-1

When running nslookup google.com in cmd on my corporate laptop I get nxdomain but how come does the page open then in my web browser? Can anyone please explain? Thank you.

cyzczy
  • 149
  • 1
  • 10
  • What happens if you query for **www.google.com.** with nslookup? (note the trailing dot). – joeqwerty Feb 18 '18 at 14:57
  • Hmm not sure but would it make any difference? I will test it anyway and update. – cyzczy Feb 18 '18 at 16:19
  • It might. It would tell us whether or not DNS devolution is disabled. An nslookpu query without the trailing . is an unqualified query and DNS devolution is then used to resolve the query. An nslookup with a trailing . is a fully qualified query for which DNS devolution isn't performed. If the query with the trailing . succeeds then that would tell us that DNS devolution is disabled and that would explain why you're getting the results you're getting with nslookup. – joeqwerty Feb 18 '18 at 16:37

1 Answers1

1

The reason that nslookup doesn't work could be that it is a specially crafted version of nslookup. Another more likely explanation is that the network and/or DNS server is configured to forge DNS responses. Software installed on the laptop itself may facilitate this forging of DNS responses.

One possible reasons the browser works when nslookup doesn't is that the browser is using a proxy. Another possible reason is that browsers will usually use IPv6 by default if it is available but nslookup will by default look up A records. It may be that the forging only happens for A records and not for AAAA records.

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • Thank you. In fact we use a proxy server. Does then the proxy the name resolution? – cyzczy Feb 18 '18 at 10:06
  • 1
    @adam86 If it is an HTTP proxy then the proxy will do the DNS resolution. If it is a SOCKS proxy it depends on client configuration which side will do the DNS resolution. It is generally best to let the proxy do the DNS resolution, but many SOCKS clients will do DNS resolution by themselves by default. – kasperd Feb 18 '18 at 10:07
  • Thank you. I see. But is it then that the proxy is using internal DNS service like MS DNS or is it just one of few options? I mean the proxy fqdn has to be also resolved to an IP before we can connect to it but on the other hand i've just verified and the proxy fqdn can be resolved with nslookup in cmd. So can it be that each query hits the internal DNS server and for not authoritative queries the DNS server uses the proxy as a forwarder ? – cyzczy Feb 18 '18 at 12:21
  • @adam86 How could I possibly know how that proxy is configured? If I was responsible for the proxy there would be no Microsoft software on it. And in order to know what happens on the network you'd need to look at a packet capture of the network traffic. – kasperd Feb 18 '18 at 12:29