At work I need to use a custom DNS search suffix list on my primary network adapter so that I can resolve hostnames on my primary Active Directory (AD) domain and so that I can resolve hostnames against a secondary AD domain that is also on my network.
While I have been running with a custom search suffix list for a few months now, I just found a small problem with the setup: when using the nslookup command to lookup up an IP address against an external source, the last DNS search suffix in the list was appended to everything I looked up. For example, if the suffixes in my list were a.org and b.net, my commands looked like this:
>nslookup Default Server: <local DNS server> Address: <local DNS server address> > server 4.2.2.2 Default Server: b.resolvers.Level3.net Address: 4.2.2.2 > google.com Server: b.resolvers.Level3.net Address: 4.2.2.2 *** b.resolvers.Level3.net can't find google.com.b.net : Non-existant domain >
I had no idea why the .b.net kept appending itself to the results. Eventually, after doing some research, I found that this was “normal” with the nslookup command in Windows and in order to get around it, I’d need to add a period (.) to the end of the request. For example:
>nslookup Default Server: <local DNS server> Address: <local DNS server address> > server 4.2.2.2 Default Server: b.resolvers.Level3.net Address: 4.2.2.2 > google.com. Server: b.resolvers.Level3.net Address: 4.2.2.2 Non-authoritative answer: Name: google.com Addresses: 74.125.236.1 74.125.236.9 ... >
Mystery solved! I can use nslookup again to resolve against an external DNS server if I end the request with a period. Also to note, that technically a fully-qualified domain name (FQDN) ends in a period anyways – it’s just usually assumed.