Windows using the DNS suffix search list on all lookups, even valid FQDNs. How to stop this?

Question

When doing DNS lookups (specifically using nslookup, for some reason most things are not effected) Windows XP Pro SP3 is using the DNS suffix search list for every single one. Even for fully qualified domain names. For example I lookup "www.microsoft.com" but windows actually asks for "www.microsoft.com.eondream.com" (eondream.com is my primary domain). Now I can fix the issue by removing the Primary DNS suffix, but it seems to me that the DNS suffix search list should be for short, invalid names (where dots=0 or something). I'm sure I have a misconfiguration somewhere in windows but I don't know where. I've changed every option I can think of or find.

Below is the output of ipconfig /all and nslookup (with debug & db2 enabled). This is using a static IP & (internal) DNS server.

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : frayedlogic
        Primary Dns Suffix  . . . . . . . : eondream.com
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : eondream.com

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
        Physical Address. . . . . . . . . : 00-1B-FC-29-EB-6B
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.13.32
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.13.13
        DNS Servers . . . . . . . . . . . : 192.168.19.19

C:\>nslookup
Default Server:  shardik.eondream.com
Address:  192.168.19.19

> set debug
> set db2
> www.microsoft.com
Server:  shardik.eondream.com
Address:  192.168.19.19

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        www.microsoft.com.eondream.com, type = A, class = IN
    ANSWERS:
    ->  www.microsoft.com.eondream.com
        internet address = 208.69.36.132
        ttl = 0 (0 secs)

------------
Non-authoritative answer:
Name:    www.microsoft.com.eondream.com
Address:  208.69.36.132

(Note: it resolves to that IP because I use the opendns service and that is their suggestion page or whatever you want to call it) If I am reading the nslookup output correctly then it is not a problem with my DNS server because windows is actually asking for the incorrect domain.

2 revs, 2 users 86% · Accepted Answer · 2018-04-14 15:48:16Z

Well, I'm no expert, but here's what I found:

This registry entry works for both Windows XP and Windows Vista

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"AppendToMultiLabelName"=dword:00000000

HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
Type = DWORD

Data:

0 (Do not Append Suffix)
1 (Append suffix)

If the registry entry is not present, the default in Windows XP is 1, and 0 in Windows Vista.

Note: This registry changes and its effect apply only to the ping command, they do not apply to the nslookup tool. This is because nslookup contains its own DNS resolver and does not rely on the resolver built into the operating system (DNS Client). The DNS (multi-label) query packets sent by the nslookup tool will append the domains listed in the suffix search order irrespective of the registry key settings mentioned here.

Reference: http://blogs.technet.com/networking/archive/2009/04/16/dns-client-name-resolution-behavior-in-windows-vista-vs-windows-xp.aspx

It doesn't affect nslookup, but it affects every program that uses DNS Client, which includes programs like your web browser. — RyanTM, Commented Jul 13, 2010 at 23:06

Jeff Mc · Accepted Answer · 2012-04-17 16:27:33Z

25

Sorry to revive a clearly old question, but it seems no one suggested the obvious answer of forcing a fqdn. Just use a trailing dot to force top level lookup. So in this example lookup www.microsoft.com..

answered Apr 17, 2012 at 16:27

Jeff Mc

4235 silver badges7 bronze badges

8

It’s not really “forcing”. A FQDN ends with a period. The end. Every other format is not a FQDN. www.example.com is only partially qualified.
– Daniel B
Commented May 17, 2017 at 7:56
5

"Sorry to revive a clearly old question" -- Jeff, thank god you did! Never apologize for actually adding value to an apparently dormant topic, where time is clearly not an important dimension (compared to relevance, consistency, utility etc.)
– Sz.
Commented Mar 25, 2018 at 13:20

Add a comment |

I say Reinstate Monica · Accepted Answer · 2015-01-09 21:20:26Z

10

I had the same problem because my domain controller was installed as part of a domain and then removed from the domain. For instance domain cloud as subdomain for mydomain.com

Every DNS related action such as running nslookup resulted in an address with the suffix .mydomain.com being appended. For example, performing an nslookup of www.google.com showed up as www.google.com.mydomain.com.

To work around this:

Go to your network card's IP settings and click Advanced
On the DNS tab select Append these DNS suffixes (in order)
Add the two suffixes . and mydomain.com as shown here:
Click OK

This takes effect immediately and affects all NICs on the computer. This must be done for all domain computers.

edited Jan 9, 2015 at 21:20

I say Reinstate Monica

26.1k21 gold badges98 silver badges134 bronze badges

answered Nov 25, 2013 at 13:46

user276805

1011 silver badge2 bronze badges

This is exactly what had me chasing my tail for two hours. Somehow my employer's domain was showing up in the ipconfig /all "DNS Suffix Search List". Turns out, it was listed exactly where you illustrate above. I removed the entry and changed the radio button to "Append primary and connection specific DNS suffixes" and it stopped pinging my employer for every DNS query.
– Allen J
Commented Jun 15, 2018 at 1:57

Add a comment |

Stephen Rauch · Accepted Answer · 2017-05-17 06:52:14Z

5

It works as designed. Just append a dot at the end.

so for e.g.:

nslookup www.yahoo.com.

instead of

nslookup www.yahoo.com

then you'll get the result you probably want to see.

edited May 17, 2017 at 6:52

Stephen Rauch

3,18610 gold badges24 silver badges26 bronze badges

answered May 17, 2017 at 5:56

Benjamin Odenthal

511 silver badge1 bronze badge

1

Your answer is like a comment and OP has already accepted another answer
– Sam
Commented May 17, 2017 at 6:08
"OP has already accepted another answer" - that doesn't mean anything, this is not a competition. And OP has accepted the "wrong" answer, BTW. ("Wrong" in the sense of misleading: it has probably solved his problem, but for the wrong reason and narrative.)
– Sz.
Commented Mar 25, 2018 at 13:12

Add a comment |

ehosca · Accepted Answer · 2011-09-14 13:23:11Z

1

look to see if you have a domain name defined in your Router/Gateway. enter image description here

answered Sep 14, 2011 at 13:23

ehosca

1192 bronze badges

Add a comment |

Stack Exchange Network

Windows using the DNS suffix search list on all lookups, even valid FQDNs. How to stop this?

5 Answers 5

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
windows-xp
dns
.

Hot Network Questions

Windows using the DNS suffix search list on all lookups, even valid FQDNs. How to stop this?

5 Answers 5

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged windows-xpdns.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
windows-xp
dns
.