Re: Windows DNS corrupted by Firefox
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 4 Sep 2009 20:12:11 -0400
"SupermanGolfer" <SupermanGolfer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:98E2F5E6-E3D8-4CFB-AA73-9DDE5FA81286@xxxxxxxxxxxxxxxx
"Ace Fekay [MCT]" wrote:
"SupermanGolfer" <SupermanGolfer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DE101C96-4BD1-49AD-B168-F12E2638D933@xxxxxxxxxxxxxxxx
>I was running firefox and updated to 3.5 version that apparently has
> corrupted windows ability to clear DNS. I have manually ran the > ipconfig
> /flushdns on several occassions and it appears to help for a little > while,
> but it isn't long until I get a message in my browser "unable to locate
> server". This happens with IE8, Firefox 3.5, Google Chrome 2.0 and > Safari
> 4.0. I have read up as much as possible and it appears that the > firefox
> update was the culprit and has affected the other browsers. Any > thoughts
> on
> how to uncorrupt this issue in windows? I am running windows xp. > Thanks
> in
> advance.
I'm not a Firefox user, but I was curious about your 'corruption' statement.
So I searched on "firefox 3.5 corrupts" and got numerous links on various
issues with Firefox. Tell you the truth, I was surprised about all the
issues I found. Most of them just stated to download the next update, etc. I
think 3.5.2 is the latest? Is that the version you have?
Anyway, regarding the local host cache (and it's not really the "DNS cache,"
which is a misnomer because it also uses HOSTS files as well, such as that
if anything is in the hosts file, it will look at that first, cache it, then
retrieve it. Now if you are flushing it and it works, that may indicate some
sort of corruption in the cache or the DNS addresses being used have been
compromised by the DNS exploit that an attacker can inject their own data
into the DNS Server's cache, which is also referred to as cache poisoning
(nothing to do with the client side).
Prior to flushing the cache, run ipcoinfig /displaydns, and take a look at
what's in it and try to find the last thing you were visiting. I don't know
what DNS servers you are using, but you can confirm that the host entries in
the cache that you are viewing has the correct IP by using nslookup, and
select to use a different server with the 'server' command, such as using
4.2.2.2.
nslookup
> server 4.2.2.2
> www.whatever.com (or whatever you see in the cache)
> response returns
You can also try disabling the DNS Client service in your Services console
on your workstation (or laptop). This disables the local host cache and
forces each URL request (or any network resolver request) to look them up as
a request to the hosts file first, then the DNS server, and not cache the
response.
That will interesting if it works, otherwise, I cannot see how a network
enabled application can corrupt a lookup since all it is doing is merely
asking the operating system's client side resolver service (note - IE,
firefox, etc, do not do the resolution, they ask the OS) to resolve the
query, then the client side service resolves it based on whether it's in the
local host cache, and if not, it sends a query to the first DNS address in
IP properties, and if that doesn't answer, it removes the first entry from
the eligible resolve list for 15 minutes, then goes to the next entry in the
list, and so on until either a Null, NXdomain or it gets a response, whcih
then it will cache the response, and give the response to the client side
resolver, which passes it to the requesting application.
Does that make sense?
Have you also posted to the Firefox forums regarding this issue?
Do you see any event log errors in your machine's Event log viewer? If so,
post the EventID# and source names.
Try a different DNS server in your IP properties instead of the one the ISP
provided, such as 4.2.2.2 and 4.2.2.3. They work nicely.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Ace,
The majority of the above information went well over my head, however, I did
manage to disabled the DNS Client service which fixed the problem. So far so
good :)
I'm sorry it was over your head. I was providing the technical info of what may be going on. If disabling the DNS client service works, then it is telling me one of the following is going on:
1. The DNS server being used by your machine may not have had the DNS vulnerability exploit patch applied,
2. You may have malware/spyware installed that is affecting your machine's resolver and local host cache.
Run an antispyware scan, as well as download and run Malwarebytes utility (www.malwarebytes.com). It's free. It catches some things that other spyware scanners may not find, but it is good to run more than one scan from different companies to get a better idea of what may be installed on your machine.
Ace
.
- Follow-Ups:
- Re: Windows DNS corrupted by Firefox
- From: SupermanGolfer
- Re: Windows DNS corrupted by Firefox
- References:
- Windows DNS corrupted by Firefox
- From: SupermanGolfer
- Re: Windows DNS corrupted by Firefox
- From: Ace Fekay [MCT]
- Re: Windows DNS corrupted by Firefox
- From: SupermanGolfer
- Windows DNS corrupted by Firefox
- Prev by Date: Re: Windows DNS corrupted by Firefox
- Next by Date: Re: Windows DNS corrupted by Firefox
- Previous by thread: Re: Windows DNS corrupted by Firefox
- Next by thread: Re: Windows DNS corrupted by Firefox
- Index(es):
Relevant Pages
|
