We recently encountered a problem where our Windows 10 computers with Extended Security Updates (ESUs) are unable to resolve DNS. This issue began yesterday at around 5 PM. Although the computers can ping IP addresses without any problem, they cannot connect to Zscaler due to DNS resolution errors. We've tried setting static IP addresses, but the issue persists. Has anyone experienced a similar problem or know how to troubleshoot this?
3 Answers
Make sure you're checking the correct DNS servers. It sounds like your internal DNS servers might be fine since you mentioned Windows 11 machines are still working. Try using the nslookup command in the command prompt to see if you're able to reach the DNS server directly and get a response.
First off, it’s important to determine whether the DNS issue lies with the server or the clients. You might want to check if port 53 is open and responding from any affected clients. It’s also useful to see if the problem occurs with only internal DNS addresses, external ones, or both. Taking a look at the DNS server logs could provide some insights; enabling query logging might help you catch any errors.
You should also consider what recent changes were made, especially if an ESU was applied yesterday. There’s a specific update (KB5034439) that modifies the DNS settings by enabling DNS over HTTPS on domain PCs. You can manage this by either pushing a Group Policy Preference to set the DoHPolicy to 0 or manually disabling DNS over HTTPS in the Edge settings.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures