I was facing an issue. In windows when i do an nslookup for any site its adds my domain name to the site. So if i do an nslookup of www.yahoo.com it tries to search for www.yahoo.com.abc.com, where abc.com is my domain.
Now the surprising part is it seems to be getting an ip from my local DNS server (which is pfsense DNS resolver) . I am not sure how it is getting the ip, but what i read from the net is that there is a setting somewhere that can cause this.
Does anyone know where such a setting is and why it is returning an IP for a domain that does not exist.
Any ideas folks on what is the issue here ?
Ok so i have narrowed down the problem to a combination of Windows 10 behavior and PFSense–DNS Resolver.
Windows for some reason adds the domain name to the lookup value (even if the lookup value already has the domain name in it). So if my local domain name is abc.com and if i try to do nslookup of server1.abc.com, windows converts it to server1.abc.com.abc.com.
DNS Resolver on pfsense seems to have this weird behaviour that for any address which ends in the local domain name , if it cant find a dns resolution it blindly resolved it to 22.214.171.124. This i checked using PFSense → Diagnostics -->DNS Lookup. if i give it server1.abc.com it resolves correctly to the local ip address. If i give it server1.abc.com.abc.com it resolved it to 126.96.36.199, Infact if i give any junk value.abc.com it resolves it to 188.8.131.52
I guess if i can get DNS Resolver to modify its behaviour so that it return a “host could not be resolved” it would solve the problem. But the question is what setting in DNS Resolver is causing this behaviour