DNS / Name Resolution Timeouts on Clients

Question

I have a home network and I'm using the Sopohs XG Firewall to try to secure my home network. It works very well, but I've noticed something fairly annoying for the past several months. When I navigate to a web page after turning on my PC, it takes a while and usually fails within a few seconds, then fires up and works fine (Windows 7). When I run nslookup with a standard web server on this machine it shows me this: 
 C:\>nslookup www.microsoft.com Server: sophos.localnet Address: 192.168.0.1 
 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name: e13678.dspb.akamaiedge.net Addresses: 2600:1409:12:488::356e 2600:1409:12:48a::356e 23.44.161.156 Aliases: www.microsoft.com www.microsoft.com-c-3.edgekey.net www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net 
 C:\>nslookup www.google.com Server: sophos.localnet Address: 192.168.0.1 
 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Non-authoritative answer: Name: www.google.com Addresses: 2607:f8b0:400a:807::2004 216.58.216.164 
 C:\> 
 
 Hunting through the knowledge base I found a couple of articles that seem related but I was unable to find anything helpful from them: 
 https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/84658/sophos-xg-as-internal-dns# 
 https://community.sophos.com/products/xg-firewall/f/initial-setup/97172/new-setup-xg-16-5---local-dns-name-resolution-not-working 
 
 I think this is why my web pages timeout on first try and then recover. Anyone have ideas on how to solve the timeout errors? 
 
 Thanks, 
 -Greg

bNaCl · Accepted Answer

This snippit from this URL describes it well: serverfault.com/.../dns-trailing-periods 
 The trailing dot tells the DNS server that this is a fully qualified name. The dot is the root of the DNS heirarchy. If you don't use the dot, the DNS server will assume that it's a record in the current zone and will append it for you. For example, if you have a CNAME in exmaple.com that points to host.example.org, when you query for that, you'll get host.example.org.example.com, which probably isn't what you wanted. 
 Basically, without the period it will look to the local DNS service on the XG first. Because the XG isn't designed to be a robust DNS server (and I don't think you want it to be), it just won't work the way you are describing. If you want name resolution on your internal networks you will need to run an internal DNS server (with forwarders to your external DNS services) and configure the XG to use it. 
 Hope this helps.