Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts

    Question "Random" DNS Client Events Warnigs in Administrative Events logs

    Hi,

    I've noticed that I regularly (anywhere between once every other day or so to 2-3 times a day) get DNS Client Events Warnings in the Administrative Events log. I seem to recall seeing these on my old Windows XP laptop as well. Most of the time they are not to any website that I've visited (or have ever visited). Here are the last few examples:

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/19/2012 1:26:29 PM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: *********
    Description:
    Name resolution for the name platform.twitter.com timed out after none of the configured DNS servers responded.

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/19/2012 12:31:13 PM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: *********
    Description:
    Name resolution for the name www.flickr.com timed out after none of the configured DNS servers responded.

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/18/2012 1:52:10 PM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: *********
    Description:
    Name resolution for the name taiwangirl.higo2meme.info timed out after none of the configured DNS servers responded.

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/18/2012 12:55:39 PM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: *********
    Description:
    Name resolution for the name www.discriminations.us timed out after none of the configured DNS servers responded.

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/18/2012 11:40:20 AM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: *********
    Description:
    Name resolution for the name www.thehumorwriter.com timed out after none of the configured DNS servers responded.


    A scan with Microsoft Security Essentials and Spybot show nothing nefarious. (I realize there are better A/V scans to do, but I really don't do a lot of random internet surfing.)

    My thought is that there are ads on websites that create these events when the link embedded in the ad can't resolved or something? I use Firefox with Ad-Blocker Plus, but I guess it doesn't stop these DNS website look-ups from happening? What is happening? Does your computer actually connect to these sites, or is the browser just looking up the address in case you click on an ad or something? (And how do they still show up with Ad-Block Plus doing its thing?)

    I did some internet research, and there wasn't a lot about this -- though I did see one message board thread where someone asked the same thing (and their theory was similar to mine above), and while everyone posted that he had something bad on his system (I notice most people immediately respond with that), he actually had a completely clean install of the OS and was completely protected, etc. -- so he (as I do) figured it wasn't a virus or spyware thing.

    Any thoughts? Thanks!

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Something to think about and mull over...
    See if you can go over your list of installed programs, or add-ons, to identify any component of which that may have ads in them that might be "phoning home" or communicating with their parent network for ad streams.
    This doesn't necessarily represent a compromise or infection to your system, just advertisements usually associated with some freeware.

  3. #3
    3 Star Lounger jockmullin's Avatar
    Join Date
    Dec 2009
    Location
    St-Eustache,QC,Canada
    Posts
    239
    Thanks
    10
    Thanked 21 Times in 20 Posts
    It really sounds like your DNS servers are not responding. Are you using the ones recommended by your ISP?

    Try adding the Google DNS servers to the list and see if that resolves the problem. They are 8.8.8.8 and 8.8.4.4.

    Jock

  4. #4
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Thanks for the reply! The only installed programs that are "freeware" are Paint.NET, VLC Player, FileZilla Client (I think, unless it came with the laptop), Foxit Reader, and ImgBurn. The only add-ons I have are for Firefox: FireFTP, Ad-Block Plus, Flash (usually disabled) and VLC Player plugin. I did get another entry this morning and I think the only website I visited was this one! (I may have gone to Wikipedia to look up a process, but I think that was after it showed up.)

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/20/2012 7:11:57 AM
    Event ID: 1014
    Task Category: None
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: ********
    Description:
    Name resolution for the name www.thehumorwriter.com timed out after none of the configured DNS servers responded.


    But if something were calling home from a program, that program (or service) would have to be running, right? I'm posting my running services below (though I can post those that aren't running too, if needed) and attaching images of my running processes.

    IKE and AuthIP IPsec Keying Modules Started
    Intel(R) Management and Security Application Local Management Service Started
    Intel(R) Management and Security Application User Notification Service Started
    Intel(R) Rapid Storage Technology Started
    IP Helper Started
    Microsoft Antimalware Service Started
    Multimedia Class Scheduler Started
    Network Connections Started
    Network List Service Started
    Network Location Awareness Started
    Network Store Interface Service Started
    Plug and Play Started
    PnP-X IP Bus Enumerator Started
    Power Started
    Print Spooler Started
    Program Compatibility Assistant Service Started
    Remote Procedure Call (RPC) Started
    RPC Endpoint Mapper Started
    Security Accounts Manager Started
    Security Center Started
    Server Started
    Shell Hardware Detection Started
    SSDP Discovery Started
    Superfetch Started
    System Event Notification Service Started
    Task Scheduler Started
    TCP/IP NetBIOS Helper Started
    Themes Started
    User Profile Service Started
    Windows Audio Started
    Windows Audio Endpoint Builder Started
    Windows Driver Foundation - User-mode Driver Framework Started
    Windows Event Log Started
    Windows Firewall Started
    Windows Font Cache Service Started
    Windows Image Acquisition (WIA) Started
    Windows Management Instrumentation Started
    Windows Search Started
    Windows Update Started
    WLAN AutoConfig Started
    Workstation Started
    ZAtheros Bt&Wlan Coex Agent Started


    Based on all this, any other thoughts? What exactly is happening with these DNS Client Events? Especially all the ones that I'm assuming are successful and don't show up in a log? And are there any settings with Windows Firewall or internet connection stuff or anywhere else that would help prevent them (if necessary)?

    I guess it's not a big deal if it's normal and nothing "real" is actually being sent/received when they're successful events? What is being sent or received?

    Thanks again!
    Attached Images Attached Images
    Last edited by WindowsWasher; 2012-08-20 at 11:29.

  5. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Have you tried to flush your DNS Cache?

    Open up a command prompt (Start > Run > "cmd.exe" > OK).

    Type in the command: ipconfig /flushdns (notice the space between the g and the/)
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. The Following User Says Thank You to Medico For This Useful Post:

    WindowsWasher (2012-09-07)

  7. #6
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by jockmullin View Post
    It really sounds like your DNS servers are not responding. Are you using the ones recommended by your ISP?

    Try adding the Google DNS servers to the list and see if that resolves the problem. They are 8.8.8.8 and 8.8.4.4.

    Jock
    Thanks for the reply! I'm not sure how to do that. And, technically, I guess it doesn't bother me that I'm getting these errors -- I'm more concerned with why the computer is trying to connect to these sites that I've never visited (and all the ones it is successfully connecting to that don't get logged). If it's normal behavior, then I'll stop worrying about it -- though I'd like to know what exactly is happening and why. If it's not normal, then I'll have to do something about it. Do you know what it's all about?

    And I'm not sure what's recommended by my ISP (or where to set that). I live in a 5-apartment building that the internet is provided for. The wireless base is in another apartment. The wireless is password secure, but can be used by anyone who lives in the building.
    Last edited by WindowsWasher; 2012-08-20 at 11:29.

  8. #7
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Thanks for the reply! I will try this, but let me ask first... what does this do and how would it help with the issue? (I just like to know things before I do them, if that's cool?) And does the fact that the secure wireless internet is shared within the apartment building mean anything in regards to this (as described in my last post)?

  9. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Explanation of what it is. It might not work, but it might. It takes a couple of minutes so you will not tie yourself up for an extended period.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #9
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Ted Myers View Post
    Explanation of what it is. It might not work, but it might. It takes a couple of minutes so you will not tie yourself up for an extended period.
    Okay, thanks. I can try to give this a shot. But it sounds like this is a potential solution for the errors showing up in the log. I'm not actually concerned about the errors themselves, but more so the "successes" and what it means. The errors just give me a heads up that my computer is trying to call these web addresses even though I've never visited those websites. So, I'm guessing, there is a much larger amount of "non-errors" (i.e. successful name resolutions). I really just want to know if this is normal and what is actually happening. Is it just ads on websites? Ads or something from my ISP?

    Why does this happen and what is it actually doing? Is it going to a website? Is it just checking if the address is legitimate if I decided to click on something to go to the website? Is it sending or receiving any "important" information to/from my computer? Why does it happen? (Not the error, but the thing itself.) Know what I mean? Thanks again!

  11. #10
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Thanks again for the replies, but does anyone know what is actually happening with the call outs to these websites (not why certain ones don't go through, but why they happen in the first place). Is it ads on websites? Thanks for the help.

  12. #11
    3 Star Lounger jockmullin's Avatar
    Join Date
    Dec 2009
    Location
    St-Eustache,QC,Canada
    Posts
    239
    Thanks
    10
    Thanked 21 Times in 20 Posts
    Some of the failures listed in your errors are pretty ordinary site references (flickr and twitter), a couple of others are questionable (discriminations.us looks like a blog of some kind) and thehumorwriter.com does not seem to exist. These can get referenced by any web page, html email or embedded ad which contains links to these sites for resources, such as images or logos. Just accessing another page referencing these urls can cause your browser or email client to attempt a link. It does not necessarily mean a separate app is running on your system and attempting these links.

    A tutorial on DNS and how to add DNS servers to your configuration:
    http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html

    J
    ock
    Last edited by jockmullin; 2012-08-21 at 12:13. Reason: Minor copy edit

  13. The Following User Says Thank You to jockmullin For This Useful Post:

    WindowsWasher (2012-09-07)

  14. #12
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Thanks for the reply! I remember that I used to use Open DNS on my old laptop. I went ahead and made the switch - and flushed the DNS cache per Medico's suggestion (especially since I was switching DNS).

    However, I made a mistake and typed in the ipconfig /flushdns into the run box instead of opening a command window from the run box, then typing it it. (I think I also tried running the regular ipconfig command the same way.) I could see the command box pop open and text fly by, then close. Obviously, that's not the way you're supposed to do it (and I did it the right way now), but doing it that wrong way, does that cause anything weird...?

    Also, after (I think) making the changes above, I saw this DNS Client Event in the log:

    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 8/21/2012 1:30:27 PM
    Event ID: 1006
    Task Category: None
    Level: Warning
    Keywords:
    User: LOCAL SERVICE
    Computer: ********
    Description:
    The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. 192.168.0.1


    What's this about? (I looked up that address and it looks like it has something to do with a router - so I guess there is a router in the building. But that would be an IP address not a DNS server, right?)

    Thanks again for the help!
    Last edited by WindowsWasher; 2012-08-21 at 16:51. Reason: Added new Warning message

  15. #13
    3 Star Lounger jockmullin's Avatar
    Join Date
    Dec 2009
    Location
    St-Eustache,QC,Canada
    Posts
    239
    Thanks
    10
    Thanked 21 Times in 20 Posts
    192.168.0.1 is the IP address of the router. It is normal to use your router as the primary DNS server; what that means is the DNS server(s) in the router's configuration will be the ones used in doing name resolution.

    Your problem is you don't own that router, so likely don't know what DNS servers it is using. That error in the log confirms there may be a problem with the router's DNS setup. Which is exactly why it was recommended you use some additional ones in your local configuration.

    Most likely the DNS servers in the router's config are the ISP-provided ones, and those are often unresponsive. It is also conceivable that public router has been hacked.

    All of this ties in with the events you have been experiencing. I would remove 192.168.0.1 as a DNS server and substitute a known good set.

    Jock
    Last edited by jockmullin; 2012-08-21 at 20:00. Reason: Afterthought

  16. The Following User Says Thank You to jockmullin For This Useful Post:

    WindowsWasher (2012-09-07)

  17. #14
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by jockmullin View Post
    I would remove 192.168.0.1 as a DNS server and substitute a known good set.
    How do I do that? Or is that what I've already done by adding the DNS servers to the wireless (instead of letting it automatically determine them) as described in the instructions you posted a link to? Or do I need to actually remove that 192.address manually somehow/somewhere?

    Here are a few other warnings/errors that could (?) be related that I was getting and still get:

    Log Name: System
    Source: Microsoft-Windows-WLAN-AutoConfig
    Date: 8/21/2012 2:47:31 PM
    Event ID: 4001
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: *****
    Description:
    WLAN AutoConfig service has successfully stopped.

    Log Name: Application
    Source: Microsoft-Windows-WMI
    Date: 8/21/2012 2:49:44 PM
    Event ID: 10
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: *****
    Description:
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Log Name: System
    Source: Microsoft-Windows-WLAN-AutoConfig
    Date: 8/21/2012 2:47:31 PM
    Event ID: 4001
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: *****
    Description:
    WLAN AutoConfig service has successfully stopped.

    Log Name: System
    Source: Microsoft-Windows-WLAN-AutoConfig
    Date: 8/21/2012 8:44:39 PM
    Event ID: 10002
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: *****
    Description:
    WLAN Extensibility Module has stopped.
    Module Path: C:\Windows\system32\athihvs.dll

    Log Name: Microsoft-Windows-Dhcp-Client/Admin
    Source: Microsoft-Windows-Dhcp-Client
    Date: 8/21/2012 8:55:14 PM
    Event ID: 1003
    Task Category: Address Configuration State Event
    Level: Warning
    Keywords:
    User: LOCAL SERVICE
    Computer: *****
    Description:
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address ************. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    Log Name: Microsoft-Windows-Dhcp-Client/Admin
    Source: Microsoft-Windows-Dhcp-Client
    Date: 8/21/2012 8:57:17 PM
    Event ID: 1001
    Task Category: Address Configuration State Event
    Level: Error
    Keywords:
    User: LOCAL SERVICE
    Computer: *****
    Description:
    Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address ****************. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


    What does all that mean? Related? Anything to be done?

    And if the router is hacked, what does that mean for me exactly? Can someone get on my computer? (My wife has an iPad, which doesn't have A/V, so could someone get on that?)

    Please note: Neither of us stay connected to the wireless internet full-time (off more than on). And I often turn it on and off.

    Thanks for walking through this with me -- I appreciate the help and look forward to hearing back! Have a nice night.

  18. #15
    3 Star Lounger jockmullin's Avatar
    Join Date
    Dec 2009
    Location
    St-Eustache,QC,Canada
    Posts
    239
    Thanks
    10
    Thanked 21 Times in 20 Posts
    If you unchecked obtain DNS server address automatically and filled the the server addresses to use per the tutorial, then you should be OK on the DNS front.

    It is conceivable though unlikely the DNS servers in the wireless router were changed to point to rogue servers for the purpose of routing web traffic to malware sites. If that is done it can introduce significant delays in DNS lookup response times, which might have been the cause of your original problem which is why I mentioned it.

    The other event log items you posted are not related to DNS; rather to DHCP - the part that assigns your computer a local ip address (in the 192.168.0.### range). If it doesn't work you will not have internet connectivity. Those may be temporary if the DHCP server is busy or short of available addresses.

    Frequent disconnect/reconnect events make that type of error more likely, but it should be transitory - your computer will keep trying.

    I know little or nothing about iPad security, sorry. Those wee thingies are too small for these old eyes.

    Jock

  19. The Following User Says Thank You to jockmullin For This Useful Post:

    WindowsWasher (2012-09-07)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •