This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 79%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
I have several Windows 2016 domain controllers running DNS for my organisation. Each is configured with a forwarder to dns.google for non-local zones.
For the most part, they work fine. However we have seen a few cnames which dont resolve correctly. For example, if i look up this name directly to Google:
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: apimgmths10cnqewnmgfvdeygrdexzehvcirfy7xt7yak3gfht.cloudapp.net
Address: 13.66.39.44
Aliases: www.nuget.org
nugetprodusnc.azure-api.net
apimgmttm3csrht7lvztprufrqlzasbgohlgs9virtv24ewckt.trafficmanager.net
nugetprodusnc-southcentralus-01.regional.azure-api.net
This is a valid response. If one of my clients looks this up via my DNS server rather than Google, it receives:
Server: [10.20.1.1]
Address: 10.20.1.1
Non-authoritative answer:
Name: www.nuget.org
Only the alias is returned. Not the associated A records or IP address. Why might this be?
It turned out the cause was that someone in my organisation had mistakenly made a local zone for azure-api.net. With a local zone existing, our servers werent forwarding requests for machines in that zone - like www.nuget.org.
Firstly, if the record you are looking up is a CNAME it will always return the alias it is pointing to, not the IP. If you want to resolve the alias you would need to use a further nslookup on that.
Secondly, if your DNS server is resolving records incorrectly then I would suspect that something is configured incorrectly on that specific DNS server. Without seeing it it is difficult to know, but I would suspect that either someone has created a zone on that server for google.com that is pointing to the wrong place, or that the forwarders are setup incorrectly to go to a different server. The other option is that the machine you are querying from has local host records setup with these details.
From my experience, using nslookup or Resolve-DnsName utilities always replies with all applicable aliases, A records, and IP addresses.
This is further demonstrated if i change the DNS server for my client. When set to dns server 8.8.8.8, a ping to www.nuget.org is successful.
When i set my client's DNS server to be one of my internal DNS server, the ping fails.
ping www.nuget.org
Ping request could not find host www.nuget.org. Please check the name and try again.