Windows using the DNS suffix search list on all lookups, even valid FQDNs. How to stop this

dnswindows xp

When doing DNS lookups (specifically using nslookup, for some reason most things are not effected) Windows XP Pro SP3 is using the DNS suffix search list for every single one. Even for fully qualified domain names. For example I lookup "www.microsoft.com" but windows actually asks for "www.microsoft.com.eondream.com" (eondream.com is my primary domain). Now I can fix the issue by removing the Primary DNS suffix, but it seems to me that the DNS suffix search list should be for short, invalid names (where dots=0 or something). I'm sure I have a misconfiguration somewhere in windows but I don't know where. I've changed every option I can think of or find.

Below is the output of ipconfig /all and nslookup (with debug & db2 enabled). This is using a static IP & (internal) DNS server.

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : frayedlogic
        Primary Dns Suffix  . . . . . . . : eondream.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : eondream.com

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
        Physical Address. . . . . . . . . : 00-1B-FC-29-EB-6B
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.13.32
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.13.13
        DNS Servers . . . . . . . . . . . : 192.168.19.19

C:\>nslookup
Default Server:  shardik.eondream.com
Address:  192.168.19.19

> set debug
> set db2
> www.microsoft.com
Server:  shardik.eondream.com
Address:  192.168.19.19

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.microsoft.com.eondream.com, type = A, class = IN
    ANSWERS:
    ->  www.microsoft.com.eondream.com
        internet address = 208.69.36.132
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
Name:    www.microsoft.com.eondream.com
Address:  208.69.36.132

(Note: it resolves to that IP because I use the opendns service and that is their suggestion page or whatever you want to call it)
If I am reading the nslookup output correctly then it is not a problem with my DNS server because windows is actually asking for the incorrect domain.

Best Answer

Well, I'm no expert, but here's what I found:

This registry entry works for both Windows XP and Windows Vista

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"AppendToMultiLabelName"=dword:00000000

HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
Type = DWORD

Data:

0 (Do not Append Suffix)
1 (Append suffix)

If the registry entry is not present, the default in Windows XP is 1, and 0 in Windows Vista.

Note: This registry changes and its effect apply only to the ping command, they do not apply to the nslookup tool. This is because nslookup contains its own DNS resolver and does not rely on the resolver built into the operating system (DNS Client). The DNS (multi-label) query packets sent by the nslookup tool will append the domains listed in the suffix search order irrespective of the registry key settings mentioned here.

Reference: http://blogs.technet.com/networking/archive/2009/04/16/dns-client-name-resolution-behavior-in-windows-vista-vs-windows-xp.aspx

Related Solutions

Dns – Confusion about DNS Suffixes with VPN

When you are connected to your VPN, DNS queries are being handled by your office's servers. When you query for "router", your computer is adding the suffix pacs.local. For whatever reason, your office's DNS servers appear to respond with 66.114.124.140 for any domain they don't know about.

Try running nslookup router 10.3.1.120, you should get back the correct IP address for your router because your local DNS server will be doing the address resolution.

It sounds like what you want is the same as the asker in this Server Fault question: you have multiple NICs on a computer (one is a virtual NIC), and you want DNS resolution to first try your local DNS servers, then try the remote DNS servers if that fails. That person's issue was resolved by changing the order of network adapters as described in Microsoft KB894564, so perhaps that will work for you as well.

Resetting gone wrong

You have Teredo enabled, but your system hasn't correctly identified your public IPv4 address. This is due to a double NAT situation (you are behind two home routers both doing NAT, or you have one router and your ISP is also NATting your connection); Teredo addresses encode what should be the public IPv4 address, but yours encodes the address 192.168.1.100, a private address. This only happens in a double NAT setup.

Since this gives you a mostly-nonfunctional or completely broken IPv6 address, and IPv6 is preferred to IPv4, this will slow down your connectivity to any IPv6 enabled web site (Google, Facebook, many others).

I always recommend disabling Teredo, ISATAP and 6to4, all of which are IPv6 transition technologies with various pitfalls, unless you actually intend to use them.

Open an elevated command prompt by right-clicking the Command Prompt icon and selecting Run as Administrator, and enter the following commands:

netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh int teredo set state disabled

Each should return The command completed successfully.

Then restart your computer.

Best Answer

Related Solutions

Dns – Confusion about DNS Suffixes with VPN

Resetting gone wrong

Related Question