DNS Resolution Failure in Windows: nslookup Works But Ping Can’t Resolve Hostname


4 views

Recently, I encountered an interesting DNS resolution issue where users on Windows 7 couldn't access our internal server windows.cs while nslookup correctly returned the IP address. The symptoms were:

  • Ping command returned "Ping request could not find host windows.cs"
  • DNS cache showed windows.cs - Name does not exist
  • nslookup windows.cs returned correct IP from our internal DNS

Windows uses a specific DNS resolution order that differs from nslookup:

1. Checks local DNS cache (even after flush shows negative cache)
2. Attempts resolution through all configured DNS servers in order
3. May skip internal DNS if previous queries timeout
4. Uses different query methods than nslookup

Here's how I diagnosed and fixed the issue:

  1. Verify DNS settings: 
    ipconfig /all | find "DNS Servers"
  2. Check DNS suffix search list: 
    Get-DnsClientGlobalSettings | Select-Object SuffixSearchList
  3. Test DNS resolution with PowerShell: 
    Resolve-DnsName windows.cs -Server <your_dns_server_ip>

The issue stemmed from Windows' DNS client behavior:

  • Negative caching of failed queries (even after flush)
  • Timeout when querying primary DNS server
  • Fallback to ISP DNS which doesn't contain internal records
  • Missing DNS suffix configuration

Here are the working fixes we implemented:

1. Force proper DNS suffix search:

# PowerShell to add DNS suffix
Set-DnsClientGlobalSetting -SuffixSearchList @("corp.yourdomain.com","yourdomain.com")

2. Disable negative caching:

# Registry modification
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" \
-Name "MaxNegativeCacheTtl" -Value 0 -Type DWord

3. Adjust timeout settings:

# Adjust DNS query timeout
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" \
-Name "QueryTimeout" -Value 3000 -Type DWord

To avoid similar issues in the future:

  • Configure DHCP to only provide internal DNS servers
  • Implement proper DNS forwarding in internal DNS servers
  • Consider using Group Policy for DNS client settings
  • Monitor DNS server response times

Here's a PowerShell script to monitor DNS resolution:

function Test-DnsResolution {
    param (
        [string]$Hostname = "windows.cs",
        [int]$Timeout = 2000
    )
    
    try {
        $result = Resolve-DnsName $Hostname -ErrorAction Stop -DnsOnly -QuickTimeout
        Write-Host "SUCCESS: $Hostname resolves to $($result.IPAddress)"
        return $true
    }
    catch {
        Write-Warning "FAILED to resolve $Hostname"
        return $false
    }
}

# Run continuous monitoring
while ($true) {
    Test-DnsResolution
    Start-Sleep -Seconds 30
}

Here's what we observed in our Windows 7 environment:

C:\>ping windows.cs
Ping request could not find host windows.cs. Please check the name and try again.

C:\>ipconfig /displaydns | find "windows.cs"
windows.cs - Name does not exist

C:\>nslookup windows.cs
Server:  dns1.internal.example.com
Address:  192.168.1.10

Name:    windows.cs.internal.example.com
Address:  192.168.1.100

Windows uses a complex name resolution sequence that differs from nslookup's direct DNS query approach:

  1. Local hostname check
  2. DNS resolver cache (displayed with ipconfig /displaydns)
  3. DNS servers in order (primary, secondary, tertiary)
  4. NetBIOS name resolution (if enabled)
  5. LLMNR (Link-Local Multicast Name Resolution)

Here's a PowerShell script to test all resolution paths:

function Test-NameResolution {
    param([string]$Hostname)
    
    # Test DNS cache
    Write-Host "DNS Cache:"
    Get-DnsClientCache -Entry $Hostname -ErrorAction SilentlyContinue | Format-Table
    
    # Test direct DNS query
    Write-Host "nDirect DNS Query:"
    Resolve-DnsName $Hostname -ErrorAction SilentlyContinue
    
    # Test ping
    Write-Host "nPing Test:"
    Test-Connection $Hostname -Count 1 -ErrorAction SilentlyContinue
    
    # Test nslookup
    Write-Host "nNSLookup:"
    nslookup $Hostname 2>&1
}

In our case, we identified these contributing factors:

  • The DNS suffix search list wasn't properly configured
  • The tertiary (ISP) DNS server was responding with NXDOMAIN
  • Negative caching was preventing retries to primary DNS

Here are the steps that resolved our issue:

1. Modify DNS Suffix Search List

Using PowerShell:

Set-DnsClientGlobalSetting -SuffixSearchList @("internal.example.com", "cs.internal.example.com")

2. Disable Tertiary DNS Fallback

For our DHCP scope, we removed the ISP DNS as tertiary:

netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.1.10 primary
netsh interface ipv4 add dnsservers "Local Area Connection" 192.168.1.11 index=2

3. Adjust Negative Caching

Registry modification to reduce negative cache TTL:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"MaxNegativeCacheTtl"=dword:00000000
"NegativeCacheTime"=dword:00000000

After making these changes, verify with:

# Check DNS client settings
Get-DnsClient | Select-Object InterfaceAlias, ConnectionSpecificSuffix, SuffixSearchList

# Force DNS cache update
Resolve-DnsName windows.cs -CacheOnly -DnsOnly

For critical servers, consider adding to hosts file:

# Add to %SystemRoot%\System32\drivers\etc\hosts
192.168.1.100    windows.cs
192.168.1.100    windows.cs.internal.example.com