DNS resolution wrong only on my PC (aka "Ghost of Hosting Past")

After successfully moving to a new hoster, I'm having a weird issue on just my computer (Windows 10). After propagation was complete and I removed the temporary entries in my hosts file, it looked fine for about a minute (apparently some sort of local cache), and then it wasn't. Checking nslookup, I saw this strange scenario:

PS C:\Users\Karen> nslookup mail.proverbs2525.org
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    proverbs2525.org
Address:  192.145.233.49
Aliases:  mail.proverbs2525.org

PS C:\Users\Karen> nslookup www.proverbs2525.org
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    proverbs2525.org
Address:  192.145.233.49
Aliases:  www.proverbs2525.org

PS C:\Users\Karen> nslookup proverbs2525.org
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    proverbs2525.org
Address:  192.232.219.88

mail. and www. were correct, and they even claimed to simply be aliases of the base domain, but a query on the base domain itself pointed to the old server. What???

Then, after a couple hours I noticed that the previously behaving mail. and www. versions had also reverted to the old IP! Then a little later they got well again. Then after an hour or so away from my computer I checked again, and www. is correct, but mail. (and of course the naked domain) were wrong. A few minutes after that, they swapped (mail. was correct but www. was wrong). I'm going mad!

The naked domain doesn't come and go, but is consistently wrong. Re-adding the hosts entry 192.145.233.49 proverbs2525.org fixes it, but when I remove the hosts entry again the naked domain goes back to 192.232.219.88, possibly taking the subdomains with it. It's as if I have some secondary, hidden hosts file (shall I call it a "ghosts file"?) that still has 192.232.219.88 in it and wants to assert itself when I'm not looking. I moved two other domains at the same time, and they are working fine. It's definitely not a propagation problem - I set all the TTLs to 10 minutes the previous day, and it has been about 8 hours since I changed the nameserver entries. My husband's computer on the same LAN, my phone, geopeeker, etc. all see everything pointing to 192.145.233.49 as they should. Can someone help me find the ghost?

OsakaWebbie

Posted 2018-02-01T09:08:16.907

Reputation: 203

Answers

Well, I feel silly answering my own question, because I didn't do anything, but that's the point. If someone comes here with similar issues, the answer might be patience.

Even though DNS propagation time had long-since past (even before I shortened the TTL, the original values were only 4 hours), something out there was coming and going. After I wrote the question, I discovered that it wasn't just my computer after all - hours later, a new email message arrived at the old account's mailbox. And sometime after that, my husband's computer also switched briefly to fetching mail from the old account instead of the new (fortunately - otherwise we might never have seen the wayward email!).

But I went on to other projects and had a night of sleep, and now, a day later, it appears to have settled out. Perhaps not all DNS cache nodes obey TTL settings, or perhaps it really was ghosts. ;-) But in the wild world of DNS, the lesson is to wait longer than you think you need to before assuming something has gone wrong.

OsakaWebbie

Posted 2018-02-01T09:08:16.907

Reputation: 203

You may have had a static path in your hosts file at some point (C:\Windows\System32\drivers\etc\hosts) Or possibly configured your DNS to point to the old providers servers (see https://www.lifewire.com/how-to-change-dns-servers-in-windows-2626242)

Try and open / generic one (8.8.8.8 for Goggle, 9.9.9.9 for from the "global cyber alliance" that tries to block malware)

Nate

Posted 2018-02-01T09:08:16.907

Reputation: 150