6

While troubleshooting a network timeout/connectivity WinHTTP issue, I temporarily added a host file entry for:

127.0.0.1 ctldl.windowsupdate.com

(The server has no internet connection and the firewall was causing some extended timeouts -- I wanted to temporarily set it to a local address for it to fail immediately).

For some reason though, even after flushing DNS cache, ping attempts still go to the actual IP.

This got me to thinking: Are there certain FQDNs which Windows 2008 absolutely will not acknowledge host file entries for? Perhaps for malware/virus protection?

Mike B
  • 11,570
  • 42
  • 106
  • 165

1 Answers1

9

This has been "known" for quite a few years actually.

if you look in the dnsapi.dll (in system32) you'll see a string of hosts.

There's a

DomainScreenList:

windowsupdate.microsoft.com windowsupdate.com microsoftupdate.com download.microsoft.com update.microsoft.com

HostsScreenList:

microsoft.com www.microsoft.com support.microsoft.com wustats.microsoft.com microsoftupdate.microsoft.com office.microsoft.com msdn.microsoft.com go.microsoft.com msn.com www.msn.com msdn.com www.msdn.com

I don't believe Microsoft ever commented on it, but I guess the intent was to prevent malware and other tools from adding entries to the hosts file.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188