Why is my computer suddenly using NBNS instead of DNS?

2

I have a Windows 7 laptop which I regularly use to access wireless internet when traveling. Normally, everything connects and functions as expected, but as of 4 days ago, I have noticed that I am unable to open websites after connecting to the access point.

I finally got around to doing some investigation tonight and discovered that the problem lies with the DNS name resolution. Right now the IPv4 configuration is configured to use a DHCP assigned IP and DNS. Per ipconfig /all, I can say these dynamic values (IP, Gateway, DNS, ec.) are being assigned correctly -- but I am unable to surf the web. However, if I manually specify a DNS server (e.g. Google's 8.8.8.8) name resolution occurs as expected and everything works.

I never had to manually specify values in the past and I don't want to start now.

If you're like me, you probably suspected my DNS server as the culprit. Unfortunately, I have several other devices that do work correctly with my DNS server: Windows XP, Apple iPad, iPhone, and Windows Surface device. Each of these devices work correctly with DHCP (no manual configuration).

The problematic laptop has always worked correctly prior to 4 days ago.

To troubleshoot, I removed my manual DNS setting for Google and ran Wireshark. This revealed an interesting discovery: instead of seeing DNS requests as I attempted to load websites, I only see requests for NBNS -- which will fail because I don't have an NBNS server.

I also ran a netsh->dnsclient=>show state on the troubled laptop:

Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does not exist in DNS or if the DNS servers are unreachable when on a private network

Query Resolution Behavior : Resolve only IPv6 addresses for names

These results make me think that we're hitting a fallback state, but as I said, I don't see the system attempting to use DNS at all.

I'm also perplexed why the system would resolve only IPv6 addresses -- I am only using IPv4 (IPv6 is not selected on the adapter configuration)

Anyways, I'm perplexed. It works if I manually specify the DNS server, but DHCP configuration fails (despite ipconfig /all showing the correct values were assigned via DHCP)

Any suggestions/ideas are welcome.

lightbulb42

Posted 2013-08-08T15:37:32.420

Reputation: 21

Have you reviewed the configuration settings for networking on the affected machine? Did you check the hostnames file to see if something strange is in it? Finally, did anything unusual occur on the machine 4 days ago (install, connect to new LAN, upgrade anything)? – Fred – 2013-08-09T12:26:49.423

Answers

0

  1. Windows Firewall -> Advanced View -> Look whether there's are an outgoing rule to block DNS

  2. Use Windows Network Monitor (It's like Wireshark but in case of Windows better 'cause you also can see the process/threads IDs/Numbers - try it)

  3. Go for everything: Interface Adapter options -> LMHOSTs file -> Hosts File

  4. Look with SysInternals Suite (and/or Nirsofts Tools) whether there's a (hidden) prog that blocks or forges the DNS requests to NBNS. Try in the new SysInts Suite new ProcessExplorer the Options "check hash", "Virustotal"

aprogrammer

Posted 2013-08-08T15:37:32.420

Reputation: 43

0

Your laptop also running Oracle VirtualBox ? If true ,you can try to disable VirtualBox Network Interface. It seems the dns query been send to VirtualBox Network Interface.

I also used the wireshark to capture the dns query packet on Windows, but canot capture any dns query(after execute: ipconfig /flushdns).

Workaround: 1) disable/enable the NetBios NameServer over tcp/ip OR 2) Disable the VirtualBox Network Interface

update(2017-12-6): Three weeks ago I executed this command on my windows laptop: ./VBoxManage.exe modifyvm "ubuntu" --natdnshostresolver1 on

it seems can fix this issue

任喜军

Posted 2013-08-08T15:37:32.420

Reputation: 31

Asked: 2013-08-08T15:37:32.420

Viewed: 2 828 times

Active: 2020-02-25T07:01:00.190