Hello everyone,

I have a nice new installation of Window XP Pro 64. SP 1 (v2003).
My problem can be stated rather simply as: My hosts file is being completely
ignored by the DNS client.

The Hosts file is valid (name and content) and located in the correct
folders. The registery settings are correctly set to find the hosts file. I
have read the tech manuels on Microsofts web site looking for any hidden
gotchas. Nothing strange there, and indeed they reflect my understand of how
my domain names should be resolved

Here are some links to the resource I have been using

http://www.microsoft.com/technet/its...etwork/deploy/
depovg/tcpip2k.mspx
http://www.microsoft.com/technet/its...etwork/evaluat
e/technol/tcpipfund/tcpipfund_ch07.mspx

Right, so now I will draw your attention to the following text from the
above resource (give or take some typos):

This file maps host names to IP addresses. For TCP/IP for Windows XP and
Windows Server 2003, the contents of the Hosts file are loaded into the DNS
client resolver cache.

And then then a little further down some comments about the dns client
resolver are made, which I have summerised/hacked out as follows:

The DNS Client Resolver Cache

The DNS client resolver cache stores entries for both successful and
unsuccessful DNS name resolutions.

* The contents of the cache are built dynamically from the Hosts file
and from DNS queries.
* DNS query entries are kept only for the Time to Live (TTL) period.
* Hosts file entries do not have a TTL and are kept until the entry is
removed from the Hosts file.

The ipconfig /displaydns command can be used to view the contents of the DNS
client resolver cache and ipconfig /flushdns flushes the cache and refreshes
the DNS client resolver cache with just the entries in the Hosts file.

The documenation is quite clear. I flushed the cache and then listed the
contents on the 64 bit PC. The cache was empty. I did the same thing on
another machine, and their the cache contained the hosts file, as promised.

After some more googling I came across a wikipedia entry which stated the
following (give or take a few edits):

Windows XP SP2, and perhaps other versions, appears to ignore the hosts file
if the "DNS Client" service is running. One workaround is to stop the DNS
Cache service. To preserve this setting across reboots ensure that the
service is reconfigured to start manually. (Being a good sport, I added some
text to the entry)

The strange thing is that the 2nd machine I tested on, is an XP SP2
installation... Further, when I turn off this service as suggested, my hosts
file works as expected.

So the question is what is going on here? Is this a bug? Or am I missing
some magic settings that will make dns caching read the hosts file as
promissed in the docs?

When I searched the forum for similar topics I read that some one had the
reverse problem. i.e. when the cache was turned off resolving failed. Which
make sense to me... go figure.

Any ideas?

Caleb Lyness wrote:
> Hello everyone,
>
> I have a nice new installation of Window XP Pro 64. SP 1 (v2003).
> My problem can be stated rather simply as: My hosts file is being completely
> ignored by the DNS client.
>
> The Hosts file is valid (name and content) and located in the correct
> folders. The registery settings are correctly set to find the hosts file. I
> have read the tech manuels on Microsofts web site looking for any hidden
> gotchas. Nothing strange there, and indeed they reflect my understand of how
> my domain names should be resolved
>
> Here are some links to the resource I have been using
>
> http://www.microsoft.com/technet/its...etwork/deploy/
> depovg/tcpip2k.mspx
> http://www.microsoft.com/technet/its...etwork/evaluat
> e/technol/tcpipfund/tcpipfund_ch07.mspx
>
> Right, so now I will draw your attention to the following text from the
> above resource (give or take some typos):
>
> This file maps host names to IP addresses. For TCP/IP for Windows XP and
> Windows Server 2003, the contents of the Hosts file are loaded into the DNS
> client resolver cache.
>
> And then then a little further down some comments about the dns client
> resolver are made, which I have summerised/hacked out as follows:
>
> The DNS Client Resolver Cache
>
> The DNS client resolver cache stores entries for both successful and
> unsuccessful DNS name resolutions.
>
> * The contents of the cache are built dynamically from the Hosts file
> and from DNS queries.
> * DNS query entries are kept only for the Time to Live (TTL) period.
> * Hosts file entries do not have a TTL and are kept until the entry is
> removed from the Hosts file.
>
> The ipconfig /displaydns command can be used to view the contents of the DNS
> client resolver cache and ipconfig /flushdns flushes the cache and refreshes
> the DNS client resolver cache with just the entries in the Hosts file.
>
> The documenation is quite clear. I flushed the cache and then listed the
> contents on the 64 bit PC. The cache was empty. I did the same thing on
> another machine, and their the cache contained the hosts file, as promised.
>
> After some more googling I came across a wikipedia entry which stated the
> following (give or take a few edits):
>
> Windows XP SP2, and perhaps other versions, appears to ignore the hosts file
> if the "DNS Client" service is running. One workaround is to stop the DNS
> Cache service. To preserve this setting across reboots ensure that the
> service is reconfigured to start manually. (Being a good sport, I added some
> text to the entry)
>
> The strange thing is that the 2nd machine I tested on, is an XP SP2
> installation... Further, when I turn off this service as suggested, my hosts
> file works as expected.
>
> So the question is what is going on here? Is this a bug? Or am I missing
> some magic settings that will make dns caching read the hosts file as
> promissed in the docs?
>
> When I searched the forum for similar topics I read that some one had the
> reverse problem. i.e. when the cache was turned off resolving failed. Which
> make sense to me... go figure.
>
> Any ideas?

I love the detail you have provided here. You did better research than
I did. I gave up with my Windows XP HOME / SP2 because I could not
verify the accuracy of the explanation as above. Indeed, I cam to a
strange, unverified conclusion...
There is hook, perhaps because of a Microsoft business relationship with
some advertisers. There are DNS entries that I can never get rid of. I
will list them at the end of this post. I also find that Windows XP
systems located in different cities may produce different results.

Even thought I have filtered these domains in my HOSTS file, they still
function. Hmmmm. Is there a business agreement involved here?

I have a 250K HOSTS file. I redirect to my own web server to handle
those domains appropriately (Kill their intended function). Why is my
hosts file not in the list created by
ipconfig /displaydns ?

Likewise, I cant flush it.

Where did this unwanted data come from?
Why is it permanent?
Is it perhaps hard coded or otherwise provided by the DNS client service?

.... Ask Bill G.

(If I stop service DNS Client,
ipconfig /displaydns produces message
"Windows IP Configuration

Could not display the DNS Resolver Cache."

Maybe XP Home is different? I doubt it.

HOSTS file IS working; it simply does not show in the DNS cache.

king-daddy


ipconfig /displaydns
Results...

ads.x10.com
----------------------------------------
Record Name . . . . . : ads.x10.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


www15.ad.tomshardware.com
----------------------------------------
Record Name . . . . . : www15.ad.tomshardware.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


rd.advertising.com
----------------------------------------
Record Name . . . . . : rd.advertising.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


us-nj-2.ns.nsatc.net
----------------------------------------
Record Name . . . . . : us-nj-2.ns.nsatc.net
Record Type . . . . . : 1
Time To Live . . . . : 1918
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 67.29.176.241


clickit.go2net.com
----------------------------------------
Record Name . . . . . : clickit.go2net.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


187.188.69.207.in-addr.arpa
----------------------------------------
Record Name . . . . . : 187.188.69.207.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : ns3.mindspring.com


f.abz.com
----------------------------------------
Record Name . . . . . : f.abz.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


ads.pennyweb.com
----------------------------------------
Record Name . . . . . : ads.pennyweb.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


www.clicksites.net
----------------------------------------
Record Name . . . . . : www.clicksites.net
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


www.paypopup.com
----------------------------------------
Record Name . . . . . : www.paypopup.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


www.ourmagicbox.com
----------------------------------------
Record Name . . . . . : www.ourmagicbox.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 24.136.140.88


servedby.advertising.com
----------------------------------------
Record Name . . . . . : servedby.advertising.com
Record Type . . . . . : 1
Time To Live . . . . : 398002
Data Length . . . . . : 4
Section . . . . . . . : Answer

Here is the result

Caleb wrote on Fri, 2 Jun 2006 05:41:02 -0700:

> I have a nice new installation of Window XP Pro 64. SP 1 (v2003).
> My problem can be stated rather simply as: My hosts file is being
> completely
> ignored by the DNS client.
>
> The Hosts file is valid (name and content) and located in the correct
> folders. The registery settings are correctly set to find the hosts file.

Exactly what location is it in? I haven't messed with XP 64 yet, but maybe
it should be in

c:\windows\system64\drivers\etc\

rather than the system32 folder - if XP 64 has a system64 folder.

> I have read the tech manuels on Microsofts web site looking for any hidden
> gotchas. Nothing strange there, and indeed they reflect my understand of
> how my domain names should be resolved
>
> Here are some links to the resource I have been using
>
> http://www.microsoft.com/technet/its...g/tcpip2k.mspx

This is for Windows 2000, not XP, and so some aspects may well have changed.
Download the article for Windows 2003 from
tp://www.microsoft.com/downloads/details.aspx?familyid=06C60BFE-4D37-4F50-8587-8B68D32FA6EE&displaylang=en
- this includes the XP implementation details.

> The documenation is quite clear. I flushed the cache and then listed the
> contents on the 64 bit PC. The cache was empty. I did the same thing on
> another machine, and their the cache contained the hosts file, as
> promised.

This points to XP 64 either not loading the hosts file due to an error on
one of the lines, or it being in the wrong location.

> After some more googling I came across a wikipedia entry which stated the
> following (give or take a few edits):
>
> Windows XP SP2, and perhaps other versions, appears to ignore the hosts
> file if the "DNS Client" service is running. One workaround is to stop the
> DNS Cache service. To preserve this setting across reboots ensure that the
> service is reconfigured to start manually. (Being a good sport, I added
> some text to the entry)

I disable the DNS Client service on the systems here as I've found it has a
habit of getting "stuck", at least on 2000 - if the primary DNS server
doesn't respond to a request it kicks to the secondary, and from then on
only uses the secondary. On occassion I've had DNS resolution fail
completely when the secondary didn't respond quickly, and the machines
didn't return to trying the primary.

Dan

On Fri, 2 Jun 2006 14:51:47 +0100, "Daniel Crichton" <(E-Mail Removed)>
wrote:

>Caleb wrote on Fri, 2 Jun 2006 05:41:02 -0700:
>
>> I have a nice new installation of Window XP Pro 64. SP 1 (v2003).
>> My problem can be stated rather simply as: My hosts file is being
>> completely
>> ignored by the DNS client.
>>
>> The Hosts file is valid (name and content) and located in the correct
>> folders. The registery settings are correctly set to find the hosts file.
>
>Exactly what location is it in? I haven't messed with XP 64 yet, but maybe
>it should be in
>
>c:\windows\system64\drivers\etc\
>
>rather than the system32 folder - if XP 64 has a system64 folder.

Check the registry pointer. I remember Mark Russinovich, in one of his blogs,
griping about naming conventions used by XP64, when switching in and out of 64
bit mode.

There are several Microsoft addresses that are ignored by Windows XP, for
"security" reasons, including shite like msn.com. Microsoft has circumvented
hosts use selectively. This article is from a couple months ago.
<http://comments.gmane.org/gmane.comp.security.full-disclosure/43878>
http://comments.gmane.org/gmane.comp...sclosure/43878

You could use something like eDexter or Hostsman to read Hosts from its current
location. Make sure you know where Hosts is.
<http://accs-net.com/hosts/eDexter.html>
http://accs-net.com/hosts/eDexter.html
<http://hostsman.abelhadigital.com/>
http://hostsman.abelhadigital.com/

>> I have read the tech manuels on Microsofts web site looking for any hidden
>> gotchas. Nothing strange there, and indeed they reflect my understand of
>> how my domain names should be resolved
>>
>> Here are some links to the resource I have been using
>>
>> http://www.microsoft.com/technet/its...g/tcpip2k.mspx
>
>This is for Windows 2000, not XP, and so some aspects may well have changed.
>Download the article for Windows 2003 from
>tp://www.microsoft.com/downloads/details.aspx?familyid=06C60BFE-4D37-4F50-8587-8B68D32FA6EE&displaylang=en
> - this includes the XP implementation details.
>
>> The documenation is quite clear. I flushed the cache and then listed the
>> contents on the 64 bit PC. The cache was empty. I did the same thing on
>> another machine, and their the cache contained the hosts file, as
>> promised.
>
>This points to XP 64 either not loading the hosts file due to an error on
>one of the lines, or it being in the wrong location.
>
>> After some more googling I came across a wikipedia entry which stated the
>> following (give or take a few edits):
>>
>> Windows XP SP2, and perhaps other versions, appears to ignore the hosts
>> file if the "DNS Client" service is running. One workaround is to stop the
>> DNS Cache service. To preserve this setting across reboots ensure that the
>> service is reconfigured to start manually. (Being a good sport, I added
>> some text to the entry)
>
>I disable the DNS Client service on the systems here as I've found it has a
>habit of getting "stuck", at least on 2000 - if the primary DNS server
>doesn't respond to a request it kicks to the secondary, and from then on
>only uses the secondary. On occassion I've had DNS resolution fail
>completely when the secondary didn't respond quickly, and the machines
>didn't return to trying the primary.

That's what I've been told to do - and what I advise everybody else. If you
don't have a real DNS server on your LAN (and this does not include a DNS relay
on your NAT router), leave the DNS service off.

That WikiPedia reference is a bit whack. XP does NOT ignore the Hosts file -
that's why I disable my DNS Client - it takes forever to load when it's big. I
wish whoever wrote that had included a link to that article. WikiPedia is good
for tutorials (but check each link periodically), but I would not use them for a
single definitive reference.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

Chuck wrote on Fri, 02 Jun 2006 07:56:44 -0700:

> That's what I've been told to do - and what I advise everybody else. If
> you don't have a real DNS server on your LAN (and this does not include a
> DNS relay on your NAT router), leave the DNS service off.

I have it left off even using mutiple DNS servers on my LAN. I'd rather have
100% name resolution rather than the mess that sometimes appears when the
DNS Client service is running.

Dan

> I have a 250K HOSTS file. I redirect to my own web server to handle
> those domains appropriately (Kill their intended function). Why is my
> hosts file not in the list created by

Personally I just use firefox with the ad blocking extension...

> ipconfig /displaydns ?
> Likewise, I cant flush it.

> Where did this unwanted data come from?
This is a good question...

> Why is it permanent?
Is it? Out of curiousity, do a little experiment for me... Try unplugging
your network card and flushing the cache. If the values get filled with
negative hits, it means something on your machine is sending dns resolution
requests for these domains. The time to live value should not be there for
hard coded values.... Of course this assumption is based on what I read in
the documentation.

I would like here what your results are... Let see how evil they can be :-D

> ipconfig /displaydns
> Results...
>
> ads.x10.com
> ----------------------------------------
> Record Name . . . . . : ads.x10.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88

....<SNIP>....

The IP address shown by all these entries is almost surely your ISP's DNS
server, since it comes back to mindspring.com - is that your ISP? The names
of the entities almost surely are servers and services you're connected to
at the time you run the query.

I'd reboot the PC, then before even firing up a single program, email or
browser, run the test again. I'll bet you see vastly different results.

--
Richard G. Harper [MVP Shell/User] (E-Mail Removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"POSITRON" <"[remove]king-daddy"@earthlink.net> wrote in message
news:Z1Xfg.389$(E-Mail Removed)...
> Caleb Lyness wrote:
>> Hello everyone,
>>
>> I have a nice new installation of Window XP Pro 64. SP 1 (v2003).
>> My problem can be stated rather simply as: My hosts file is being
>> completely ignored by the DNS client.
>>
>> The Hosts file is valid (name and content) and located in the correct
>> folders. The registery settings are correctly set to find the hosts file.
>> I have read the tech manuels on Microsofts web site looking for any
>> hidden gotchas. Nothing strange there, and indeed they reflect my
>> understand of how my domain names should be resolved
>>
>> Here are some links to the resource I have been using
>>
>> http://www.microsoft.com/technet/its...etwork/deploy/
>> depovg/tcpip2k.mspx
>> http://www.microsoft.com/technet/its...etwork/evaluat
>> e/technol/tcpipfund/tcpipfund_ch07.mspx
>>
>> Right, so now I will draw your attention to the following text from the
>> above resource (give or take some typos):
>>
>> This file maps host names to IP addresses. For TCP/IP for Windows XP and
>> Windows Server 2003, the contents of the Hosts file are loaded into the
>> DNS client resolver cache.
>>
>> And then then a little further down some comments about the dns client
>> resolver are made, which I have summerised/hacked out as follows:
>>
>> The DNS Client Resolver Cache
>>
>> The DNS client resolver cache stores entries for both successful and
>> unsuccessful DNS name resolutions.
>>
>> * The contents of the cache are built dynamically from the Hosts file
>> and from DNS queries.
>> * DNS query entries are kept only for the Time to Live (TTL) period.
>> * Hosts file entries do not have a TTL and are kept until the entry
>> is removed from the Hosts file. The ipconfig /displaydns command can be
>> used to view the contents of the DNS client resolver cache and ipconfig
>> /flushdns flushes the cache and refreshes the DNS client resolver cache
>> with just the entries in the Hosts file.
>>
>> The documenation is quite clear. I flushed the cache and then listed the
>> contents on the 64 bit PC. The cache was empty. I did the same thing on
>> another machine, and their the cache contained the hosts file, as
>> promised.
>>
>> After some more googling I came across a wikipedia entry which stated the
>> following (give or take a few edits):
>>
>> Windows XP SP2, and perhaps other versions, appears to ignore the hosts
>> file if the "DNS Client" service is running. One workaround is to stop
>> the DNS Cache service. To preserve this setting across reboots ensure
>> that the service is reconfigured to start manually. (Being a good sport,
>> I added some text to the entry)
>>
>> The strange thing is that the 2nd machine I tested on, is an XP SP2
>> installation... Further, when I turn off this service as suggested, my
>> hosts file works as expected.
>>
>> So the question is what is going on here? Is this a bug? Or am I missing
>> some magic settings that will make dns caching read the hosts file as
>> promissed in the docs?
>>
>> When I searched the forum for similar topics I read that some one had the
>> reverse problem. i.e. when the cache was turned off resolving failed.
>> Which make sense to me... go figure.
>>
>> Any ideas?
>
> I love the detail you have provided here. You did better research than I
> did. I gave up with my Windows XP HOME / SP2 because I could not verify
> the accuracy of the explanation as above. Indeed, I cam to a strange,
> unverified conclusion...
> There is hook, perhaps because of a Microsoft business relationship with
> some advertisers. There are DNS entries that I can never get rid of. I
> will list them at the end of this post. I also find that Windows XP
> systems located in different cities may produce different results.
>
> Even thought I have filtered these domains in my HOSTS file, they still
> function. Hmmmm. Is there a business agreement involved here?
>
> I have a 250K HOSTS file. I redirect to my own web server to handle those
> domains appropriately (Kill their intended function). Why is my hosts
> file not in the list created by
> ipconfig /displaydns ?
>
> Likewise, I cant flush it.
>
> Where did this unwanted data come from?
> Why is it permanent?
> Is it perhaps hard coded or otherwise provided by the DNS client service?
>
> ... Ask Bill G.
>
> (If I stop service DNS Client,
> ipconfig /displaydns produces message
> "Windows IP Configuration
>
> Could not display the DNS Resolver Cache."
>
> Maybe XP Home is different? I doubt it.
>
> HOSTS file IS working; it simply does not show in the DNS cache.
>
> king-daddy
>
>
> ipconfig /displaydns
> Results...
>
> ads.x10.com
> ----------------------------------------
> Record Name . . . . . : ads.x10.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> www15.ad.tomshardware.com
> ----------------------------------------
> Record Name . . . . . : www15.ad.tomshardware.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> rd.advertising.com
> ----------------------------------------
> Record Name . . . . . : rd.advertising.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> us-nj-2.ns.nsatc.net
> ----------------------------------------
> Record Name . . . . . : us-nj-2.ns.nsatc.net
> Record Type . . . . . : 1
> Time To Live . . . . : 1918
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 67.29.176.241
>
>
> clickit.go2net.com
> ----------------------------------------
> Record Name . . . . . : clickit.go2net.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> 187.188.69.207.in-addr.arpa
> ----------------------------------------
> Record Name . . . . . : 187.188.69.207.in-addr.arpa.
> Record Type . . . . . : 12
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> PTR Record . . . . . : ns3.mindspring.com
>
>
> f.abz.com
> ----------------------------------------
> Record Name . . . . . : f.abz.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> ads.pennyweb.com
> ----------------------------------------
> Record Name . . . . . : ads.pennyweb.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> www.clicksites.net
> ----------------------------------------
> Record Name . . . . . : www.clicksites.net
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> www.paypopup.com
> ----------------------------------------
> Record Name . . . . . : www.paypopup.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> www.ourmagicbox.com
> ----------------------------------------
> Record Name . . . . . : www.ourmagicbox.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
> A (Host) Record . . . : 24.136.140.88
>
>
> servedby.advertising.com
> ----------------------------------------
> Record Name . . . . . : servedby.advertising.com
> Record Type . . . . . : 1
> Time To Live . . . . : 398002
> Data Length . . . . . : 4
> Section . . . . . . . : Answer
>
> Here is the result

Caleb Lyness wrote:
>> I have a 250K HOSTS file. I redirect to my own web server to handle
>> those domains appropriately (Kill their intended function). Why is my
>> hosts file not in the list created by
>
> Personally I just use firefox with the ad blocking extension...
>
>> ipconfig /displaydns ?
>> Likewise, I cant flush it.
>
>> Where did this unwanted data come from?
> This is a good question...
>
>> Why is it permanent?
> Is it? Out of curiousity, do a little experiment for me... Try unplugging
> your network card and flushing the cache. If the values get filled with
> negative hits, it means something on your machine is sending dns resolution
> requests for these domains. The time to live value should not be there for
> hard coded values.... Of course this assumption is based on what I read in
> the documentation.
>
> I would like here what your results are... Let see how evil they can be :-D
>
>> ipconfig /displaydns
>> Results...
>>
>> ads.x10.com
>> ----------------------------------------
>> Record Name . . . . . : ads.x10.com
>> Record Type . . . . . : 1
>> Time To Live . . . . : 398002
>> Data Length . . . . . : 4
>> Section . . . . . . . : Answer
>> A (Host) Record . . . : 24.136.140.88
>
> ...<SNIP>....
>


After flush:
Successfully flushed the DNS Resolver Cache.

Without reconnecting the network card,
ipconfig /displaydns
gets the same results. It did not flush
<frown>

Richard G. Harper wrote:
> The IP address shown by all these entries is almost surely your ISP's DNS
> server, since it comes back to mindspring.com - is that your ISP? The names
> of the entities almost surely are servers and services you're connected to
> at the time you run the query.
>
> I'd reboot the PC, then before even firing up a single program, email or
> browser, run the test again. I'll bet you see vastly different results.
>

The IP address is that of MY machine's LINKSYS router (my gateway)
connected to the cable modem. I had not noticed that.
I am on earthlink which owns mindspring.

king-daddy

POSITRON wrote:
> Richard G. Harper wrote:
>> The IP address shown by all these entries is almost surely your ISP's
>> DNS server, since it comes back to mindspring.com - is that your ISP?
>> The names of the entities almost surely are servers and services
>> you're connected to at the time you run the query.
>>
>> I'd reboot the PC, then before even firing up a single program, email
>> or browser, run the test again. I'll bet you see vastly different
>> results.
>>
>
> The IP address is that of MY machine's LINKSYS router (my gateway)
> connected to the cable modem. I had not noticed that.
> I am on earthlink which owns mindspring.
>
> king-daddy

FYI:
Following up,
I find all those addresses in my HOSYS file, but not in any sensible
organization. Most of them are in the first 50 or so, but one is from
the middle of this huge HOSTS file.

I tried adding 3 new entries to HOSTS. The ones displayed did not change.

I tried removing several lines. The display did not change.

king-daddy