Hello DNS Experts:
I am trying to get broader confirmation for something that I have tested on a couple of platforms, and for which the online documentation seems to be either somewhat vague or in error. Perhaps someone can correct me if this assumption is incorrect.
I have tested this on Windows XP with SP2, and on Vista, and have concluded that 'ping <name>' uses the hosts file even when the DNS Client service ('dnscache') is not running. If someone can definitively prove this to be false, that would be sufficient as an answer.
Otherwise, what I am looking for is either:
a) is the behavior different for Windows Server 2003, Windows Server 2008 or for XP or Vista with a different service pack level? I.e. - show me a case where name resolution *does not* use the hosts file when the DNS Client service is stopped.
b) Is there some registry setting or other condition on the DNS client that would prevent the DNS APIs from using the hosts file when dnscache is not running?
I am making the assumption that ping relies on the standard DNS resolution process for <name>, and that this implies that the DNS APIs are used. I am only in interested in the case where NetBIOS name resolution is not a factor - i.e. a FQDN is used.
I am familiar with the following articles, which either do not address the question directly or seem to imply the opposite - that the hosts file is not used when the dnscache service is not running:
TCP/IP Fundamentals for Microsoft Windows - Chapter 7 - Host Name Resolution:
"How DNS query works" (Windows Server 2003) http://technet2.microsoft.com/windowsserver/en/library/0bcd97e6-b75d-48ce-83ca-bf470573ebdc1033.mspx?mfr=true
I did the following test to arrive at the conclusion that the query for <name> *can succeed* even when the DNS Client service is stopped (where <name> is an FQDN and there is not a valid local DNS server setting).
Platform/environment: Windows XP, Service Pack 2
// Start with a machine that has a hosts file with no user-defined entries. In a command window do the following (not all steps are essential)
type hosts // verify that it only contains the following entry:
ipconfig /flushdns // verify that it responds with "Successfully flushed the DNS Resolver Cache."
ping ns1.google.com // save the IPv4 address (22.214.171.124)
ping ns2.google.com // verify that this succeeds
ipconfig /displaydns // verify that there are A (Host) records for ns1.google.com and ns2.google.com
ipconfig /flushdns // (redundant)
net stop dnscache // verify that it responds with "The DNS Client service was stopped successfully."
// Now add the following entry to the hosts file ('notepad hosts') and save the file to its original location:
ipconfig /all // get the name of the relevant interface, e.g. "Local Area Connection"
netsh interface ip show dns "Local Area Connection"
// if it shows "DNS servers configured through DHCP:" do the following:
netsh interface ip set dns "Local Area Connection" static 126.96.36.199 // or use any IP that is not a valid DNS server address
// else // static, not dhcp
netsh interface ip delete dns "Local Area Connection" all
ipconfig /all // verify the DNS server setting
ping ns2.google.com // this should fail with "Ping request could not find host ns2.google.com. Please check the name and try again."
ping ns1.google.com // if this succeeds in resolving the name ("Pinging ns1.google.com ...) -->> ** THEN THE HOSTS FILE MUST HAVE BEEN USED **
// Test completed: restore local settings:
// Restore DNS server setting for "Local Area Connection"
netsh interface ip set dns "Local Area Connection" dhcp
// Start the DNS Client service
net start dnscache
// ** end of test **