Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Vista will not resolve DNS

microsoft.public.windows.vista.networking sharing






Speedup My PC
Reply
  #1 (permalink)  
Old 02-23-2010
Kevin D. Goodknecht [MVP]
 

Posts: n/a
Vista will not resolve DNS
I've been pulling my hair out over this one. I suspect it may have had
malware infection, ran combofix, TrendMicro Sysclean, reset IPv4, disabled
IPv6, reset the Winsock, uninstalled Expired Norton 360, installed Microsoft
Security Essentials, tried it with the Firewall on and off, checked the
registry for as many Winsock Redirectors and firewalls I could think of. I
don't know of anything I've missed, I'm hoping someone here can think of
something.

I can ping IP Addresses, but cannot ping any name, not even localhost. The
DNSCache is caching names but it won't answer for application that resolves
names, Including IE, Google Chrome, Firefox, tracert, nothing!

It can browse the Internet with all installed browsers, if it uses my proxy
server, since the proxy resolves names for the browser, but if it depends on
the DNS Resolver Service it won't work. It is Vista basic that belongs to a
customer and is not a member of a domain.

I've posted pings, ipconfig /all, and net start below.

C:\Users\Test>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

C:\Users\Test>ping 192.168.201.1

Pinging 192.168.201.1 with 32 bytes of data:
Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
Reply from 192.168.201.1: bytes=32 time=1ms TTL=64

C:\Users\Test>ping localhost
Ping request could not find host localhost. Please check the name and try
again.


C:\Users\Test>ping www.yahoo.com
Ping request could not find host www.yahoo.com. Please check the name and
try ag
ain.

C:\Users\Test>tracert yahoo.com
Unable to resolve target system name yahoo.com.



Windows IP Configuration

Host Name . . . . . . . . . . . . : dana-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : office.wftx.us

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : office.wftx.us
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps
Ethernet #3
Physical Address. . . . . . . . . : 00-1D-72-B0-B7-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.201.152(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 23, 2010 1:51:27 PM
Lease Expires . . . . . . . . . . : Wednesday, February 24, 2010 2:27:51
PM
Default Gateway . . . . . . . . . : 192.168.201.1
DHCP Server . . . . . . . . . . . : 192.168.201.5
DNS Servers . . . . . . . . . . . : 192.168.201.5
192.168.201.15
192.168.201.13
192.168.201.25
Primary WINS Server . . . . . . . : 192.168.201.5
Secondary WINS Server . . . . . . : 192.168.201.13
192.168.201.15
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\Test>net start
These Windows services are started:

Agere Modem Call Progress Audio
Application Experience
Application Information
Background Intelligent Transfer Service
Base Filtering Engine
COM+ Event System
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
Group Policy Client
Human Interface Device Access
IKE and AuthIP IPsec Keying Modules
IP Helper
IPsec Policy Agent
KtmRm for Distributed Transaction Coordinator
Microsoft Antimalware Service
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
NVIDIA Display Driver Service
Plug and Play
Portable Device Enumerator Service
Program Compatibility Assistant Service
ReadyBoost
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Licensing
SSDP Discovery
Superfetch
System Event Notification Service
Tablet PC Input Service
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
UPnP Device Host
User Profile Service
VNC Server Version 4
WebClient
Windows Audio
Windows Audio Endpoint Builder
Windows Driver Foundation - User-mode Driver Framework
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Modules Installer
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
Workstation

The command completed successfully.

--
--
Best regards,
Kevin D. Goodknecht Sr.
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-24-2010
Ace Fekay [MVP-DS, MCT]
 

Posts: n/a
Re: Vista will not resolve DNS
"Kevin D. Goodknecht [MVP]" <admin@nospam.wftx.us> wrote in message
news:B4ED6DC6-C7C6-4F0F-B73E-F61932D7703B@microsoft.com...
> I've been pulling my hair out over this one. I suspect it may have had
> malware infection, ran combofix, TrendMicro Sysclean, reset IPv4, disabled
> IPv6, reset the Winsock, uninstalled Expired Norton 360, installed
> Microsoft Security Essentials, tried it with the Firewall on and off,
> checked the registry for as many Winsock Redirectors and firewalls I could
> think of. I don't know of anything I've missed, I'm hoping someone here
> can think of something.
>
> I can ping IP Addresses, but cannot ping any name, not even localhost. The
> DNSCache is caching names but it won't answer for application that
> resolves names, Including IE, Google Chrome, Firefox, tracert, nothing!
>
> It can browse the Internet with all installed browsers, if it uses my
> proxy server, since the proxy resolves names for the browser, but if it
> depends on the DNS Resolver Service it won't work. It is Vista basic that
> belongs to a customer and is not a member of a domain.
>
> I've posted pings, ipconfig /all, and net start below.
>
> C:\Users\Test>ping 127.0.0.1
>
> Pinging 127.0.0.1 with 32 bytes of data:
> Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
>
> C:\Users\Test>ping 192.168.201.1
>
> Pinging 192.168.201.1 with 32 bytes of data:
> Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
> Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
> Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
> Reply from 192.168.201.1: bytes=32 time=1ms TTL=64
>
> C:\Users\Test>ping localhost
> Ping request could not find host localhost. Please check the name and try
> again.
>
>
> C:\Users\Test>ping www.yahoo.com
> Ping request could not find host www.yahoo.com. Please check the name and
> try ag
> ain.
>
> C:\Users\Test>tracert yahoo.com
> Unable to resolve target system name yahoo.com.
>
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dana-PC
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : office.wftx.us
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : office.wftx.us
> Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps
> Ethernet #3
> Physical Address. . . . . . . . . : 00-1D-72-B0-B7-87
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IPv4 Address. . . . . . . . . . . : 192.168.201.152(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Lease Obtained. . . . . . . . . . : Tuesday, February 23, 2010 1:51:27
> PM
> Lease Expires . . . . . . . . . . : Wednesday, February 24, 2010 2:27:51
> PM
> Default Gateway . . . . . . . . . : 192.168.201.1
> DHCP Server . . . . . . . . . . . : 192.168.201.5
> DNS Servers . . . . . . . . . . . : 192.168.201.5
> 192.168.201.15
> 192.168.201.13
> 192.168.201.25
> Primary WINS Server . . . . . . . : 192.168.201.5
> Secondary WINS Server . . . . . . : 192.168.201.13
> 192.168.201.15
> NetBIOS over Tcpip. . . . . . . . : Enabled
>
> C:\Users\Test>net start
> These Windows services are started:
>
> Agere Modem Call Progress Audio
> Application Experience
> Application Information
> Background Intelligent Transfer Service
> Base Filtering Engine
> COM+ Event System
> Cryptographic Services
> DCOM Server Process Launcher
> Desktop Window Manager Session Manager
> DHCP Client
> Diagnostic Policy Service
> Diagnostic Service Host
> Diagnostic System Host
> Distributed Link Tracking Client
> DNS Client
> Group Policy Client
> Human Interface Device Access
> IKE and AuthIP IPsec Keying Modules
> IP Helper
> IPsec Policy Agent
> KtmRm for Distributed Transaction Coordinator
> Microsoft Antimalware Service
> Multimedia Class Scheduler
> Network Connections
> Network List Service
> Network Location Awareness
> Network Store Interface Service
> NVIDIA Display Driver Service
> Plug and Play
> Portable Device Enumerator Service
> Program Compatibility Assistant Service
> ReadyBoost
> Remote Access Connection Manager
> Remote Procedure Call (RPC)
> Remote Registry
> Secondary Logon
> Secure Socket Tunneling Protocol Service
> Security Accounts Manager
> Security Center
> Server
> Shell Hardware Detection
> Software Licensing
> SSDP Discovery
> Superfetch
> System Event Notification Service
> Tablet PC Input Service
> TCP/IP NetBIOS Helper
> Telephony
> Terminal Services
> Themes
> UPnP Device Host
> User Profile Service
> VNC Server Version 4
> WebClient
> Windows Audio
> Windows Audio Endpoint Builder
> Windows Driver Foundation - User-mode Driver Framework
> Windows Error Reporting Service
> Windows Event Log
> Windows Firewall
> Windows Image Acquisition (WIA)
> Windows Management Instrumentation
> Windows Modules Installer
> Windows Search
> Windows Time
> Windows Update
> WinHTTP Web Proxy Auto-Discovery Service
> Workstation
>
> The command completed successfully.
>
> --
> --
> Best regards,
> Kevin D. Goodknecht Sr.
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
>
>



Kevin,

How are you? It's been awhile since we've spoken.

Curious, what is in the system32\drivers\etc\hosts file? If it can't find
localhost, as you know, that's where it is supposed to be. ALso check the
reg to make sure that a virus didn't change the hosts file location.

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Tcpip\Parameters\DataBasePath.

Other than that, maybe there was a 3rd party network malware tool installed
hijacking network services. Maybe a packet sniffer to see what that
workstation is doing, if it is trying to contact some external entity?

Just conjecture... Sometimes these can be difficult to track down where a
reinstall takes less time if it was previously infected by malware! :-) I
have a machine sitting in my basement with similar issues that belongs to my
daughter's boyfriend. And I can't reinstall it because he doesn't have the
original XP Home OEM
CD. It just blue screens, even in Safe Mode with Networking, however it
doesn't in Safe Mode. I am thinking of uninstalling and reinstalling TCP on
it, but haven't explored that yet in Safe Mode because I've been super busy
the past few weeks.... What a mess! LOL!

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.


Reply With Quote
  #3 (permalink)  
Old 02-24-2010
Jonathan de Boyne Pollard
 

Posts: n/a
Re: Vista will not resolve DNS


The DNSCache is caching names but it won't answer for application that resolves names, Including IE, Google Chrome, Firefox, tracert, nothing!



How do you know that it's caching names if you haven't managed to make it successfully look up anything?&nbsp; In any case, you've missed a test:



&nbsp; DNS Servers . . . . . . . . . . . : 192.168.201.5
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp; 192.168.201.15
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp; 192.168.201.13
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp;&nbsp;&nbsp;&nbsp; 192.168.201.25



Query all of these with netdig or something similar.&nbsp; If that works, then you can eliminate firewalls and network connectivity as causes for the problem, and concentrate upon the DNS Client itself.



If you find yourself at that point, stop the DNS Client service, and see what happens to applications that perform DNS lookups once they have to do them directly, rather than via the client service.

Reply With Quote
  #4 (permalink)  
Old 02-24-2010
Frankster
 

Posts: n/a
Re: Vista will not resolve DNS
> I've been pulling my hair out over this one. I suspect it may have had
> malware infection, ran combofix, TrendMicro Sysclean.... installed
> Microsoft Security Essentials


Well, in addition to the DNS troubleshooting ideas presented already, I
would advise to download and run the Malwarebytes Anti-Malware product
(free). I don't normally recommend any particular AV products, even though
I have my favorite... however, this Malwarebytes product is just so damned
good! It'll only take about 15 minutes to download and run.

http://www.malwarebytes.org.

Sorry if this seems too rudimentary, but no kidding, this is one heck of a
product (but, you might already know that - LOL). Oh well...

-Frank

Reply With Quote
  #5 (permalink)  
Old 02-24-2010
Ace Fekay [MVP-DS, MCT]
 

Posts: n/a
Re: Vista will not resolve DNS
"Frankster" <frank@SPAM2TRASH.com> wrote in message
news:M8-dnbVyQevsCxnWnZ2dnUVZ_qqdnZ2d@giganews.com...
>> I've been pulling my hair out over this one. I suspect it may have had
>> malware infection, ran combofix, TrendMicro Sysclean.... installed
>> Microsoft Security Essentials

>
> Well, in addition to the DNS troubleshooting ideas presented already, I
> would advise to download and run the Malwarebytes Anti-Malware product
> (free). I don't normally recommend any particular AV products, even
> though I have my favorite... however, this Malwarebytes product is just so
> damned good! It'll only take about 15 minutes to download and run.
>
> http://www.malwarebytes.org.
>
> Sorry if this seems too rudimentary, but no kidding, this is one heck of a
> product (but, you might already know that - LOL). Oh well...
>
> -Frank



I like that product, too. However I finally found a piece of malware it was
not able to clean up, and that was with my daughter's boyfriend's machine,
and one customer machine. The customer machine had a fake AV that it
couldn't find. However the other machine, is simply blue screening at boot,
and since it won't boot in Safe Mode with Networking, I can't update
malwarebytes when I run. It is proving a challenge to me right now. It only
runs in Safe Mode. I opted to disable all non-Microsoft services using
msconfig, and it still won't even come up in Safe with Networking.

I don't mean to hijack this thread, just pointing out as much as I like
malwarebytes too, it apparently didn't have the sigs for the latest thing
out there. The AV writers could have slightly changed the header in their
file to circumvent it.

Ace


Reply With Quote
  #6 (permalink)  
Old 02-24-2010
Frankster
 

Posts: n/a
Re: Vista will not resolve DNS

"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:ugxY2KXtKHA.712@TK2MSFTNGP04.phx.gbl...
>
> "Frankster" <frank@SPAM2TRASH.com> wrote in message
> news:M8-dnbVyQevsCxnWnZ2dnUVZ_qqdnZ2d@giganews.com...
>>> I've been pulling my hair out over this one. I suspect it may have had
>>> malware infection, ran combofix, TrendMicro Sysclean.... installed
>>> Microsoft Security Essentials

>>
>> Well, in addition to the DNS troubleshooting ideas presented already, I
>> would advise to download and run the Malwarebytes Anti-Malware product
>> (free). I don't normally recommend any particular AV products, even
>> though I have my favorite... however, this Malwarebytes product is just
>> so damned good! It'll only take about 15 minutes to download and run.
>>
>> http://www.malwarebytes.org.
>>
>> Sorry if this seems too rudimentary, but no kidding, this is one heck of
>> a product (but, you might already know that - LOL). Oh well...
>>
>> -Frank

>
>
> I like that product, too. However I finally found a piece of malware it
> was not able to clean up, and that was with my daughter's boyfriend's
> machine, and one customer machine. The customer machine had a fake AV that
> it couldn't find. However the other machine, is simply blue screening at
> boot, and since it won't boot in Safe Mode with Networking, I can't update
> malwarebytes when I run. It is proving a challenge to me right now. It
> only runs in Safe Mode. I opted to disable all non-Microsoft services
> using msconfig, and it still won't even come up in Safe with Networking.
>
> I don't mean to hijack this thread, just pointing out as much as I like
> malwarebytes too, it apparently didn't have the sigs for the latest thing
> out there. The AV writers could have slightly changed the header in their
> file to circumvent it.
>
> Ace
>


I have ran into a similar case. When I do, I download a new copy (it always
has a very pretty current sig file embedded) and that seems to do the trick.
Sometimes I can run it from a location directly on my flash drive, if
necessary. On especially difficult cases where the Virus disables
Malwarebytes' Anti-Malware product, I run it on another machine on the
network against the victim machine, after mapping to the drive (use "full
scan"). Sometimes it is necessary to remove the drive and mount it on a
known good machine via USB adapter and run Anti-Malware on the good machine
(full scan again to hit the newly mounted victim drive).

One thing I have also found is that often I can get the victim drive
repaired enough this way (remotely mounted) so that at least the original
machine will boot and run Anti-malware natively. It is important to run
Anti-malware natively, using the normally used login, to get everything
cleaned up. I almost always find even more hits when running natively even
after a remote session "cleans" it. Just FYI... I'm sure you know most of
this -

Also, apologies if this appears to be a thread hijack.. but... it really
does sound like the OPs issue just might be a virus.

-Frank

Reply With Quote
  #7 (permalink)  
Old 02-24-2010
Kevin D. Goodknecht
 

Posts: n/a
Re: Vista will not resolve DNS
"Jonathan de Boyne Pollard" <J.deBoynePollard-newsgroups@NTLWorld.COM> wrote
in message
news:IU.D20100224.T012239.P1302.Q0@J.de.Boyne.Poll ard.localhost...
The DNSCache is caching names but it won't answer for application that
resolves names, Including IE, Google Chrome, Firefox, tracert, nothing!
How do you know that it's caching names if you haven't managed to make it
successfully look up anything? In any case, you've missed a test:
DNS Servers . . . . . . . . . . . : 192.168.201.5
192.168.201.15
192.168.201.13
192.168.201.25
Query all of these with netdig or something similar. If that works, then
you can eliminate firewalls and network connectivity as causes for the
problem, and concentrate upon the DNS Client itself.
If you find yourself at that point, stop the DNS Client service, and see
what happens to applications that perform DNS lookups once they have to do
them directly, rather than via the client service.


Hello Jonathan, it's been a long time, you are correct, I did err in leaving
out that that information, I tried to think of everything, but this should
rest your mind that I thought of it and did the tests.

Here is a flushdns, displaydns, a couple of pings and another displaydns. As
you can see the resolver seems to be working but ping doesn't get the answer
back.


************************************************
C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>ipconfig /displaydns

Windows IP Configuration

1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


localhost
----------------------------------------
No records of type AAAA



C:\Windows\system32>ping localhost
Ping request could not find host localhost. Please check the name and try
again.


C:\Windows\system32>ping sonicwall.wftx.us
Ping request could not find host sonicwall.wftx.us. Please check the name
and tr
y again.

C:\Windows\system32>ipconfig /displaydns

Windows IP Configuration

1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


sonicwall.wftx.us
----------------------------------------
Record Name . . . . . : sonicwall.wftx.us
Record Type . . . . . : 1
Time To Live . . . . : 3581
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.201.1


localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 86400
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


localhost
----------------------------------------
No records of type AAAA



C:\Windows\system32>ping sonicwall.wftx.us
Ping request could not find host sonicwall.wftx.us. Please check the name
and tr
y again.

C:\Windows\system32>


************************************************** ********

Here's the Netdig response, I included both UDP and TCP Queries, all servers
answer the same.

opcode: Query, status: NoError, id: 42
flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

QUESTION SECTION:
sonicwall.wftx.us. IN A

ANSWER SECTION:
sonicwall.wftx.us. 3600 IN A 192.168.201.1

Query time: 0 ms
Server : 192.168.201.5:53 udp (192.168.201.5)
When : 2/24/2010 3:11:17 PM
Size rcvd : 51

opcode: Query, status: NoError, id: 42
flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

QUESTION SECTION:
sonicwall.wftx.us. IN A

ANSWER SECTION:
sonicwall.wftx.us. 3600 IN A 192.168.201.1

Query time: 0 ms
Server : 192.168.201.5:53 tcp (192.168.201.5)
When : 2/24/2010 3:11:23 PM
Size rcvd : 51




--
--
Best regards,
Kevin D. Goodknecht Sr.
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.goodyscomputer.com/
http://support.wftx.us/

Reply With Quote
  #8 (permalink)  
Old 02-24-2010
Ace Fekay [MVP-DS, MCT]
 

Posts: n/a
Re: Vista will not resolve DNS
"Frankster" <frank@SPAM2TRASH.com> wrote in message
news:Z8CdnZ9MpJE79RjWnZ2dnUVZ_vOdnZ2d@giganews.com ...
>
> "Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in
> message news:ugxY2KXtKHA.712@TK2MSFTNGP04.phx.gbl...
>>
>> "Frankster" <frank@SPAM2TRASH.com> wrote in message
>> news:M8-dnbVyQevsCxnWnZ2dnUVZ_qqdnZ2d@giganews.com...
>>>> I've been pulling my hair out over this one. I suspect it may have had
>>>> malware infection, ran combofix, TrendMicro Sysclean.... installed
>>>> Microsoft Security Essentials
>>>
>>> Well, in addition to the DNS troubleshooting ideas presented already, I
>>> would advise to download and run the Malwarebytes Anti-Malware product
>>> (free). I don't normally recommend any particular AV products, even
>>> though I have my favorite... however, this Malwarebytes product is just
>>> so damned good! It'll only take about 15 minutes to download and run.
>>>
>>> http://www.malwarebytes.org.
>>>
>>> Sorry if this seems too rudimentary, but no kidding, this is one heck of
>>> a product (but, you might already know that - LOL). Oh well...
>>>
>>> -Frank

>>
>>
>> I like that product, too. However I finally found a piece of malware it
>> was not able to clean up, and that was with my daughter's boyfriend's
>> machine, and one customer machine. The customer machine had a fake AV
>> that it couldn't find. However the other machine, is simply blue
>> screening at boot, and since it won't boot in Safe Mode with Networking,
>> I can't update malwarebytes when I run. It is proving a challenge to me
>> right now. It only runs in Safe Mode. I opted to disable all
>> non-Microsoft services using msconfig, and it still won't even come up in
>> Safe with Networking.
>>
>> I don't mean to hijack this thread, just pointing out as much as I like
>> malwarebytes too, it apparently didn't have the sigs for the latest thing
>> out there. The AV writers could have slightly changed the header in their
>> file to circumvent it.
>>
>> Ace
>>

>
> I have ran into a similar case. When I do, I download a new copy (it
> always has a very pretty current sig file embedded) and that seems to do
> the trick. Sometimes I can run it from a location directly on my flash
> drive, if necessary. On especially difficult cases where the Virus
> disables Malwarebytes' Anti-Malware product, I run it on another machine
> on the network against the victim machine, after mapping to the drive (use
> "full scan"). Sometimes it is necessary to remove the drive and mount it
> on a known good machine via USB adapter and run Anti-Malware on the good
> machine (full scan again to hit the newly mounted victim drive).
>
> One thing I have also found is that often I can get the victim drive
> repaired enough this way (remotely mounted) so that at least the original
> machine will boot and run Anti-malware natively. It is important to run
> Anti-malware natively, using the normally used login, to get everything
> cleaned up. I almost always find even more hits when running natively
> even after a remote session "cleans" it. Just FYI... I'm sure you know
> most of this -
>
> Also, apologies if this appears to be a thread hijack.. but... it really
> does sound like the OPs issue just might be a virus.
>
> -Frank



I'm kind of thinking that with Kevin's, too. As for that machine I have, I
really don't have the time to work on it right now. I told him you can leave
it sit here until I come up with a game plan (this is after all the other
attempts I tried and him not having the OEM CD), he said he may be willing
to take it to Geek squad. I laughed and said, expect to lose data! But go
ahead if you feel that strongly. It is at the bottom of my list at the
moment, but I appreciate the suggestions! :-) I may just yank the drive and
put it in another machine. I just happen to have one right now from another
customer that I may just do that and get it to a point I can boot it. I can
say this, that I know the networking functions were compromised based on the
fact I found some oddball stuff in the hosts file. I changed it back to
default, made it Read only, checked the reg to make sure it's pointing to
the default location. So that part is eliminated. However, if some rogue DLL
is in there (yet to run Process Explorer and dont even know if that works in
SM), that can put a damper on things. <sigh>

Ace



Reply With Quote
  #9 (permalink)  
Old 02-24-2010
Ace Fekay [MVP-DS, MCT]
 

Posts: n/a
Re: Vista will not resolve DNS
"Kevin D. Goodknecht" <admin@nospam.wftx.us> wrote in message
news:OU5rkXZtKHA.3548@TK2MSFTNGP04.phx.gbl...
> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgroups@NTLWorld.COM>
> wrote in message
> news:IU.D20100224.T012239.P1302.Q0@J.de.Boyne.Poll ard.localhost...
> The DNSCache is caching names but it won't answer for application that
> resolves names, Including IE, Google Chrome, Firefox, tracert, nothing!
> How do you know that it's caching names if you haven't managed to make it
> successfully look up anything? In any case, you've missed a test:
> DNS Servers . . . . . . . . . . . : 192.168.201.5
> 192.168.201.15
> 192.168.201.13
> 192.168.201.25
> Query all of these with netdig or something similar. If that works, then
> you can eliminate firewalls and network connectivity as causes for the
> problem, and concentrate upon the DNS Client itself.
> If you find yourself at that point, stop the DNS Client service, and see
> what happens to applications that perform DNS lookups once they have to do
> them directly, rather than via the client service.
>
>
> Hello Jonathan, it's been a long time, you are correct, I did err in
> leaving out that that information, I tried to think of everything, but
> this should rest your mind that I thought of it and did the tests.
>
> Here is a flushdns, displaydns, a couple of pings and another displaydns.
> As you can see the resolver seems to be working but ping doesn't get the
> answer back.
>
>
> ************************************************
> C:\Windows\system32>ipconfig /flushdns
>
> Windows IP Configuration
>
> Successfully flushed the DNS Resolver Cache.
>
> C:\Windows\system32>ipconfig /displaydns
>
> Windows IP Configuration
>
> 1.0.0.127.in-addr.arpa
> ----------------------------------------
> Record Name . . . . . : 1.0.0.127.in-addr.arpa.
> Record Type . . . . . : 12
> Time To Live . . . . : 86400
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> PTR Record . . . . . : localhost
>
>
> localhost
> ----------------------------------------
> Record Name . . . . . : localhost
> Record Type . . . . . : 1
> Time To Live . . . . : 86400
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 127.0.0.1
>
>
> localhost
> ----------------------------------------
> No records of type AAAA
>
>
>
> C:\Windows\system32>ping localhost
> Ping request could not find host localhost. Please check the name and try
> again.
>
>
> C:\Windows\system32>ping sonicwall.wftx.us
> Ping request could not find host sonicwall.wftx.us. Please check the name
> and tr
> y again.
>
> C:\Windows\system32>ipconfig /displaydns
>
> Windows IP Configuration
>
> 1.0.0.127.in-addr.arpa
> ----------------------------------------
> Record Name . . . . . : 1.0.0.127.in-addr.arpa.
> Record Type . . . . . : 12
> Time To Live . . . . : 86400
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> PTR Record . . . . . : localhost
>
>
> sonicwall.wftx.us
> ----------------------------------------
> Record Name . . . . . : sonicwall.wftx.us
> Record Type . . . . . : 1
> Time To Live . . . . : 3581
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 192.168.201.1
>
>
> localhost
> ----------------------------------------
> Record Name . . . . . : localhost
> Record Type . . . . . : 1
> Time To Live . . . . : 86400
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 127.0.0.1
>
>
> localhost
> ----------------------------------------
> No records of type AAAA
>
>
>
> C:\Windows\system32>ping sonicwall.wftx.us
> Ping request could not find host sonicwall.wftx.us. Please check the name
> and tr
> y again.
>
> C:\Windows\system32>
>
>
> ************************************************** ********
>
> Here's the Netdig response, I included both UDP and TCP Queries, all
> servers answer the same.
>
> opcode: Query, status: NoError, id: 42
> flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> QUESTION SECTION:
> sonicwall.wftx.us. IN A
>
> ANSWER SECTION:
> sonicwall.wftx.us. 3600 IN A 192.168.201.1
>
> Query time: 0 ms
> Server : 192.168.201.5:53 udp (192.168.201.5)
> When : 2/24/2010 3:11:17 PM
> Size rcvd : 51
>
> opcode: Query, status: NoError, id: 42
> flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> QUESTION SECTION:
> sonicwall.wftx.us. IN A
>
> ANSWER SECTION:
> sonicwall.wftx.us. 3600 IN A 192.168.201.1
>
> Query time: 0 ms
> Server : 192.168.201.5:53 tcp (192.168.201.5)
> When : 2/24/2010 3:11:23 PM
> Size rcvd : 51
>
>



So the hosts file appears fine, and based on your testing, DNS resolution
appears fine. Curious, if you create an entry in the hosts file for
sonicwall.wftx.us, does it resolve and ping?

Ace


Reply With Quote
  #10 (permalink)  
Old 02-24-2010
Jonathan de Boyne Pollard
 

Posts: n/a
Re: Vista will not resolve DNS


Query all of these with netdig or something similar.&nbsp; If that works, then you can eliminate firewalls and network connectivity as causes for the problem, and concentrate upon the DNS Client itself.



If you find yourself at that point, stop the DNS Client service, and see what happens to applications that perform DNS lookups once they have to do them directly, rather than via the client service.



Hello Jonathan, it's been a long time, you are correct, I did err in leaving out that that information, I tried to think of everything, but this should rest your mind that I thought of it and did the tests.



Here is a flushdns, displaydns, a couple of pings and another displaydns. As you can see the resolver seems to be working but ping doesn't get the answer back.



Your netdig results eliminate firewalls and anything network related as the source of the problem.&nbsp; Your ipconfig /displaydns furthermore shows that the DNS Client service has correctly performed the lookups it was asked to.&nbsp; The problem is thus somewhere between the application processes and the DNS Client service.&nbsp;



The applications communicate with the DNS Client service using (L)RPC.&nbsp; (So, too, does ipconfig, which makes the results very interesting, considering that ipconfig seems to have no problem communicating with the service yet ordinary DNS lookups from applications apparently do.)&nbsp; As I suggested above, turn the DNS Client service off, and do those application lookups again.&nbsp; That should succeed, demonstrating that you have an unusual problem with LRPC for lookups to and from the DNS Client.



One potential problem area there could be the search path logic.&nbsp; So try some tests that use fully-qualified domain names, in order to bypass that mechanism.

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vista 64 Home Premium IE7 intermittently will not resolve DNS drveko microsoft.public.internetexplorer.general 2 10-14-2009 05:22
Vista taking too long to resolve DNS? Infocom microsoft.public.windows.vista.networking sharing 12 12-19-2007 05:37
Vista SP1 Beta fails to resolve these issues. goorambatman microsoft.public.windows.vista.general 56 10-23-2007 05:07
HOW TO RESOLVE CONNECTIVITY ISSUE ON VISTA =?Utf-8?B?QXo=?= microsoft.public.windows.vista.networking sharing 2 03-28-2007 03:59
How To Resolve Issues With Your DVD/CD Burner in Vista =?Utf-8?B?d2hpd28=?= microsoft.public.windows.vista hardware devices 0 02-18-2007 16:11




All times are GMT +1. The time now is 22:30.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120