How does Windows 7 DNS client work?

Question

I am using a local DHCP and DNS server on my home network on a linux machine. It is running CentOS 6.3 with dnsmasq 2.48.

It's all working fine except for local DNS lookups for Windows machines only. I have a mix of Ubuntu, CentOS and Windows machines on the network, some virtual, some physical. I have a machine called boron and the domain is called localdomain

If I ping boron from any linux machine, I get

[root@lithium lists]# ping -c3 boron
PING boron.localdomain (10.0.0.5) 56(84) bytes of data.
64 bytes from boron.localdomain (10.0.0.5): icmp_seq=1 ttl=64 time=0.740 ms
64 bytes from boron.localdomain (10.0.0.5): icmp_seq=2 ttl=64 time=0.478 ms
64 bytes from boron.localdomain (10.0.0.5): icmp_seq=3 ttl=64 time=0.458 ms

--- boron.localdomain ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.458/0.558/0.740/0.131 ms

If I do it from my Windows 7 machine, I get:

Ping request could not find host boron. Please check the name and try again.

If I try ping boron.localdomain I get:

Pinging boron.localdomain [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=16ms TTL=57
Reply from 67.215.65.132: bytes=32 time=188ms TTL=57
Reply from 67.215.65.132: bytes=32 time=15ms TTL=57
Reply from 67.215.65.132: bytes=32 time=14ms TTL=57

Ping statistics for 67.215.65.132:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 188ms, Average = 58ms

which is clearly wrong. Why is it going out to the internet? Why can't my windows machine resolve the boron hostname to a FQDN? My Windows machines and linux machines get their network config from DHCP.

UPDATE

If I do ipconfig /all in Windows, it looks as I would expect:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : lanthanum
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : .localdomain

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : .localdomain
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-E5-49-38-FC-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.57(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 23 August 2012 13:58:45
   Lease Expires . . . . . . . . . . : 24 August 2012 07:58:48
   Default Gateway . . . . . . . . . : 10.0.0.6
   DHCP Server . . . . . . . . . . . : 10.0.0.6
   DNS Servers . . . . . . . . . . . : 10.0.0.6
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

When I do an nslookup I get:

Server:  carbon.localdomain
Address:  10.0.0.6

*** carbon.localdomain can't find boron: Unspecified error

However if I do ifconfig -a in Linux I get:

[root@nitrogen ~]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:0C:29:AF:EC:2A
          inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:187687 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5857 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23910700 (22.8 MiB)  TX bytes:712964 (696.2 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:329894 errors:0 dropped:0 overruns:0 frame:0
          TX packets:329894 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:67153143 (64.0 MiB)  TX bytes:67153143 (64.0 MiB)

and nslookup:

[root@nitrogen ~]# nslookup boron
Server:         10.0.0.6
Address:        10.0.0.6#53

Name:   boron
Address: 10.0.0.5

Both machines are on the same network using the same DHCP server.

UPDATE 2

I thought the issue was resolved but I am getting intermittent DNS resolving issues but only on my Windows 7 machine. All my linux boxes are fine. This is what happens when I ping and nslookup from Windows to a Windows 2008 Server:

C:\Users\mark>nslookup magnesium
Server:  carbon.localdomain
Address:  10.0.0.6

Name:    magnesium.localdomain
Address:  10.0.0.12


C:\Users\mark>ping magnesium

Pinging magnesium.localdomain [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=267ms TTL=57
Reply from 67.215.65.132: bytes=32 time=162ms TTL=57
Reply from 67.215.65.132: bytes=32 time=510ms TTL=57
Reply from 67.215.65.132: bytes=32 time=146ms TTL=57

Ping statistics for 67.215.65.132:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 146ms, Maximum = 510ms, Average = 271ms

And from Linux:

[root@beryllium ~]# ping -c4 magnesium
PING magnesium.localdomain (10.0.0.12) 56(84) bytes of data.
64 bytes from magnesium.localdomain (10.0.0.12): icmp_seq=1 ttl=128 time=0.176 ms
64 bytes from magnesium.localdomain (10.0.0.12): icmp_seq=2 ttl=128 time=0.634 ms
64 bytes from magnesium.localdomain (10.0.0.12): icmp_seq=3 ttl=128 time=0.685 ms
64 bytes from magnesium.localdomain (10.0.0.12): icmp_seq=4 ttl=128 time=0.263 ms

--- magnesium.localdomain ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.176/0.439/0.685/0.223 ms
[root@beryllium ~]# nslookup magnesium
Server:         10.0.0.6
Address:        10.0.0.6#53

Name:   magnesium.localdomain
Address: 10.0.0.12

UPDATE 3

I stopped the Windows DNS client on my Windows 7 machine with net stop dnscache and it is now working fine. It would be nice to get DNS working with the DNS client on, but I might be OK without it, what do you think?

Answer 1

option 1: configure your dhcp server to provide the DNS suffix information (dhcp option 015) option 2: on the windows client configure the ipV4 protocol: - select advanced - DNS - and set the the "dns-suffix for this connection" to your local suffix

Answer 2

If you open a command prompt window (cmd) and type ipconfig /all you may see a "connection specific DNS suffix" and " DNS Suffix Search List" which have been obtained from a DHCP server (e.g. your Internet router) and is appended to any unqualified name when performing DNS lookups.

You will also see "DNS servers", again provided by DHCP.

The built in nslookup will also show this.

If any of these are wrong, it suggests your DHCP server isn't sending the info it should (I once added a router for a second ADSL line and forgot to disable DHCP in the old router)

However if it doesn't get an acceptable answer from DNS, Windows then tries NetBIOS Name Services.

Using a network sniffer such as WireShark can make it clear what DNS queries are being sent, with what suffixes and to which DNS servers.

Answer 3

It would be nice to get DNS working with the DNS client on, but I might be OK without it, what do you think?

The DNS client default is ON in order to maintain backward compatibility with systems that do not have complete DNS visibility, particularly domain systems that do not have complete DNS visibility before logon -- making it impossible to find the authentication server. If you can login to Windows with the client turned off, it doesn't need to be on.

However, the DNScache service may have some poorly described features on Win7. In particular, I'm not sure about it's relationship to DNSSEC and to DNS registration. Testing registration is easy: is your workstation registered in DNS? Does it need to be? You can test if you are using DNSSEC using free web tools.