Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 43
  1. #16
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,616
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Yup, that'd be the correct method, but I'd use your ISP's DNS servers first to try and narrow the problem to your network or your ISP.

    cheers, Paul

  2. #17
    New Lounger
    Join Date
    Dec 2009
    Location
    Glasgow, Scotland
    Posts
    11
    Thanks
    0
    Thanked 1 Time in 1 Post

    Mr

    Random redirected DNS is a symptom of a rootkit - have you done what i said and have you run an av and rootkit check?

    Boot safemode with networking and test.
    If it works you have a problem.

    Or better still boot with a linux live cd and test - You have to isloate the problem - Computer , Network or External - Hirens is my first choice.

  3. #18
    Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    41
    Thanks
    0
    Thanked 20 Times in 2 Posts
    Quote Originally Posted by sreilly24590 View Post
    ... What I find perplexing is that on my home network I only have issues with my office computer doing this. In my case all but one system is wired Cat5e connected and the office computer connects directly to the modem/router. ... I checked my registry and didn't find either entry as you have listed on either computer. The symptoms are typical of yours but only on this one computer, out of 6. Rebooting the modem does clear the problem for a day maybe.
    These were exactly the symptoms that we had here - the wired PC was set to use the router's DNS proxy, and the router was set to use OpenDNS. My wireless laptop had its own DNS settings and was more reliable not not perfect.

    So I started experimenting, and after making it worse and doing a lot of research, I came up with this solution and not only did it make things much more reliable, but I was surprised that it also made it faster. The registry entry was not originally there - but if it is missing the default values I have talked about are used anyway.

    I don't have any firm idea what the cause of DNS unreliability was, but it is either the router's ability to handle significant UDP traffic (of which I sometimes have quite a lot) or packet loss elsewhere in the network. My bet is on the router having issues with UDP because at times when I was having a LOT of issues with DNS lookups, if I used NSLOOKUP to use a TCP connection rather than UDP it was both reliable and blindingly fast - but then again this could be caused by routers in the ISP or elsewhere in the Internet being set to drop UDP packets (which are not guaranteed delivery) in preference to TCP ones.

    My router is a fairly ancient Netgear one.

    Quote Originally Posted by sreilly24590 View Post
    I've hesitated using any kind of tweaking program as I don't understand what the changes are doing.
    I agree that you should be careful if you don't know what you are doing - there are a lot of "so called" tweaks on the internet which do nothing or which make things worse. (And I made things significantly worse tweaking DNS before I made them better.)

    Quote Originally Posted by sreilly24590 View Post
    I've come to the point where I think I need to reload my OS (Win 7 Pro 64 bit) and get a clean install. It's been a few years and there's likely to be a lot of undesirable stuff that should be gotten rid of. ...
    Whilst an OS reload can improve things if you have tweaked and screwed them up, in my experience they are a lot of effort for nothing. (I would, however, reload from scratch rather than do an O/S upgrade e.g. from Vista to Win7.)

    IMO, far better to tweak carefully using fixes that have been well researched, making careful backups of the registry entries before you tweak them is usually sufficient to undo any mistakes - and (so far at least) I have never done a tweak that broke windows so much that I couldn't log-on to remove it..
    Last edited by Protopia; 2014-06-16 at 06:19.

  4. #19
    Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    41
    Thanks
    0
    Thanked 20 Times in 2 Posts
    Quote Originally Posted by Sudo15 View Post
    Try these commands as an administrator from the command prompt pressing Enter after each, then reboot -

    netsh winsock reset catalog
    netsh int ip reset resetlog.txt
    ipconfig /flushdns
    ipconfig /registerdns
    I tried "ipconfig /flushdns" - I can't remember whether it provided any short-term benefit, but certainly didn't help for very long.

    "ipconfig /registerdns" is nothing to do with this issue - this registers your PC with a DNS server (which is typically used for corporate networks and Windows Domains - and not used for Home networks).

    Without having researched the details of what the other two commands actually do, they look to me like they might result in Windows losing your network configurations.

  5. #20
    Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    41
    Thanks
    0
    Thanked 20 Times in 2 Posts
    Quote Originally Posted by omendata View Post
    The first place that is checked is not the dns servers its cache / hosts file.
    It may have been corrupted / hacked by a virus leading to some crazy results.

    Always flush the dns cache first when diagnosing dns problems.
    And check the hosts file.
    This is a good call. Some malware does use the HOSTS file to redirect traffic to the wrong site, but it can only really be done to well known / high-traffic sites like google and bbc.co.uk because it needs to specify each domain individually in the HOSTS file.

    A friend recently had a different issue with both Google and BBC not working - she was using her router's DNS proxy (no idea what it was set to), but was clearly having issues with DNS pollution - changing her DNS servers fixed the issue.

    Quote Originally Posted by omendata View Post
    Its the hosts file that is preloaded into the cache so if its corrupt your cache is corrupt!!
    Not strictly true - whilst the Hosts file is usually checked first it is not actually loaded into the cache - if you do an "ipconfig /displaydns" you will not find any hosts file entries in there.

    Quote Originally Posted by omendata View Post
    There is an app that checks DNS servers and gives you the correct order to put into you DNS fields.
    Cant remember it offhand but google should elucidate.
    There are two such apps - the Google one and the Gibson Research (GRC) one. I tried both when I was having problems. However, they both reported a lack of reliable DNS servers, and in the end, when I had fixed the reliability I then chose servers which I knew to be both reliable and fast i.e. I started with

    1. ISP servers (all of them)
    2. Google (all of them)

    and then added a couple of other servers which these two tools had found in order to provide servers which were sufficiently spread out on the internet that if there were connectivity issues somewhere in the internet away from my own ISP then I would hopefully get a response from somewhere. I have a feeling that Level 3 was one of them (I think they may provide some of the internet backbone links).

  6. #21
    Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    41
    Thanks
    0
    Thanked 20 Times in 2 Posts
    Quote Originally Posted by omendata View Post
    Random redirected DNS is a symptom of a rootkit
    Could be - or could be a remote DNS server which has been compromised or could be something else entirely.

    And a redirected DNS is very different to an unreliable one - that is a completely different symptom and needs a completely different solution.

  7. #22
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,836
    Thanks
    30
    Thanked 250 Times in 244 Posts
    Quote Originally Posted by Protopia View Post
    I tried "ipconfig /flushdns" - I can't remember whether it provided any short-term benefit, but certainly didn't help for very long.

    "ipconfig /registerdns" is nothing to do with this issue - this registers your PC with a DNS server (which is typically used for corporate networks and Windows Domains - and not used for Home networks).

    Without having researched the details of what the other two commands actually do, they look to me like they might result in Windows losing your network configurations.
    Suggest you read these two articles -

    http://www.windows-secrets.co.uk/201...a-tcpip-stack/

    http://compnetworking.about.com/od/w...a/ipconfig.htm

  8. #23
    New Lounger
    Join Date
    Jun 2014
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for a very useful procedure!

  9. #24
    Lounger
    Join Date
    Dec 2009
    Location
    UK
    Posts
    41
    Thanks
    0
    Thanked 20 Times in 2 Posts
    The first link does not describe what the two "netsh" commands do - it just provides the commands. But if you read this microsoft knowledgebase article you will see that "netsh int ip reset resetlog.txt" does indeed reset the TCP connection completely wiping out your settings ("has the same effect as removing and reinstalling TCP/IP") and if you read this other microsoft knowledgebase article then you will see that the "netsh winsock reset catalog" command "resets the Winsock catalog to the default configuration" and "should be used with care because any previously installed LSPs will need to be reinstalled" i.e. your firewall is likely to be disabled.

    These commands are obviously not for the feint hearted, and decent research and diagnosis is needed to know if these will fix your issues or just make them far far worse.

    If you read the 2nd link, you will see that the DHCP comment relates to re-registering your IP with your ISP, so only applies if your PC is connected directly to the internet and not via a home router.

    Moral of the story: A little knowledge is a dangerous thing.

  10. #25
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,836
    Thanks
    30
    Thanked 250 Times in 244 Posts
    It was my understanding that Windows reloaded the LSPs during the reboot when it was repairing the winsock - it certainly doesn't seem to have affected anything other than to restore my browsing for me.

    Resetting to defaults is standard procedure when dealing with corruption and resetting the winsock catalog and the TCP/IP stack are proven methods in restoring Internet connectivity without having any adverse effects.

    MS even has an auto Fixit for resetting the TCP/IP stack.

    Fair enough, I haven't gone into the theory as deep as some, but I know what works without needing to, just as knowing an electric kettle will boil when you switch it on without having to know how electricity works.

    You go onto any Internet specific troubleshooting forum and you will see MSVPs advising those same set of commands as I have and you will see the success rate without any adverse affects being reported.

    If you want to know the nitty gritty, then no doubt there will be others on the forum more knowledgeable on the theory than me.

  11. #26
    New Lounger
    Join Date
    Jan 2010
    Location
    Washington, WA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Sudo15 View Post
    Fair enough, I haven't gone into the theory as deep as some, but I know what works without needing to, just as knowing an electric kettle will boil when you switch it on without having to know how electricity works.
    I don't have a solid explanation for this one either, but I've seen a few cases where DNS quits working on specific Windows computers and the problem went away simply by significantly extending the lease time on the router. Most routers have a very short lease time by default, typically one hour. For a home network vs. a hotspot, one doesn't need IP's renewing frequently as topology is quite static. Changing the lease time to days or a week alleviated the problem.

  12. #27
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,836
    Thanks
    30
    Thanked 250 Times in 244 Posts
    Quote Originally Posted by RebusCom View Post
    I don't have a solid explanation for this one either, but I've seen a few cases where DNS quits working on specific Windows computers and the problem went away simply by significantly extending the lease time on the router. Most routers have a very short lease time by default, typically one hour. For a home network vs. a hotspot, one doesn't need IP's renewing frequently as topology is quite static. Changing the lease time to days or a week alleviated the problem.
    Yes, I've come across that fix as well.

  13. #28
    3 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    333
    Thanks
    32
    Thanked 13 Times in 13 Posts
    "should be used with care because any previously installed LSPs will need to be reinstalled" i.e. your firewall is likely to be disabled.
    LSPs do not sound like something I might want. Firewall's being disabled aside sticking stuff in the TCP stack makes me nervous. I recently had a problem that may have been related to this. Has any one experience w/ Browsersafeguard.exe??




  14. #29
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,836
    Thanks
    30
    Thanked 250 Times in 244 Posts
    Quote Originally Posted by wavy View Post

    LSPs do not sound like something I might want. Firewall's being disabled aside sticking stuff in the TCP stack makes me nervous. I recently had a problem that may have been related to this. Has any one experience w/ Browsersafeguard.exe??
    I'm not sure how resetting the winsock catalog or the TCP/IP stack and this http://malwaretips.com/blogs/browser...virus-removal/ are related

    The winsock and TCP/IP stack commands deal with browser and Internet connectivity problems not necessarily caused by the actions of a PuP and if you are using a 3rd party AV that has its own firewall, then Windows Firewall will be disabled anyway.

  15. #30
    3 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    333
    Thanks
    32
    Thanked 13 Times in 13 Posts
    Sudo
    I was working on a friends computer that would not load Google.com among other sites.
    I was thinking Browsersafeguard.exe might have had something to do with this as it sets itself up as a proxyserver, but may have been a corrupted DNS cache. The sight I visited Bleepingcomputer.com had this:
    BrowserSafeguard is a program that scans your web connections for threats and blocks them if detected. BrowserSafeguard is able to do this by configuring your web browser to use the program as a proxy server. This allows all traffic to be inspected as it is passed through the program.
    This did not sound at all malicious and I left in installed. The link you sent gives me some second thoughts.
    Thanks




    PS where has the Thankyou button gone??
    Last edited by wavy; 2014-06-23 at 11:40.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •