DNS not resolving for windows OS only

Have a strange issue.

I have a tool that we are trying to hide behind a VPN.
I created a DNS entry in the VPN to resolve to the IP of the server running the tool.
Then created a CNAME in cloudflare to point to the VPN URL.

Let me put some sample values behind that.

URL we want to use https://expl-tool-test.example.io. (we own the domain and use cloudflare for dns resolution)
VPN DNS entry. expl-tool-test.network.vpn which points to the IP of the server.
CNAME in cloudflare: “exp-tool-test” expl-tool-test.nework.vpn

This setup works fine once the VPN client is connected. It works for mac OS, ubuntu.
Windows OS fails to resolve expl-tool-test.example.io

If I try expl-tool-test.nework.vpn from Windows that resolves, but the tool redirects back to the URL expl-tool-test.example.io, which breaks it again.

It seems as if Windows is failing to get the CNAME from cloudflare.

nslookup expl-tool-test.example.io
Server: unknown (on a mac this has an IP, same as the below IP)
Address: xxx.xx.x.xx (seems to find an IP, that matches the same command on a mac)

ping expl-tool-test.example.io
on mac, gives expl-tool-test.nework.vpn.
On Windows, not resolved.

I am able to browse the internet from the Windows box, the VPN does not restrict the internet in anyway. This works with no issue on mac, and ubuntu.

Any ideas?

Just to be clear, it seems I propagated a typo.

I see expl-tool-test.nework.vpn. All those should be expl-tool-test.network.vpn

expl-tool-test.example.io does not resolve in public DNS.

cscharff@Chriss-Air-2 ~ % dig expl-tool-test.example.io.

; <<>> DiG 9.10.6 <<>> expl-tool-test.example.io.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24643
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;expl-tool-test.example.io.	IN	A

example.io.		1800	IN	SOA	ns1.digitalocean.com. hostmaster.example.io. 1554918770 10800 3600 604800 1800

;; Query time: 100 msec
;; WHEN: Mon Oct 09 21:07:54 EDT 2023
;; MSG SIZE  rcvd: 121

The parent domain is digital ocean, so if it is supposed to resolve in public DNS you should add an entry.

It would appear that the windows machine is not using your VPN DNS because that doesn’t resolve in public DNS.

DNS is DNS, if it doesn’t resolve on the Windows box it is getting it’s DNS answers elsewhere.

1 Like

I wasn’t sure if I should post the actual URLs here. But since you are running DIG, then I will gie my results.

I get the same result when I run from mac and windows.
dig cs-tools-test.touchplan.io

; <<>> DiG 9.10.6 <<>> cs-tools-test.touchplan.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6281
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;cs-tools-test.touchplan.io. IN A

cs-tools-test.touchplan.io. 1800 IN CNAME cs-tools-test.bap.vpn.

. 1800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023101000 1800 900 604800 86400

;; Query time: 21 msec
;; WHEN: Tue Oct 10 14:46:54 EDT 2023
;; MSG SIZE rcvd: 165