17
9
nslookup IS working; ping -4 name.com NOT working
The most obvious symptom of this problem is that nslookup
IS working, while ping -4 name.com
is NOT working.
That's because nslookup
contains its own DNS client, and so does not use the Windows one.
ping
when given a name, uses the Windows DNS Client to translate name -> number.
So if nslookup
can translate, then lots of things work: networking hardware, NIC adapter driver, internet connectivity to the DNS servers, and successfully accessing the servers to do a translation. That's a lot!
However, ping -4 name.com
fails, so if all that other stuff is working, it's the Windows DNS client software itself that is implicated.
Note i did ping -4
to isolate to IPv4 excluding IPv6 influences.
displaydns fails
That's why the best symptom to describe the actual problem is that
ipconfig /displaydns
reports:
Could not display the DNS Resolver Cache.
But DNS client is running
Reading forums, the most probable reason for this symptom is the DNS Client (aka dnscache
) service is not running; however for us it is.
We did
net stop dnscache
net start dnscache
sc query dnscache
and it is on.
It's Not DNS suffix
Another possibility is that there are DNS suffixes in use. However going into network and sharing center -> change adapter settings -> Wireless Network Connection -> Properties -> Internet Protocol Version 4 Properties -> Advanced -> DNS tab, we have:
[CHECKED] Append primary and connection specific DNS suffixes
- [CHECKED] Append parent suffixes of the primary DNS suffix
[UNchecked] Append these DNS suffixes
(and the list box is empty)
DNS suffix for this connection:
[CHECKED] Register this connection's addresses in DNS [UNchecked] Use this connection's DNS suffix in DNS registration.
However, i'm not sure if any of this matters cuz we can't get to goolge.com, ie a FQDN.
More info
We disabled IPv6 for now for debug. So everything reported in here is with IPv6 off.
nslookup
works reliably, on google.com
and everything else.
However,
ping -4 google.com
says
Ping request could not find host google.com
And browsing says DNS error.
Now, I have learned that nslookup
has its own DNS client, separate from Windows. Which would lead me to believe that nslookup's
DNS client is fine, and Windows is corrupted somehow.
Indeed, we can browse google and other sites via IP address fine, just not by name.
ping
by IP address works fine. As does tracert
by IP address.
Not DirectAccess
The problem does not appear to be DirectAccess :
netsh dns show state
reports (among other things)
Network Location Behavior Never use Direct Access settings
Direct Access Settings Not Configured
Wireshark
A Wireshark capture during nslookup
shows name queries.
However a capture doing ping showed no such queries. In fact, no activity at all (other than background). That suggests that the Windows DNS client is not even trying to go out to the internet and translate the name, which would be consistent with its inability to displaydns.
Other notes
The c:\windows\system32\drivers\etc\hosts
is empty (only comments).
The problem happens when the DNS server is set to the university's; or when set to google's 8.8.8.8 and/or 8.8.4.4 and/or OpenDNS's 208.67.222.222 and/or 208.67.220.220. Which makes sense given that Wireshark reports that Windows isn't even sending the name query.
The problem happened after a heat crash. However, being able to browse by IP rules hardware problems, except perhaps for HDD corruption. However chkdsk
did not report any bad sectors, and sfc
did not find any corruption.
We have also uninstalled the Network Adapter in Device Manager and let it re-install automatically. Also checked for updates for this adapter on windows. There weren't any.
The crash means a reboot, so maybe it was a bad windows update. However, there were several reboots before this one and after the most recent windows update.
We've run for rootkit is Malwarebytes Anti-Malware, also their Malwarebytes Anti-Rootkit beta, TDSSKiller, and Comodo Cleaning Essentials (CCE, but it appears not to be updated).
Have not tried in safe mode with networking yet.
We are mostly using a university router, however the problem also happens when connected to smartphone's hotspot.
ipconfig
reports 5 Tunnel Adapters, but they all report "Media Disconnected". 2 of them look university specific.
ipconfig
and device manager both report a Microsoft Virtual WiFi Miniport Adapter
. What is this and could it be the problem?
The problem is identical after many reboots of the PC.
It's a laptop, and most of this was done with the wireless connection, but the wired connection appeared to have the same behavior.
Summary
So, it appears Windows DNS client is corrupted or at least malfunctioning in some way, but I'm not sure how to figure out why.
(BTW, i'm writing this on another computer)
Edit:
@Kris wanted to see ipconfig /all
C:\Users\[username]>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : <<<====NOTE NO HOST NAME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ed*****.***l.edu
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : ed*****.***l.edu
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.131.2.**(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.128.0
Lease Obtained. . . . . . . . . . : Monday, April 27, 2015 11:32:13 AM
Lease Expires . . . . . . . . . . : Monday, April 27, 2015 11:47:13 AM
Default Gateway . . . . . . . . . : 10.131.0.1
DHCP Server . . . . . . . . . . . : 132.236.56.249
DNS Servers . . . . . . . . . . . : 192.35.82.50
128.253.180.2
132.236.56.250
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : r****.****l.edu
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {CBE4B55D-63C6-460A-82CF-7076427CD2AF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.e****.****l.edu:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{270C639B-82A2-4AE7-B886-D40DAA7EF798}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.r****.****l.edu:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Edit 2:
Tried
netsh int ip set dns "wireless network connection" static 8.8.4.4
net winsock reset
and reboot and did not change anything.
Tried this excellent site (thanks @Kris) Windows 7: Services - Restore Default Services in Windows 7 and downloaded their DNS_Client.reg
(and named it .reg.txt
for safety) and compared that to the existing registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache
but sadly, they were the same.
1The PC is remote from me (the superuser account holder) and obviously has no internet. I have a picture of the screen. I can post that, i guess, soon. In the meantime, what are you looking for? – john v kumpf – 2015-04-27T14:17:35.167
The actual network configuration, as to if there might be something blocking it or in any way malfunctioning. – None – 2015-04-27T14:19:19.577
Try this command ;
netsh int ip set dns netsh winsock reset – vembutech – 2015-04-27T15:19:56.670
@vembutech I can't do this right now, but I have a question: are you suggesting setting some DNS servers with that command? Or with no parameters it somehow resets to defaults. We have done this using the GUI, trying university DNS via automatic, and trying google and OpenDNS (as i said in OP). Does setting DNS servers via cmd line help more than via GUI? We have tried the winsock reset, but perhaps not immediately after setting a new DNS server. – john v kumpf – 2015-04-27T15:47:55.113
@vembutech Thanks for the attention, but I'm gonna have to down-vote your response. Reasons: Your command is really 2 commands.
netsh int ip set dns
as written is incomplete, but I already explained how I manipulate DNS, and gui vs cmd line doesnt matter, so your suggestion adds nothing. I tried setting DNS anyway and doingnetsh winsock reset
but it didnt work. If you at least explain(ed) yourself, I would not down-vote you. But as it stands, I must. Sorry. – john v kumpf – 2015-04-28T04:08:00.503Thanks @Kris. Did you see that II posted the ipconfig /all output (we got the text; better anyway). See anything? I don't. Unless it's one of those adapters. – john v kumpf – 2015-04-28T13:50:25.843
1Well some of all the tunnel interfaces could be creating havoc somewhere, but they all seem to be in a disconnect state. Could you try deleting the interface and rebooting to see if that maybe fixes it? You can do it in device manager. Also try to disable all unneeded interfaces. – None – 2015-04-28T18:47:20.613
@Kris already tried deleting (uninstalling) the interface (network adapter or NIC) in device manager. Windows auto-re-installs them. Did not try rebooting immediately after, but have rebooted many times since then. Did not help. If you read my post, i've tried just about everything. Notice that nslookup still works. As does browsing ti IP addresses. So I think i've narrowed it down to a corruption of the windows DNS client. Everything else checks out. Not sure how to debug that component specifically. – john v kumpf – 2015-04-29T03:11:12.640
1
Well then my last suggestion is this: http://answers.microsoft.com/en-us/windows/forum/windows_vista-networking/dns-look-up-fails-how-do-i-fix-it/36934cd0-5ac3-418c-82dd-5cb3bea86607 Or this: http://www.wintips.org/how-to-restore-windows-services-to-their-default-state/ Windows unfortunately doesn't really believe in repairing their native services easily, but you might somehow be able to uninstall or repair the DNS service.
– None – 2015-04-29T06:58:32.137@Kris not the wintips link itself, but it pointed to Windows 7: Services - Restore Default Services in Windows 7 <sevenforums> which is a killer post which I had not seen before. Thanks!
– john v kumpf – 2015-04-29T21:00:03.040