2

I have a Windows XP machine that refuses to connect to one of my servers no matter what I've tried. It points to a null IP address (not the correct IP) and HTML-get as well as ping and tracert all aim at the wrong address.

Of course I flushed the DNS cache with ipconfig /flushdns, and even restarted the dns cache service and rebooted a few times.

And yes, I added the NegativeCacheTime set to 0.

Also, I checked C:\WINDOWS\system32\drivers\etc\hosts, and there are no entries in it except for localhost.

All the other machines on my LAN get the right IP, but this one XP-box seems to have some kind of evil stealth DNS.

It's driving me batty; what can be causing this?

Community
  • 1
Brock Adams
  • 2,140
  • 4
  • 24
  • 33
  • 2
    Try `nslookup ` and see what it responds. It'll tell you exactly which DNS server is being used. – Darth Android Jan 28 '13 at 22:12
  • Did you also check for an active [`LMHOSTS` file](http://en.wikipedia.org/wiki/LMHOSTS)? – Ƭᴇcʜιᴇ007 Jan 28 '13 at 22:17
  • @DarthAndroid, it came back `resolver1.opendns.com` `208.67.222.222` -- which seems right. OpenDNS is supposed to be good, isn't it? Cross checking, I see that at least 2 of the other win boxes were hijacked to use Comodo DNS (not authorized). – Brock Adams Jan 28 '13 at 22:18
  • @techie007, No. Thanks for the reminder. However, it had no uncommented entries. – Brock Adams Jan 28 '13 at 22:19
  • If the server is outside, and you're depending on external DNs, it may just take a while for it to update. Perhaps try `nslookup 8.8.8.8` to check with Google's DNS, and perhaps use it again to check against your hosting company's DNS (assuming you have hosted DNS)? – Ƭᴇcʜιᴇ007 Jan 28 '13 at 22:21
  • @techie007: The Win XP box reports that it's using OpenDNS (like they all should), I just checked with [OpenDNS' "CacheCheck"](http://www.opendns.com/support/cache/) and it reports the right IP for the domain. – Brock Adams Jan 28 '13 at 22:26
  • And, now, everything's working at last. I can only conclude that OpenDNS was very late in updating its cache. And that it was dumb luck that Comodo hijacked the DNS on the other win boxes, and that Comodo is apparently better at updates than OpenDNS? – Brock Adams Jan 28 '13 at 22:30
  • @DarthAndroid, if you want to make your comment an answer, I will accept it, since it led to the correct solution (Check your DNS provider's cache tool, if they have one, and make sure all machines are using the same, bestest DNS provider (which does not appear to be OpenDNS anymore).) – Brock Adams Jan 28 '13 at 22:32
  • @BrockAdams Done. Also, I stopped using OpenDNS a while ago when they started hijacking `NXDOMAIN` to return a search page. – Darth Android Jan 28 '13 at 23:25

1 Answers1

3

If you've rebooted the system and checked your hosts file, then there's a good chance that:

  • The domain's IP has been changed, and the DNS server that your computer is using is stale (it can be up to 8 hours or longer depending on cache timeouts)

  • Your computer could be using the wrong DNS server. You can check how your computer is resolving an IP from the DNS server with the nslookup utility. If you open a command prompt and type nslookup <hostname>, then it will print out the name / IP of the DNS server, and then the server's response for <hostname> lookup. You can check other DNS servers easily with nslookup <hostname> <dnsserver> to compare results. I like to use 8.8.8.8 and 8.8.4.4 (Google's Public DNS servers) as a good baseline.

  • Finally, many DNS services will let you check or refresh their cache. For example, OpenDNs has a "CacheCheck" utility.

Brock Adams
  • 2,140
  • 4
  • 24
  • 33
Darth Android
  • 37,872
  • 5
  • 94
  • 112