2

If I run ping www.google.com in Windows 10 on a particular computer, it says Ping request could not find host www.google.com. Please check the name and try again.

If I run ipconfig /flushdns and try it again right afterwards, it resolves the IP as expected and works as do other DNS lookups for a brief period of time.

I tried disabling the "DNS Client" Windows service but that didn't solve it (though restarting the service has the same effect as the above of things temporarily working).

I tried the network diagnostic tool as well as doing a full "network reset" via the windows settings screen.

Some possible items of note are

  1. another computer connected to this network works fine
  2. things used to be fine on this computer on this network and then they stopped working
  3. pretty sure this computer works on another wifi network
  4. running sfc /scannow doesn't detect any integrity violations

Here is some debugging output on the network that has the issue while it's occurring:

>nslookup www.google.com DNS request timed out.
    timeout was 2 seconds. Server:  UnKnown Address:  209.18.47.62

DNS request timed out.
    timeout was 2 seconds. DNS request timed out.
    timeout was 2 seconds. DNS request timed out.
    timeout was 2 seconds. DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

>netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Disconnected   Dedicated        Wi-Fi
Enabled        Connected      Dedicated        Ethernet 2

Here's the output of nslookup right after running ipconfig /flushdns:

>nslookup www.google.com
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62

Non-authoritative answer:
Name:    www.google.com.socal.rr.com
Addresses:  198.105.254.228
          198.105.244.228
Improve this question
2
  • I'm puzzled - I thought ipconfig /flushdns cleared the local DNS cache and I thought nslookup bypassed the local DNS cache
    – Ross
    Commented May 13, 2017 at 7:09
  • 1
    To rule out the obvious: (1) set the dns servers to google: 8.8.8.8 and 8.8.4.4. (2) Disable IPv6. (3) Disable the firewall and antivirus. Reboot.
    – harrymc
    Commented May 13, 2017 at 10:55

1 Answer 1

Reset to default
3
+50

Your DNS queries are either being hijacked or improperly formed

The Evidence

The output of your nslookup www.google.com command is:

Server:      dns-cac-lb-02.rr.com
Address:    209.18.47.62

Non-authoritative answer:
Name:      www.google.com.socal.rr.com
Addresses: 198.105.254.228
                198.105.244.228

Observations

  1. The answer to your query is www.google.com.socal.rr.com instead of the expected www.google.com.
  2. The DNS server you're querying is in the same domain as the record of the incorrect answer: rr.com

Theory 1: DNS Hijacking

Your NSLOOKUP of www.google.com should return a Google IP address and the name www.google.com. Instead you're getting a completely different name record and an IP address (198.105.254.228) registered to a company named Search Guide Inc. (Source 1 Source 2).

If your ISP is Time Warner Cable (or a subsidiary) then this is a slam dunk explanation, because according to this Super User answer, DNS queries that resolve to the IP address 198.105.254.228 are the result of your ISP hijacking your DNS results as part of as "service" to give you search results when you type in an invalid Internet address. If this is the case, you can disable this feature on Time Warner's website here.

Even if your ISP isn't Time Warner, there's still a link between both the DNS server handling your request and the invalid www.google.com.socal.rr.com DNS answer you get. The domain name rr.com is registered to Time Warner Cable as shown in this GoDaddy WHOIS lookup:

Domain Name: rr.com
{...portions removed...}
Admin Name: Domain Name Administrator
Admin Organization: Time Warner Cable Inc.
Admin Street: 60 Columbus Circle,
Admin City: New York
Admin State/Province: NY
Admin Postal Code: 10023
Admin Country: US
{...portions removed...}
Name Server: dns2.rr.com
Name Server: dns6.rr.com
Name Server: dns3.rr.com
Name Server: dns5.rr.com
Name Server: dns1.rr.com

So, if Theory #1 is correct, you need to disable this preference per above, or use different DNS servers altogether.

Theory #2: Improperly Formed DNS Query

As explained in Theory #1, the DNS server handling your NSLOOKUP of www.google.com is known to return a "valid" DNS record even when a user requests a non-existent Internet hostname. You can determine if this error redirection is taking place by performing a lookup of an intentionally invalid name:

nslookup no-such-site.example.com

You should get this response:

Server:  <your DNS server name>
Address:  <your DNS server IP>

*** <your DNS server name> can't find no-such-site.example.com: Non-existent domain

However, if you get a response similar to the one in your question, it's obvious invalid requests are being intercepted and redirected to an error-lookup/advertising webpage.

That established, Theory #2 proposes that when you're doing a search for www.google.com your system is appending another suffix to the DNS request which is causing your the lookup request to be invalid, triggering the error-redirect service of your DNS server.

You can determine if this is the case by running the following command and examining its output:

nslookup -d2 www.google.com

The -d2 parameter causes NSLOOOKUP to print the exact questions and answers submitted to resolve the lookup request.

In the output, in each SendRequest() section examine the QUESTIONS: being submitted. The first several will be to resolve the name of your DNS server. Following those will be the lookups to resolve www.google.com. Basically what you're looking for are any lookup requests other than for www.google.com, such as for www.google.com.socal.rr.com. If you find any, then your machine is actually making an invalid DNS lookup. This is different than Theory #1's proposal that your machine is making a valid lookup request that's being incorrectly modified.

If your machine is making bad lookup requests, you need to examine the domain name suffix(es) specified in your TCP/IP configuration and remove any that don't belong.

Issue #2

Here is some debugging output on the network that has the issue while it's occurring:

nslookup www.google.com DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 209.18.47.62

In this case, your computer simply cannot reach your DNS server, indicating network connectivity issues. This does not explain why you get invalid answers to your DNS lookups and probably has an unrelated cause. In any case, if other machines on the network are working fine when this happens to your computer, this strongly suggests the problem is with this DNS server rather than your network.

Again, using different DNS servers should solve the problem in this case.

Improve this answer
4
  • Why would running `ipconfig /flushdns temporarily get things working on this computer? What's so weird is all the other systems on the network are fine and this computer used to be fine as well.
    – g491
    Commented May 16, 2017 at 2:09
  • @g491 That puzzles me too, but it's more concerning that once things get "working", they're really not working given that you're getting invalid responses to your query. You may find that solving this clearly evident problem also solves the more obscure issue of flushing the cache reviving lookups for a while.
    – I say Reinstate Monica
    Commented May 16, 2017 at 2:18
  • Did you figure out what is happening to your DNS queries?
    – I say Reinstate Monica
    Commented May 19, 2017 at 11:21
  • For time reasons we're just going to try replacing the networking equipment. I tried some stuff like Google DNS and didn't feel that there was a clear path to a solution. I awarded you the bounty for your high quality answer, and if this doesn't solve it, I'll plan to revisit and see if we can figure out what the deal is. Thanks
    – g491
    Commented May 20, 2017 at 19:38

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .