Troubleshooting corporate DNS

ck flag

I'm on a corporate network with various mysterious lockdowns including ZScaler

My current issue is that when I try to connect to (Azure SQL database) I see these symptoms:

From SSMS I get

No such host is known

Trying nslookup



Address: 10.x.x.x

Non-authoritative answer:


(note no IP address returned)

If I switch to a different non-corporate network I can connect fine.

I'm about to raise a ticket with the sausage factory to try and resolve but would appreciate some insight on what's going on here so I can discuss with a bit less ignorance. NSLookup doesn't return an IP address. Does that mean the DNS server is actively blocking this? Or something is misconfigured somewhere?

There is some info in server side setup here, but this seems like a client side issue.

Nick.McDermaid avatar
ck flag
Just a flyby downvote. Surely the question has sufficient explanation for someone to pose an answer... why doesn't nslookup give me an IP address?
Paul avatar
cn flag
"I'm about to raise a ticket with the sausage factory" - what does this mean?
Nick.McDermaid avatar
ck flag
To me it's a slightly derogatory term for IT support. Because I put my ticket in one end, it goes through the factory and gets mashed up and mistreated and I might get a good result out the other side.
captainmish avatar
cn flag
you still get correct answers for everything else right? Its not just this particular hostname thats not responding? If you know what your other resolvers are you could try setting nslookup to use those `nslookup 10.x.x.y`
setenforce 1 avatar
us flag
Did you setup conditionnal forwarding to some Microsoft domains on your AD DS resolver? Is `` in the list?
ph flag

I had this issue a few months ago and while I don't remember the exact details I know had to add a forwarder to either Azure DNS or Google DNS as the first forwarder on a server running 2008 R2. I want to say we originally had CloudFlare DNS configured as our sole forwarder. I’ve since taken the on premise servers to the farm or I’d go validate that answer for you.

You could test this if you don't have access the make changes to the DNS server by setting your primary DNS server to Azure DNS\Google DNS and secondary to your DC and flush the DNS cache on the machine, or just update the host file temporarily to provide your resolution for internal resources that server needs.

cn flag

Assuming its just thats not working, just show them what you've got with an identical, successful lookup on your other device. Here's one i made earlier:

Non-authoritative answer:        canonical name =    canonical name =

Its a bit wierd that you get no response, usually you'd get a response that'll direct you to a block page if its actively blocked.

nslookup {{another reachable dns server}} might give you different results - if so, its a forwarder issue like @michael-lindsay says.

Its probably blocked but, try some external dns servers too (, are good for testing) if you can.

I dont reckon there's much more that you can do apart from telling them you already turned it off and back on again, and then being nice to them and waiting on your ticket :)

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.