WIndows 7 Pro using external DNS server records... PERIOD

I purchased my boss a replacement workstation from micro center and it came piled on with bloatware.  I instantly uninstalled the AV that came with and noticed afterward, that all the DNS requests were being answered as if outside our firewall (public addresses).  I have a local fwd lookup zone ( with an 'A' host record "www" which points to our internal web server address set up on my local DNS server and it works fine for every computer in the company, except this one.  If I do an nslookup on the workstation and set the server to (our local DC/DNS), the query returns the public address and not the internal.  I've flushed cache, uninstalled and reinstalled nic software/driver...  

Anyone have any clues?  Something with security or trusts via DNS?

Anyway, something is horribly wrong and it's driving me insane.

I've searched through google and found nothing promising, so now I'm desperate...

WOrkstation OS is x64 win 7
DC OS is 2008 (not R2)

LVL 16
Chris HInfrastructure ManagerAsked:
Who is Participating?
footechConnect With a Mentor Commented:
Set up a network capture on both the workstation and DC (you can filter it to just DNS traffic between the machines), run the query, then stop the capture.  Make sure you append a dot to the FQDN (e.g. ""), that way it won't try to append any DNS suffixes.  If the DC capture shows its giving out the public IP, then the issue is not with the workstation.

Also, the machine should ONLY be using the internal DNS server on the NIC settings.
footechConnect With a Mentor Commented:
Check to make sure it's not using any proxy server (Internet Options > Connections > LAN Settings).
Also, in nslookup, does it have the right value for the default server?
Have you checked the HOSTS file?
web_trackerConnect With a Mentor Commented:
I would reimage the computer, maybe it some of the bloatware that is still messing up the system behind the scene, or maybe even malware/pups
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Chris HInfrastructure ManagerAuthor Commented:
@foo  Yes, yes and yes...  I even poisoned the hosts file trying to get the correct addresses, even with lmhosts hard coded/enabled in the registry, it still insists on our DC forwarding DNS requests...

@Web....  My boss is an a$$.  Imaging, re-installing, etc. are out of the question.  One file, setting or program doesn't make it over in a workstation migration and I'd rather quit than listen to him whine.  I know I can make it work re-imaging...  But, unfortunately in this circumstance, you will probably see me fired before that option is being considered.
Chris HInfrastructure ManagerAuthor Commented:
Chris HInfrastructure ManagerAuthor Commented:
FINALLY!  It was avast pro.  There is a feature in the 2015 AV Pro for secure DNS....

Disabling secure DNS bypassed, what I assume, was open DNS.  Kind of misleading considering the word pro assumes business and the fact the machine was installed on a domain.  A pop up notifying the user needs to be added to the product.  This was a complete nightmare to diagnose.  I run the same AV on my computer, but apparently have a different license....

Thanks for y'alls help.
I appreciate the points, but I think you should have accepted your own post as the solution.  I don't know if anything we contributed actually helped.  :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.