5

I'm trying to do something I thought would be pretty simple.

Mapping local.mydomain.com to 192.168.0.1 using my registrar's DNS server.(namecheap.com)

I've added an A Record for local with value of 192.168.0.1

trying to lookup local.mydomain.com using websites like just-dnslookup.com returns the proper IP address. but trying to ping or nslookup in windows results in these errors.

Ping: Ping request could not find host local.mydomain.com. Please check the name and try again.

nslookup No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for local.mydomain.com.

Changing the IP address for the a record to a non-private IP (eg. 168.62.9.65) fixes the lookup issue.

I'm suspecting windows doesn't like the fact that a local IP is returned by the DNS server?

iCantSeeSharp
  • 115
  • 6
Keivan
  • 173
  • 1
  • 1
  • 6
  • Even though I'm late to the party: Try a different DNS server such as Cloudflare (1.1.1.1) or Google (8.8.8.8). Most seem to provide you with private IP ranges just fine, but especially some provider-managed DNS servers seem to not like it because of best practices etc. (see David Schwartz's answer for more details) – mozzbozz Apr 12 '22 at 06:46

1 Answers1

7

Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses. In particular, Internet service providers should take measures to prevent such leakage. -- RFC 1918

You are not supposed to be propogating DNS records with RFC 1918 addresses outside your enterprise. If you want to create an "internal" version of your DNS zone that contains internal addresses, that's fine (and that will work). But you are not supposed to use the Internet's DNS backbone to do it.

Community
  • 1
David Schwartz
  • 31,449
  • 2
  • 55
  • 84
  • 1
    I understand that RFC1918 addresses should not be published outside of internal networks. However, I am having a problem like this with my internal server (OpenWrt forwarding requests to Windows 2008 R2). What does the "internal type" in the error message mean? – jacobq Jan 26 '16 at 13:59
  • 1
    "Indirect references to such addresses should be contained within the enterprise. Prominent examples of such references are DNS Resource Records and other information referring to internal private addresses." - 'should' isn't "must not". It's simply the easiest solution for many use cases, e.g. when you want to obtain a valid Let's Encrypt certificate for your internal behind-VPN-services. Setting up your own DNS etc. is just overkill for it. – mozzbozz Apr 12 '22 at 06:44