4

I've read a lot of the threads on this but none seem to explain or fix my problem.

I'm setting up a simple home LAN: router, clients, no AD and no DNS servers. The router config requires a "Host" and "domain" to be given but seems to do nothing with them. It also runs an DHCPd server for the Windows 7 LAN clients. The DHCPd config can have also custom dhcpd.conf options added, but right now there aren't any. The LAN clients are on wired ethernet, the LAN is treated as a public network, they get an IP from the router's DHCP service and they all have fixed (manually set) public DNS server IPs rather than DHCP.

Generally it works fine, but two PCs that run Acrylic DNS Proxy, a simple and well-known Windows DNS proxy are giving me a problem I don't know how to fix. Acrylic runs on the client PC itself. You set the network connection's DNS server to 127.0.0.1 and it black/whitelists specified regex domains and returns fixed results for these, and forwards all other lookup requests to a user-entered list of DNS servers, caching and returning the results to the calling program when received. It doesn't do anything else.

Mostly this works exactly as it should - transparently. most things are working. But a number of lookups fail unexpectedly and/or show odd requests incoming into Acrylic as well. The problems seem to be caused by DNS/domain suffixing issues in Windows - it's asking for the wrong domain to be resolved and despite checking as mentioned in other threads, I'm getting nowhere.

Examples of what I'm seeing:

I enter "nslookup microsoft.com" in a command prompt; Acrylic log shows an attempt to resolve "microsoft.com.homedomain" was also sent to an external DNS server. Typing "msfn.org" into my browser pulls up google search on msfn.org (says it couldn't resolve the text to a web site) but then it seems to have notrouble resoolving google. Acrylic's log shows requests for "msfn.org.homedomain" and I can't find any reason Windows 7 is firing off a lookup for domains like these with a DNS suffix added, to a public DNS server, or why it's not looking for the correct domain.

ipconfig relevant output:

Windows IP Configuration
  Host Name . . . . . . . . . . . . : (PCs name)
  Primary Dns Suffix  . . . . . . . : (Empty)
  Node Type . . . . . . . . . . . . : Mixed
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : homedomain

Ethernet adapter Local Area COnnection:
  Connection-specific DNS Suffix  . : homedomain

nslookup relevant output:

nslookup microsoft.com
Server:  localhost
Address:  127.0.0.1

Name:    microsoft.com.homedomain
Addresses:  127.0.0.1 (my own fixed response for any *.homedomain domain DNS request)
          127.0.0.1

But why is Windows asking it to resolve this incorrect domain in the first place and not the one I entered?

Diagnostics I have tried:

  1. When I change the domain name on the router main settings, the ipconfig/all output and lookup log follows the changes. That suggests Windows is at some point deriving the suffix dynamically from the router or DHCP, not from stale registry data etc. (Router will not let this field be empty)
  2. The adapter settings are completely normal (ordinary Win7 network) - IP is automatic, DNS is 127.0.0.1 and under advanced->DNS all DNS suffix fields are at default (ie none have ever had values for a suffix entered). As an experiment I have enabled and disabled "append parent suffixes" and "register this connections addresses in DNS" and rebooted, no effect.
  3. I also checked System control panel->Network ID and can't see any reference to "homedomain" there (not sure what else it should show)

I don't know what else to do, so I'd appreciate help to nail this one.

@Milli: Reply and more info:

The exact log entries are:

F   microsoft.com.homedomain
4.2.2.2 R   ?=000081830001000000010000
F   microsoft.com.homedomain
195.74.102.147  R   ?=000085830001000000010000
F   microsoft.com
4.2.2.2 R   Q=microsoft.com;A=microsoft.com>201.58.55.65;A=microsoft.com>37.11.4.64
F   microsoft.com
4.2.2.2 R   ?=000081800001000000010000

where "F" is a request received and forwarded to a public server, and R is the received response and public server's IP. So it looks like it's asking for the domain-suffixed names first even though "Microsoft.com" isn't a "one-word" name and is a perfectly normal public domain.

Connection-specific DNS is clear, always has been. I could recheck this in the registry if I knew where to look. No experience in AD or DNS suffixes, relevant to identifying if this is or isn't weird behaviour triggering in Microsoft's DNS handling, or to eliminate other possibilities.

Improve this question

1 Answer 1

Reset to default
0

This is odd. Is the Win 7 box asking for microsoft.com first when you try ping microsoft.com? If not, I would try clearing the connection-specific DNS suffix in the interface settings and see if the problem clears up. There might be something weird being triggered with the so-called DNS devolution behavior change that was made. See this MS technet article on the subject.

Improve this answer
1
  • The only suggest I have is to try something like homedomain.local as your and see if this behavior stops.
    – milli
    Commented Feb 23, 2014 at 8:05

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .