DNS cache will not clear on a Windows XP machine?

1

I have a Windows XP machine that refuses to connect to one of my servers no matter what I've tried. It points to a null IP address (not the correct IP) and HTML-get as well as ping and tracert all aim at the wrong address.

Of course I flushed the DNS cache with ipconfig /flushdns, and even restarted the dns cache service and rebooted a few times.

And yes, I added the NegativeCacheTime set to 0.

Also, I checked C:\WINDOWS\system32\drivers\etc\hosts, and there are no entries in it except for localhost.

All the other machines on my LAN get the right IP, but this one XP-box seems to have some kind of evil stealth DNS.

It's driving me batty; what can be causing this?

Brock Adams

Posted 2013-01-28T21:52:16.780

Reputation: 2 000

2Try nslookup <hostname> and see what it responds. It'll tell you exactly which DNS server is being used. – Darth Android – 2013-01-28T22:12:20.197

Did you also check for an active LMHOSTS file?

– Ƭᴇcʜιᴇ007 – 2013-01-28T22:17:46.357

@DarthAndroid, it came back resolver1.opendns.com 208.67.222.222 -- which seems right. OpenDNS is supposed to be good, isn't it? Cross checking, I see that at least 2 of the other win boxes were hijacked to use Comodo DNS (not authorized). – Brock Adams – 2013-01-28T22:18:30.510

@techie007, No. Thanks for the reminder. However, it had no uncommented entries. – Brock Adams – 2013-01-28T22:19:39.827

If the server is outside, and you're depending on external DNs, it may just take a while for it to update. Perhaps try nslookup <servername> 8.8.8.8 to check with Google's DNS, and perhaps use it again to check against your hosting company's DNS (assuming you have hosted DNS)? – Ƭᴇcʜιᴇ007 – 2013-01-28T22:21:38.257

@techie007: The Win XP box reports that it's using OpenDNS (like they all should), I just checked with OpenDNS' "CacheCheck" and it reports the right IP for the domain.

– Brock Adams – 2013-01-28T22:26:19.630

And, now, everything's working at last. I can only conclude that OpenDNS was very late in updating its cache. And that it was dumb luck that Comodo hijacked the DNS on the other win boxes, and that Comodo is apparently better at updates than OpenDNS? – Brock Adams – 2013-01-28T22:30:19.610

@DarthAndroid, if you want to make your comment an answer, I will accept it, since it led to the correct solution (Check your DNS provider's cache tool, if they have one, and make sure all machines are using the same, bestest DNS provider (which does not appear to be OpenDNS anymore).) – Brock Adams – 2013-01-28T22:32:28.943

@BrockAdams Done. Also, I stopped using OpenDNS a while ago when they started hijacking NXDOMAIN to return a search page. – Darth Android – 2013-01-28T23:25:14.747

Answers

2

If you've rebooted the system and checked your hosts file, then there's a good chance that:

  • The domain's IP has been changed, and the DNS server that your computer is using is stale (it can be up to 8 hours or longer depending on cache timeouts)

  • Your computer could be using the wrong DNS server. You can check how your computer is resolving an IP from the DNS server with the nslookup utility. If you open a command prompt and type nslookup <hostname>, then it will print out the name / IP of the DNS server, and then the server's response for <hostname> lookup. You can check other DNS servers easily with nslookup <hostname> <dnsserver> to compare results. I like to use 8.8.8.8 and 8.8.4.4 (Google's Public DNS servers) as a good baseline.

  • Finally, many DNS services will let you check or refresh their cache. For example, OpenDNs has a "CacheCheck" utility.

Darth Android

Posted 2013-01-28T21:52:16.780

Reputation: 35 133

Asked: 2013-01-28T21:52:16.780

Viewed: 3 280 times

Active: 2013-01-28T23:46:35.400