Wednesday, 21 May 2014 being added to my DNS queries from Windows 7

While waiting for a DNS record to update, I was using nslookup to see the TTL information and noticed something funny. While looking up, I saw that one of the queries is to, which seems weird since I am not part of a domain.

When I looked, is just a domain name registrar so this didn't seem right. After not finding much on Google, I eventually discovered that Windows has a built-in DNS search list. When you query dns records, it tags the entries from the list onto the end of the search string to try and resolve host names automatically.

For instance, if your domain was the same as your company name, you might have and if you attempt to lookup testserver, it will assume this means, That's all great but where did come from?

Well it appears that although this search list can and probably should be set centrally using Group policy, if you join a domain at any point, the domain is automatically added to the search list. In my case, I connected to a test domain at one point and guess what the default windows domain is called?!

This was ages ago and probably this means that a lot of DNS requests hit's nameservers from people like me.

More unusually, it can only be set in the Registry if you need to change it, it does not appear to be exposed via a GUI anywhere. The key is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList

And the value is a comma-delimited set of domain names to fully qualify any DNS requests. I have naturally removed from there!
Post a Comment