nslookup returns the right IP, ping still goes to the wrong ip

Ok, so here's the setup. Laptop is connected to our company VPN (Juniper Network Connect 7.2.0). There are two DNS Search suffix's (domain1.com, domain2.local). From that laptop, while connected, nslookup polls the correct DNS server, returns the right IP. Pinging the IP works fine. Pinging the FQDN works fine. Pinging the unqualified domain name appears to be both using the hostname.domain.com suffix (even though that doesn't exist), and appears to be using the results from the local DNS server rather than the VPN DNS server.

More detail:

c:\> nslookup hostname
Server: hostname.domain2.local
Address: 10.0.0.10

Non-authoritative answer:
Name: hostname.domain2.local
Address: 10.0.0.10

c:\> nslookup hostname.domain2.local
Server: hostname.domain2.local
Address: 10.0.0.10

Non-authoritative answer:
Name: hostname.domain2.local
Address: 10.0.0.10

C:\> ping hostname

Pinging hostname.domain1.com [EXTERNAL/WRONG_IP] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for EXTERNAL/WRONG_IP:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\> ping hostname.domain2.local

Pinging hostname.domain2.local [10.0.0.10] with 32 bytes of data:
Reply from 10.0.0.10: bytes=32 time=50ms TTL=128
Reply from 10.0.0.10: bytes=32 time=50ms TTL=128
Reply from 10.0.0.10: bytes=32 time=47ms TTL=128
Reply from 10.0.0.10: bytes=32 time=50ms TTL=128

Ping statistics for 10.0.0.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 50ms, Average = 49ms

So here's what I've tried so far:

  1. ipconfig /flushdns
  2. netsh int ip reset all
  3. Verified that the network adapters are in the right priority order in the advanced settings
  4. Verified that the TCP/IP routes are correct
  5. Verified that the hostname isn't in the hosts file.

So... does anyone know why it still seems to be using the wrong DNS server?


Couple of possible things.

Try a route print and make sure that you don't have any static route in place which could be causing this.

Are you sure that "ping hostname" is being resolved by DNS and not WINS? If you can fully wualify and get a good result, but get a fail on shortname, it may well be a bad WINS record. Check your wins server and remove/correct any wrong records. also run NBTSTAT -RR on your mahcine

Check and adjust your DNS search order (covered in comments already by the looks of it)

Check you dont have a rogue HOSTS / LMHOSTS entry on your machine.


There is a difference between name resolution by nslookup and name resolution by Windows networking API used by almost every app.

Standard name resolution process in Windows is in the following order:

  1. Check against local computer's name
  2. HOSTS file
  3. DNS, local cache
  4. DNS, DNS servers in the order of precedence
  5. WINS servers
  6. NetBIOS over TCP/IP (NetBT) broadcast

nslookup, however, is different in that:

  1. It confines itself to registered DNS servers only.
  2. It does not confine itself to full FQDN; it might find partial ones and then tell you that it has done so. Other apps may either assume hostname is a full FQDN or attempt to add Primary DNS Suffix (defined by SystemPropertiesComputerName.exe) and Connection-Specific DNS Suffixes before resolving.

You can use Wireshark (a free third-party diagnostics app) to find out from where ping resolves your hostname.