Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Cache corruption issue on Windows 7


  • Please log in to reply
10 replies to this topic

#1 iternalnetworks

iternalnetworks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas
  • Local time:10:41 AM

Posted 02 April 2013 - 01:26 AM

I'm stumped on this one and reaching out for any help. I have 3 computers running Windows 7 that are randomly having one entry in their DNS Cache changed. It just happens to be the entry for their POP email server. The domain name is secure.emailsrvr.com, which is a RackSpace hosted POP server. The DNS cache last week was showing an IP for Network Solutions. Today the DNS Cache showed an IP that is registered to Apple. A simple DNS flush fixes the problem, but it always comes back several times each day.  The hosts file only contains one record and it is used for a local file server. They do not have a local DNS server and were using their ISP's DNS servers. I have since changed their DNS to OpenDNS. I have ran Malwarebytes scans and Microsoft Security Essential scans and found nothing. The router is a basic LinkSys wireless router with current firmware running on it. I don't see anything out of the ordinary in their startup items or anything else suspicious running. They used to have the problem on other computer but their previous IT guy fixed them (they don't know what he did and apparently he didn't know either because he was unable to fix these three computer and now here I am).

 

Any ideas on where else to look for this? I did run hijack this and can attach the log if needed. I also have exported the DNS Cache before and after performing the DNS flush.

 

Thanks in advance,

 

Mike



BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:41 PM

Posted 08 April 2013 - 07:51 PM

I am assuming your network is set for DHCP? I would start by contacting the Host for the POP server and have them check for DNS spoofing on their end. The Host Provider could be changing their Host names or your account may have expired. I would inform them of the DNS server that is passing the bad information on to your network. As you have already tried changing your DNS server should fix the issue if its not caused by your network. You can also use Google.com Public DNS servers 8.8.8.8 and 8.8.4.4. lastly if the problem still persist and you can't fix the DNS corruption you can make a static entry in the host file for secure.emailsrvr.com. google-public-dns-a.google.com (8.8.8.8) resolves secure.emailsrvr.com to 166.78.79.129 . Subsequent Ping statistics and reverse lookup on Ip-lookup.net show that is the registerd IP for the domain secure.emailsrvr.com.

 

What kind of problem is this causing?


Edited by Sneakycyber, 08 April 2013 - 07:54 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 iternalnetworks

iternalnetworks
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas
  • Local time:10:41 AM

Posted 16 April 2013 - 09:49 PM

It was causing their outlook connection to the POP3 server to fail. I was able to fix the problem by pointing it to a local DNS server with static information for the remote IP.



#4 DShuck

DShuck

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 23 May 2013 - 12:11 AM

Hi:

 

      I began seeing the intermittent corrupted DNS cache in Windows 7 Ultimate starting about 6 days ago.   The problem initially presented itself in as slow or no response to web searches or webpage stalls.  From there it progressed to network connectivity issues and loss of web navigation. 

 

      A quick ping check revealed that name resolution was not working but IP ping was working with no "loss" and as you would expect tracert using IP address (not name) worked flawlessly.   I have a Windows 8 Notebook, an Android Tablet and a Android based smartphone that I have tried on the same network node, subnet, gateway and name servers, the only machine that fails is the Windows 7 machine. 

 

      The problem can be temporarily repaired by using Windows Network Diagnostics program, but the problems returns, sometimes immediately and sometimes in 20 or 30 minutes but it always returns.   I have run deep scans with Windows Security Essentials, Windows Defender, MalwareBytes Anti-Malware and Norton Internet Security and nothing unusual shows up.  I have also run several other anti-viral apps and again nothing has been identified.  I am starting to suspect a bug in one of the recent Windows Updates, since nothing other than "Updates" had been added to the PC in question prior to the problem starting.

 

       I have run sfc/scannow with no errors identified. I have reset the IP Stack with Netsh and flushed the DNS cache but none of this has made any real difference, the problem still persists.

 

       So that being said, I am looking for help.  Has anyone else experienced this problem and is there a fix or an answer??? 

 

Thanks!



#5 Docrgl

Docrgl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 29 May 2013 - 07:49 PM

I'm anxious to discover the consensus  resolution to network  disruption with this problem.   Seems to be  affecting multiple  machines on the network. Very frustrating.  



#6 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:01:41 PM

Posted 30 May 2013 - 07:07 PM

If these issues are not part of the original topic please start your own topics. While they may be related you will receive faster responses from staff members. I will take a look at them as soon as I can if they are not responded to by another advisor.
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#7 DShuck

DShuck

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 30 May 2013 - 08:40 PM

Chad

 

   Thanks!



#8 Docrgl

Docrgl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 30 May 2013 - 11:30 PM

Chad,

apologies if my chiming in seems too vague.

 

Our issue  is mirroring the  info posted  in  #4   by  D Shuck,   I do not have  specific  info  focused all the way down to the POP 3  disruption.

We do have  a  recovered machine  on our network  that had the  FBI worm in it, and I was able to convince myself we have  removed it.

 

The failure to  resolve  DNS naming  issue  seems to be very intermittent  and can  affect  several of our CPUs  running  versions of Win7.      I thought some of it was related to a very long boot process and we changed our units to  NEVER  turn off  in power  config.   Each time we were rebooting ,   one or more  might take  30 to 40 minutes to get past the  DNS  name resolution  process.

 

If this is the wrong forum  chat  to  pursue the  DNS corruption  issue,  please forgive me.  I have  searched  for  a couple of months on this topic and have found nothing that comes closer in description than the information presented here.  

We are  in the process of letting my IT team  put a 24/7 monitor  package on our network to see  if there remains some  unusual   traffic from one or more units. 

This issue  seems to be  affecting the Win7 devices only.  (sad to admit I still have a vista and an xp and .........   did I finally  dust off my  98and  put a wreath on it and let it rest?..... not sure.  they tease me since we have machines  present in the office that still can run  Win ME)  

I will pack up and  follow a different forum thread if advised that is the more  specific and  helpful thing to do.

 

Thanks for the sharing of wisdom.  It is almost never won alone. 



#9 chandshy

chandshy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 21 August 2013 - 11:04 AM

Do you have avg antivirus installed?

 

I started having the same dns problems, first log in everything great, then poof dns failures. random, at odd times, etc.

 

I have been uninstalling applications until I came to my anti virus avg. removed it and so far 24 hours later no dns issues. 

 

I know it isn't my isp because I have 2 services and 5 computers. 2 computers with the problem windows 7 with avg, the others windows 8 with macfee, windows 7 avast, and android all worked fine. 

 

Removed avg off the second computer this morning and so far no dns issues.

 

 

 



#10 chandshy

chandshy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 21 August 2013 - 11:09 AM

never mind, poof dns problems back on first computer. I have flushed cache, disabled dns client, install local dns and using that, but nothing seem to work. I can use dig and nslookup without issue. It is like something is messing with the dns connection between chrome,firefox, and ie and the dns. 

 

any ideas at all, I am getting desperate and don't wish to format and reinstall but that is what it is about too.

 

virus scanners find nothing, trojan hunters nothing, rootkits nothing.f 



#11 Docrgl

Docrgl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 27 September 2013 - 02:56 PM

I had removed  AVG from all,  but I have found one of my staff running an AVG toolbar.

I'm not sure of the relevance.

 

Interestingly,  Acquired a new  Win 8 machine,  and it cannot get past the DNS issue at all attempting to connect wirelessly.

 

Others are connecting fine and running  fine while  the one or three machines that are experiencing the most of the disruption are  finding they cannot access the DNS server. 

Not sure  that we don't need to perhaps consider  reconfiguring them with new cat 5 s  to the switch and see if perhaps that solves anything.

 

Very peculiar problem.  A big timewaster for busy people.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users