Windows 8.1, on my network at least, has a big problem with names. The most noticeable effect is that web browsers frequently cannot resolve site addresses. On the command-line the same problem affects
ping, but not
nslookup. In the immediate aftermath of running
ipconfig/flushdns everything works, but only for a few seconds.
The problem gets worse the more complex the name is: I have seen no problems with names which are simple A or AAAA records. Most of the failures I have noticed are CNAMEs for CNAMEs for CNAMEs for CNAMEs for A records for CDNs. I thought that perhaps my DNS server was not sending comprehensive answers (ie all results down to an address) in this scenario so I downloaded ISC
dig to check; I can see nothing wrong in the responses when I get a response.
If I use
dig -4 ... I get an immediate response with a reported query time of
16msec. If I use
dig -6 ... I get no response. If I use
dig ... I get a response after several seconds from my local IPv4 DNS server with a reported query time of
16msec. I therefore assumed that my local IPv6 nameserver was broken.
At this point I began disabling parts of the Windows networking stack which I don’t think I need: the
Teredo adapters were first against the wall. In the immediate aftermath of killing either one the problem was less severe, but I suspect this is because any network change does the equivalent of
ipconfig/flushdns as the problem soon resurfaces.
dig -6 ... @2001:... with its global address (as listed in the DNS servers list in
ipconfig/all) works, as does
dig -6 ... @fe80:... with its link-local address. This shifted my working assumption to the premise that Windows is not using the correct address for my IPv6 nameserver, although I could not see how because it shows correctly in
I then noticed that I had a virtual Ethernet interface used to give the Windows Phone “emulator” a connection to the Internet. That had three non-existent IPv6 addresses listed as its DNS servers, so I conjectured that they were being used for name resolution, failing, and on more-complex names a retry limit was being hit. I disabled IPv6 on that adapter, which cleared the bad DNS server records from my list but had no effect on the problem I am trying to solve.
At this point I am pretty-much stumped: there are only two name servers listed by ipconfig/all across all interfaces, and both of them work (for all valid addresses) when explicitly used with
dig ... @.... I do not understand why
dig -6 ... with no explicit server fails to connect to any server: as far as I can see it has a choice of one, and that one works.