1

We have two zones on our DNS-server:

domain.com

domain.local

domain.com is publicly available and has sites and services on it, and resolves to 88.88.88.88

88.88.88.88 is a public IP for our NAT network 10.0.0.0

web-server which serves domain.com has an IP 10.0.0.2

In domain.local we have A-entry domain.com.domain.local, so we could access sites and services from inside by 10.0.0.2

In Linux it's very easy to setup with a ndots option:

root@server ~ $ cat /etc/resolv.conf
search domain.local
nameserver *ournameserver*
options ndots:3

root@server ~ $ nslookup domain.com
Server:         *ournameserver*
Address:        *ournameserver*#53

Name:   domain.com.domain.local
Address: 10.0.0.2

root@server ~ $ ping domain.com
PING domain.com.domain.local (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2 (10.0.0.2): icmp_seq=1 ttl=64 time=0.244 ms

But in Windows it somehow fails to really use the suffix:

C:\Windows\system32>nslookup domain.com
Server:  ns1.domain.com
Address:  *ournameserver*

Name:     domain.com.domain.local
Address:  10.0.0.2

C:\Windows\system32>ping domain.com

Pinging domain.com [88.88.88.88] with 32 bytes of data:
Request timed out.

Is there any way to fix this?

P.s. pinging someserver.domain.local works fine.

apathyzen
  • 11
  • 3

1 Answers1

0

I think what you're looking for is "AppendToMultiLabelName".

https://getadmx.com/?Category=Windows_7_2008R2&Policy=Microsoft.Policies.DNSClient::DNS_AppendToMultiLabelName

Also, please note that nslookup (under both Windows and UNIX) doesn't exercise the OS's stub resolver, so can often give different results. Best to not rely on the results of nsupdate. Use "ping" instead.

jezzaaaa
  • 66
  • 4
  • _If you enable this setting, suffixes are allowed to be appended to an unqualified multi-label name, if the original name query fails._ The point is that the original name query doesn't fail. Our domain.com exists and resolves. – apathyzen Jun 26 '20 at 09:03