello

Thanks a lot for the answer. Unfortunately, it is not solving the issue.

One strange things is that in the displaydns, I see this result that correspond to the computer name but not the correct domain:

computername.mshome.net
----------------------------------------
Nombre de registro . : computername.mshome.net
Tipo de registro . . : 1
Período de vida . . . : 536774
Longitud de datos . . : 4
Sección . . . . . . . : respuesta
Un registro (host). . : 172.18.64.1

Best regards

Yann

0 Votes 0 ·