Windows Troubleshooting – Why Is Windows Ignoring DNS?

Home > Blogs > Windows 7 > Windows Troubleshooting – Why Is Windows Ignoring DNS?

Windows Troubleshooting – Why Is Windows Ignoring DNS?

Like This Blog 1 Mike Danseglio
Added by June 18, 2014

I’ve published a number of articles on following a simple and straightforward troubleshooting methodology. I advocate a simple and focused approach shown in Figure 1. You can see that symptom identification is the first step, followed by root cause analysis and problem resolution.

Figure 1. MikeDan’s Quick and Dirty Troubleshooting Methodology.

There’s lots of great tools built right in to Windows that will actually help when narrowing down network communications problems. In this case, there’s a Windows feature that can cause DNS to be ignored. And it can occur on any current version of Windows including Windows 7, Windows XP, Windows Server 2008, Windows 8, and Windows Server 2012.

Windows Name Resolution

Windows has several ways to turn a friendly name into an IP address. In almost all modern networks, the primary method is via the Domain Name System (DNS). But other, less common, methods are built into Windows. They include, in no particular order:

  • HOSTS file
  • LMHOSTS file
  • Windows Internet Name Service (WINS)
  • Link Local Multicast Name Resolution (LLMNR)
  • NetBIOS over TCP/IP (NetBT)

Only one of these can be used at a time, and Windows stops searching when it successfully resolves a name to an IP address.

Name Resolution Methods and Order

The methods that Windows uses for name resolution, and the order those methods are invoked in, are controlled by the Windows Node Type. Node Type is easily displayed with the all-too-common ipconfig/all command.

Part of a TCP/IP configuration from ipconfig/all is shown here with Node Type highlighted:

001-Windows-Troubleshooting–Why-Is-Windows-Ignoring-DNS

With this configuration, the Peer-Peer Node Type is the problem.

Why Is The Peer-Peer Node Type The Problem?

Basically, the Peer-Peer Node Type uses WINS for name resolution. And it only uses WINS. If you have a DNS server configured, Peer-Peer effectively ignores it. Peer-Peer also ignores HOSTS files and all other forms of name resolution.

This behavior makes it difficult to pinpoint as a root cause. For example, you can use NSLookup to resolve a hostname on a Peer-Peer node and it will resolve correctly. However, attempting to reach the host via UNC path will result in an error.

How Do You Fix Peer-Peer Node Type?

Fixing this problem is fairly easy. Here’s how you do it:
1. Run the Registry Editor (Regedit.exe)

2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT \Parameters

3. Delete the two values (if only one is there, delete that one):

  • DhcpNodeType
  • NodeType

4. Reboot the computer

Deleting the node type and rebooting the computer forces Windows to reevaluate name resolution. If your DHCP server is providing a DNS entry, it should switch the node type to one that supports DNS resolution

Enjoy!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor

Videos You May Like

Subnetting a TCP/IP Network using the Magic Box Method

0 1662 5

See our class schedule for complete Course Schedule Training. Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™. Instructor: Rick Trader  Video Transcription: One of the things that we might have to do in our corporate network is to take a class of IP addresses and then subnet that into … Continue reading Subnetting a TCP/IP Network using the Magic Box Method

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1483 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Harvey

    Didn’t fixfor me – W10 machine. Deleted both values. Machine still on peer to peer. Still struggling to resolve anything via DNS

Share your thoughts...

Please fill out the comment form below to post a reply.