Windows Legacy OS forum

General discussion

DNS problem

I am a unix lover, but have recently installed WinXP Pro sp 2 (with the latest windows updates) in order to play a particular game and generally play around. I had the same OS & OS version again running for 2-3 months last year, with the same setup/settings, but did not have this problem. Anyway: here's the details..

WinXP pc (as described above)
linux server - nameserver for internal net + internet, not having any problems
linux router - but we wont be needing this.
Connected through LAN (ethernet), internal ip addresses.

NS + winpc are on the same subnet, so they have a "direct" connection. Preferred nameserver : my linux NS, secondary my router, which serves as a dns proxy (having the my NS as its own primary ns).

Out of the blue, some appz cannot resolve some hostnames. This happens even to my local domain, served by the nameserver being only 1 switch and two ethernet cables away.

For example, i have an index of my MRTG graphs which auto-reloads every x minutes or so. I always have that tab open @ my firefox, and all of a sudden i get a pop up telling me it can't resolve, though it has been resolving that for hours, and nothing's changed.

I do not use a proxy, by the way. So it s not likely that my proxy is messed up. I do not run a firewall, and nothing is blocking my computer from looking up that hostname.

I check with IE, same problem. Cannot resolve.
And then, the strangest thing happens, i cmd -> nslookup it, and whoop, there it is, perfectly resolved.
I recheck with IE and firefox and anyting, and they still can't resolve the poor thing.
I try cmd -> ipconfig /flusdns, nothing changes
If i try cmd -> ipconfig /registerdns, the problem's gone. The same thing if i "Repair" my network connection (which i suppose does the same thing).

Then after some random (or not, but haven't be able to notice that) time, i get the same error.

Now, in order to trace the problem, i ran some tcpdump-ing on the domain name port on my nameserver. The results show that Windows dont even bother looking up the hostname when i get the error. I mean i kept that dump running, and tried refreshing my browser (after seeing the popup), and there was no request sent. But when i nslookup-ed it (through command line), the nameserver did get an actual query and did reply.

I tried some googling, and microsoft support search, but did not find anything about this problem. I still did try some of the advice i found as a reply to other dns client problems, that looked they could help...

Does anyone have any idea or any suggestion? Thank you very much in advance.

I tried regediting the ttl of the dns cache, and other parameters, just so windows will use that cache as little as possible, and im waiting. But as the problem doesn't happen at a given time, or because of something known to me, i can not be sure, or "force" it to happen, so im not sure that any of that regedit stuff did actually fix the prob.

Still open to suggestions, because i really cant figure this one out, and it really makes no sense, and i cant allow that to myself

Discussion is locked
You are posting a reply to: DNS problem
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: DNS problem
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Have you read up on DNS poison attacks that are ongoing?

In reply to: DNS problem

The issue may not be yours.


Collapse -
it doesn't look like it's the same story

In reply to: Have you read up on DNS poison attacks that are ongoing?

I googled it and from what i read, i do not believe this is a cache poisoning problem.

I may be wrong, but from what i understood, dns cache poisoning would not cause problems in a local nameserver serving local domains. I mean, let's forget its internet domains proxying, my linux ns has a bind9 who's a master at my domain in the Wireless MAN that i'm in, and slave to the other wifi ppl's domain. And my WinXP do not resolve hosts to erroneous ips, they simply dont resolve at all (almost.. but i dont want to repeat myself).

Collapse -
Did you try NSLOOKUP?

In reply to: it doesn't look like it's the same story

It's a bit more enlightening.

Sorry, but I don't see enough here to cough up an instant answer. I have such a setup (albeit Suse 9.1 based) and it just works except when the ISP's DNS is not responding.

Sadly, ISP's DNS are now a target of attack.


Collapse -
of course..

In reply to: Did you try NSLOOKUP?

I am sorry, but i think i covered that in my first post. Maybe my poor English is to blame.

Nslookup [command line, win] does resolve. Nslookup does actually query the nameserver, as tcpdump showed. On the other hand, at the same exact time, IE or firefox will refuse to resolve the host, and their requests never do reach the nameserver, for some reason still unknown to me.

It is not a server problem [most probably], because every other pc (none with windows though, 'cause i dont have another one) works just fine.

I had the exact same setup like some months ago, or so i believe, and everyting worked. Now, for some strange reason, maybe some tiny detail that i'm still missing, i get those failures from time to time, and its getting really annoying.

Collapse -
OK, NSLOOKUP works, browsers fail.

In reply to: of course..

I wonder if someone set the proxy setting in the browsers?

Collapse -
as i wrote before..

In reply to: OK, NSLOOKUP works, browsers fail. my first post, i use NO proxy.

I don't mean to be rude, but is my english that bad or did you just scan through my first message? I did try to write anything useful.

Thank you very much for your time reading and answering, but we are not getting anywhere this way.

Collapse -
Not bad, just have to very sure.

In reply to: as i wrote before..

Since you take offense at this. I'll let others see if they see it. I'm on your side.

There are some members that think this is some tech support place and not a "let's work on this together." For those, I have to leave them alone and keep a list of such.

Did I add you to such a list?


Collapse -
Re: Not bad

In reply to: Not bad, just have to very sure.

It's ok, I undestand what you mean, and I generally agree.
You 'd probably agree with me if i replied that there are also alot of ppl too who dont bother reading what you're writing, and just reply anyway. Something that not only doesnt help, but sometimes causes confusion. I had to be sure, too Happy

Im absolutely sure that it has nothing to do with proxies, or browser settings.

I have my browser open, and a terminal running tcpdump on port 53. I try to access, i see the query received by the nameserver. Same settings, nothing's changed by me, at random time, i get the ''cant resolve'' popup. I do the same thing, open a terminal with tcpdump, refresh the browser, no query is received by the nameserver.

I think, as a result, that it has nothing to do with the app itself, but with the way windows handle its request. In the mean time, nslookup DOES send a query, all the times.

Collapse -
Here's the same discussion. NSLOOKUP works, Browser fails

In reply to: DNS problem

NSLOOKUP bypasses the dnscache.

Read the discussion and we see "ipconfig /dnsflush" from a command prompt. If that does fix the problem, a more permanent solution is probably to turn off the unsuccessful caching. I've run across a couple of suggestions for doing that; one involves one registry entry ( ) and one that requires three ( ). "

Hope this cures it.

Collapse -
that one looks promising

In reply to: Here's the same discussion. NSLOOKUP works, Browser fails

Thank you very much, i'll read the threads thoroughly, and post here the results, for future use or further discussion.

Collapse -
I may have to do that here.

In reply to: that one looks promising

I've seen this from time to time. But in my case it was my ISP and a bad DNS answer. The DNSCACHE kept the answer. (bright move!)

I'm sorry if it takes some back and forth to distill the information, but I'm still human and need time to digest it and have to ask again for clarity and to make sure.


PS. Then again, you could just call your ISP's support?

Collapse -
probably solved

In reply to: I may have to do that here.

First, it has nothing to do with my ISP, because i even get errors with "" when, it s served by a server physically connected (actually:

winpc, winpc's preferred ns 's master server:

Secondly, i checked it server-side and the requests never do get there.

And finally, messing with registry and disabling negative dns caching (caching of lookup failures) and some relevant Parameters of dns registry entries, i think i got it solved. I reg-edited that stuff right before my first post, so not having had an error for so long may be a really good sign.

Collapse -
murphy's law

In reply to: probably solved

.. says that the moment i think i got it solved, it will happen Sad

Collapse -
Double check that registry again...

In reply to: murphy's law

Windows is notorious for fixing itself even when we tell it not to.


Collapse -
i guess you are right.

In reply to: Double check that registry again...

i was pretty sure i did add that MaxNegativeCacheTtl thing.. well, i'll do that again, and make sure it is applied this time.

Thanx for your time, i'll be back tomorrow (gmt +2, here, 04:09 in the morning) hopefully with a solution Happy

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.