Windows 10 cannot resolve its own domain externally RRS feed

  • Question

  • Hello all! 

    I've got a Windows 10 Enterprise workstation that is joined to our domain. Everything is working as to be expected and all internal and external dns entries resolve as you'd expect.

    If I take the machine out of a direct connection (wired, WiFi, VPN) with the domain, it is able to resolve all dns entries -except- our domain. This only affects this laptop, all other devices can resolve externally. We cannot use Directaccess with the machine, as it can't resolve the Directaccess hostname. Using a 3rd party VPN client using NAT transversal or by using a second domain (because VPN.ourdomain won't resolve, of course) the laptop can VPN back in and all .ourdomain entries resolve again. 

    Reboots, updates, dnsflushes, reinstalling the NIC, disabling IP6, different external networks don't make a difference.

    Manually adding hostname.ourdomain and as host file entries pointing to the same IP, results in resolving, but hostname.ourdomain does not. There are various VPN clients enabled, but not a specific one for our domain. All NICs are disconnected other than Wifi and there aren't any IP range conflicts. The system event log has DNS update failures (8020) and other errors as a result of not being on the home domain, but nothing particularly relevant in System or Application. Manual ping requests to our IPs respond as you'd expect. This is just name resolution.

    I am stumped by this one and even finding a relevant Google search is hard. I'm guessing it's something strange with security? Has anyone ever seen a problem like this? 

    Thursday, March 15, 2018 12:32 AM

All replies

  • Hi Lyfe,

    What if other devices connected the same network?Can you ping domain with IP address under that network? What‘s exact error message when you ping that domain hostname?

    Please turn off all security software include Firewall to check the result again.

    And then according to the different error messages when you query that domain to follow this guide to troubleshoot:

    Diagnosing Name Resolution Problems

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, March 16, 2018 6:09 AM
  • Hi Karen,

    Thanks for your response. In answer to your questions:

    • All other devices are fine. This is not a networking issue, it follows -this- specific laptop.
    • Yes, as mentioned, I can ping the IP associated with the domain, I just cant resolve one specific domain from this laptop.
    • When the machine cannot resolve the DNS entry, the error is the expected "Ping request could not find the host Please check the name and try again".
    • I'm not sure what you were hoping to prove with the firewall and "security software" checks, but disabling them makes no difference.
    • As mentioned, this is not a domain/network/DNS server problem. This is something related to the laptop itself.
    Tuesday, March 20, 2018 6:13 AM
  • As mentioned, this is not a domain/network/DNS server problem.

    Sounds like it.  E.g. that troubleshooting page that Karen showed you mentions testing for a recursion case, which sure sounds likely.  The troubleshooter doesn't mention it but you could also use the nslookup  set debug and set d2 subcommands if necessary.

    Robert Aldwinckle

    Tuesday, March 20, 2018 11:06 PM