nslookup IS working; ping -4 name.com NOT working
The most obvious symptom of this problem is that nslookup
IS working, while ping -4 name.com
is NOT working.
That's because nslookup
contains its own DNS client, and so does not use the Windows one.
ping
when given a name, uses the Windows DNS Client to translate name -> number.
So if nslookup
can translate, then lots of things work: networking hardware, NIC adapter driver, internet connectivity to the DNS servers, and successfully accessing the servers to do a translation. That's a lot!
However, ping -4 name.com
fails, so if all that other stuff is working, it's the Windows DNS client software itself that is implicated.
Note i did ping -4
to isolate to IPv4 excluding IPv6 influences.
displaydns fails
That's why the best symptom to describe the actual problem is that
ipconfig /displaydns
reports:
Could not display the DNS Resolver Cache.
But DNS client is running
Reading forums, the most probable reason for this symptom is the DNS Client (aka dnscache
) service is not running; however for us it is.
We did
net stop dnscache
net start dnscache
sc query dnscache
and it is on.
It's Not DNS suffix
Another possibility is that there are DNS suffixes in use. However going into network and sharing center -> change adapter settings -> Wireless Network Connection -> Properties -> Internet Protocol Version 4 Properties -> Advanced -> DNS tab, we have:
[CHECKED] Append primary and connection specific DNS suffixes
- [CHECKED] Append parent suffixes of the primary DNS suffix
[UNchecked] Append these DNS suffixes
(and the list box is empty)
DNS suffix for this connection:
[CHECKED] Register this connection's addresses in DNS [UNchecked] Use this connection's DNS suffix in DNS registration.
However, i'm not sure if any of this matters cuz we can't get to goolge.com, ie a FQDN.
More info
We disabled IPv6 for now for debug. So everything reported in here is with IPv6 off.
nslookup
works reliably, on google.com
and everything else.
However,
ping -4 google.com
says
Ping request could not find host google.com
And browsing says DNS error.
Now, I have learned that nslookup
has its own DNS client, separate from Windows. Which would lead me to believe that nslookup's
DNS client is fine, and Windows is corrupted somehow.
Indeed, we can browse google and other sites via IP address fine, just not by name.
ping
by IP address works fine. As does tracert
by IP address.
Not DirectAccess
The problem does not appear to be DirectAccess :
netsh dns show state
reports (among other things)
Network Location Behavior Never use Direct Access settings
Direct Access Settings Not Configured
Wireshark
A Wireshark capture during nslookup
shows name queries.
However a capture doing ping showed no such queries. In fact, no activity at all (other than background). That suggests that the Windows DNS client is not even trying to go out to the internet and translate the name, which would be consistent with its inability to displaydns.
Other notes
The c:\windows\system32\drivers\etc\hosts
is empty (only comments).
The problem happens when the DNS server is set to the university's; or when set to google's 8.8.8.8 and/or 8.8.4.4 and/or OpenDNS's 208.67.222.222 and/or 208.67.220.220. Which makes sense given that Wireshark reports that Windows isn't even sending the name query.
The problem happened after a heat crash. However, being able to browse by IP rules hardware problems, except perhaps for HDD corruption. However chkdsk
did not report any bad sectors, and sfc
did not find any corruption.
We have also uninstalled the Network Adapter in Device Manager and let it re-install automatically. Also checked for updates for this adapter on windows. There weren't any.
The crash means a reboot, so maybe it was a bad windows update. However, there were several reboots before this one and after the most recent windows update.
We've run for rootkit is Malwarebytes Anti-Malware, also their Malwarebytes Anti-Rootkit beta, TDSSKiller, and Comodo Cleaning Essentials (CCE, but it appears not to be updated).
Have not tried in safe mode with networking yet.
We are mostly using a university router, however the problem also happens when connected to smartphone's hotspot.
ipconfig
reports 5 Tunnel Adapters, but they all report "Media Disconnected". 2 of them look university specific.
ipconfig
and device manager both report a Microsoft Virtual WiFi Miniport Adapter
. What is this and could it be the problem?
The problem is identical after many reboots of the PC.
It's a laptop, and most of this was done with the wireless connection, but the wired connection appeared to have the same behavior.
Summary
So, it appears Windows DNS client is corrupted or at least malfunctioning in some way, but I'm not sure how to figure out why.
(BTW, i'm writing this on another computer)
Edit:
@Kris wanted to see ipconfig /all
C:\Users\[username]>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : <<<====NOTE NO HOST NAME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ed*****.***l.edu
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : ed*****.***l.edu
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.131.2.**(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.128.0
Lease Obtained. . . . . . . . . . : Monday, April 27, 2015 11:32:13 AM
Lease Expires . . . . . . . . . . : Monday, April 27, 2015 11:47:13 AM
Default Gateway . . . . . . . . . : 10.131.0.1
DHCP Server . . . . . . . . . . . : 132.236.56.249
DNS Servers . . . . . . . . . . . : 192.35.82.50
128.253.180.2
132.236.56.250
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : r****.****l.edu
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {CBE4B55D-63C6-460A-82CF-7076427CD2AF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.e****.****l.edu:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{270C639B-82A2-4AE7-B886-D40DAA7EF798}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.r****.****l.edu:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Edit 2:
Tried
netsh int ip set dns "wireless network connection" static 8.8.4.4
net winsock reset
and reboot and did not change anything.
Tried this excellent site (thanks @Kris) Windows 7: Services - Restore Default Services in Windows 7 and downloaded their DNS_Client.reg
(and named it .reg.txt
for safety) and compared that to the existing registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache
but sadly, they were the same.