This is my blog. There are many like it, but this one is mine.


This past weekend, I had some time to kill, so I decided to augment my DHCP server with a little DNS. I had been using a dedicated DHCP server for a while, just for kicks (and for learning dhcpd). A few of my machines already had fixed addresses in the dhcpd.conf for ease of access, so I thought the next step would be to add DNS entries. After all, nothing says awesome like typing “ssh laptop” and it working.

Fortunately, bind9’s default configuration (on Debian) forwards DNS requests for non-authoritative zones by default, so fifteen-minutes and a few whiskey sours later (if you can understand that config file format without a few drinks in you, you’re amazing), I had the configuration worked out and was resolving local network host names like a pro. I ssh’d into all of my servers, and life was good.

Until I booted Windows.

Ugh. What is going on?

I fired up nslookup and typed in “redbase”. It couldn’t find the IP address. Remembering what little I know about FQDN’s, I then tried “redbase.” (with the period). Sure enough, it worked.

This is kind of strange since “ping redbase” and “nslookup redbase” worked in Linux, without the dot. Well, ipconfig says that my connection-specific DNS suffix is example.org (lol). On a hunch, I fired up Wireshark.

Well, lookey here...

Sure enough, “nslookup redbase” causes Windows to try and resolve redbase.example.org. Maybe this is a good thing, I don’t know. From what I read online, the desired behavior is for a client to try “redbase.” first, then try “redbase.example.org.”. I guess Windows assumes that there won’t be any single-label DNS entries, although there doesn’t appear to be a rule against them. Typical nonstandard behavior. There’s a group policy behavior called “Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries” (could that name be any longer?) that allows you to disable appending the connection-specific DNS, but I’m running Home Premium, so I don’t have Group Policy Editor. Figures. I found this awesome site that converts group policies to registry keys; in this case, the key is “HKLM\Software\Policies\Microsoft\Windows NT\DNSClient” (UseDomainNameDevolution: DWORD). There’s only one problem: it doesn’t work. I chalked this up as caused by Home Premium as well.

So, for my final straw, I opened up dhcpd.conf and changed the connection-specific DNS from “example.org” to “.”. I renewed my DHCP, and sure enough…

Yes. Finally. Now, a final ping to put the nail in the coffin.

What? WHAT?!?! No. What is this, I don’t even. Go go Wireshark!

Okay, so apparently ping, my web browser, and practically everything else only tries to resolve a LLMNR request. It doesn’t even try DNS! What the heck is up with that?

Interestingly enough, though, while msys SSH didn’t work at all when my suffix was example.org, it’s totally working now for “redbase”, even without the period. What the heck.

Windows can’t DNS. Well.


I'm a programmer. I also enjoy reverse-engineering and I'm focused on information security. Hobbies include but are not limited to video games, laser tag, hardware hacking, comics, and Futurama. I live in the internet.



RSS Feeds