Windows XP Home - Can't query DNS.

[Noctaire]

Ok -- this one has me stumped.

I have a Windows XP Home Edition box that "suddenly" stopped being able
to query DNS. It was vanilla (no SPs or hotfixes), no AV or
anti-spyware, no firewall software. I cannot access sites by hostname
via ping, nslookup or web browser. Everything works fine when using IPs
though.

I tried installing SP2, thinking that maybe it would fix whatever was
broken -- no go. Then I tried running SFC /SCANNOW to see if maybe a
Windows core file is fried -- only thing it found were the OEMBIOS.*
files had problems and it couldn't restore the original versions. I've
checked various internet settings, restored defaults, hit permissions,
and so on -- all to no avail. I tried enabling Windows Firewall -- it
tells me it cannot be enabled to a global policy set by the netadmin.
Of course, XP Home did not come with a GP editor so I can't fully delve
into that but so far I haven't found anything there either. I reset the
winsock on the offchance there was some security policy blocking DNS --
no go there either.

I've been scratching my head on this one the better part of the day.
The easy solution is to just swack it and reinstall but I hate doing
that if there's some kind of fix that can be done.

Any thoughts?

 

[John]

Any chance that your unpatched/unprotected PC got hit by bad stuff while it
was on the internet? It really doesn't take that long for an
unpatched/unprotected PCs to get infected. Btw, have you checked ipconfig?
hosts file?

 

[Noctaire]

Any chance that your unpatched/unprotected PC got hit by bad stuff while it
was on the internet? It really doesn't take that long for an
unpatched/unprotected PCs to get infected. Btw, have you checked ipconfig?
hosts file?

Checked all the various TCP/IP settings (DNS, IP assignment -- both set
to DHCP) and all are set to defaults. IPCONFIG reports correct
information. No hosts file present.

I've considered the possibility we're dealing with some type of system
contaminant (and I'm confident I'll find one or more after the scan
finishes) but the problems I'm seeing aren't consistent with the M.O. of
most contaminants. There's no other system degradation or signs of
distress on the box -- it's JUST unable to perform DNS queries. I can't
think of anything that would interfere solely with DNS queries and
nothing else.

I disabled TCP/IP filtering and rebooted the system; that gave me back
NSLookUp access but the system re-enabled the filtering so I'm not sure
how that will work out. Something is going on with this box's network
config but danged if I can find it.

 

[Jim]

Checked all the various TCP/IP settings (DNS, IP assignment -- both set to
DHCP) and all are set to defaults. IPCONFIG reports correct information.
No hosts file present.

I've considered the possibility we're dealing with some type of system
contaminant (and I'm confident I'll find one or more after the scan
finishes) but the problems I'm seeing aren't consistent with the M.O. of
most contaminants. There's no other system degradation or signs of
distress on the box -- it's JUST unable to perform DNS queries. I can't
think of anything that would interfere solely with DNS queries and nothing
else.

I disabled TCP/IP filtering and rebooted the system; that gave me back
NSLookUp access but the system re-enabled the filtering so I'm not sure
how that will work out. Something is going on with this box's network
config but danged if I can find it.

It is a mighty strange system that uses the IP protocol but has no HOSTS
file.
Jim

 

[Patrick Keenan]

Ok -- this one has me stumped.

I have a Windows XP Home Edition box that "suddenly" stopped being able to
query DNS. It was vanilla (no SPs or hotfixes), no AV or anti-spyware, no
firewall software. I cannot access sites by hostname via ping, nslookup
or web browser. Everything works fine when using IPs though.

I tried installing SP2, thinking that maybe it would fix whatever was
broken -- no go. Then I tried running SFC /SCANNOW to see if maybe a
Windows core file is fried -- only thing it found were the OEMBIOS.* files
had problems and it couldn't restore the original versions. I've checked
various internet settings, restored defaults, hit permissions, and so
on -- all to no avail. I tried enabling Windows Firewall -- it tells me
it cannot be enabled to a global policy set by the netadmin. Of course, XP
Home did not come with a GP editor so I can't fully delve into that but so
far I haven't found anything there either. I reset the winsock on the
offchance there was some security policy blocking DNS --
no go there either.

I've been scratching my head on this one the better part of the day. The
easy solution is to just swack it and reinstall but I hate doing that if
there's some kind of fix that can be done.

Any thoughts?

I've seen this kind of thing as a problem with the network adapter.

There's a system in my basement that cannot use DHCP but can used a fixed IP
address. It just won't connect with DHCP; fixed is no problem whatsoever.
It's not an issue with drivers or policies; I have six otherwise identical
systems with identical software configurations that don't have this problem.

I had to add a second network card to use DHCP. So, the solution
ultimately cost around $12 in hardware and an hour or so to locate.

HTH
-pk

 

[JohnB]

finishes) but the problems I'm seeing aren't consistent with the M.O. of

most contaminants.

You're kidding yourself if you think that is the case. And you're wasting
your own time by not installing spyware and antivirus software, and seeing
if the solution doesn't lie with those.

 

[Noctaire]

It is a mighty strange system that uses the IP protocol but has no HOSTS

file.

Ok, let me rephrase that -- no pertinent data in hosts.

Better?

James

 

[Noctaire]

You're kidding yourself if you think that is the case. And you're wasting
your own time by not installing spyware and antivirus software, and seeing
if the solution doesn't lie with those.

I am yet to see a system contaminant that strictly affects DNS querying
and absolutely nothing else -- especially that affected nslookup. I had
no doubt this box had some sort of contaminant on it -- it was online
only briefly but it doesn't take long. When the scans completed,
several instances of 3 contaminants were found but they were adware.
They were cleaned and that did not resolve the issue.

Now, if you're aware of something that affects ONLY nameserver queries
and nothing else, I'd be very interested to hear what it is, if for
purely academic reasons.

 

[Noctaire]

I've seen this kind of thing as a problem with the network adapter.

There's a system in my basement that cannot use DHCP but can used a fixed IP
address. It just won't connect with DHCP; fixed is no problem whatsoever.
It's not an issue with drivers or policies; I have six otherwise identical
systems with identical software configurations that don't have this problem.

I had to add a second network card to use DHCP. So, the solution
ultimately cost around $12 in hardware and an hour or so to locate.

Hmmmm.... I might give this a try. I have a few spare NICs around
here. I seem to recall the box's owner telling me she had to have the
NIC replaced at one point. Would likely clear out any potential driver
conflicts as well.

I reset pretty much everything back to defaults and disabled TCP/IP
filtering. Windows firewall wouldn't run and after boot the system
re-enabled TCP/IP filtering. I was able to hit some sites but not
others (and it was very few).

As suspected, the virus/spyware scans turned up some hits but it was
several instances of 3 types of spyware and they were cleaned fairly
easily; none affected system level files (toolbar app that may have been
legit, etc). There was one trojan horse but it hadn't been executed and
memory was clean. I scanned the Windows files for any discrepancies as
well -- they're all legit.

It's become more a grudge match than anything else at this point. I
think I'm just going to pull off the user's pics and docs then run the
restore disc. I'm not getting paid anyway -- doin' this for a friend of
folks' sort of thing.

Thnx.

James

 

[JohnB]

My PC at home had a similar problem to the one you describe; everything
works fine using IP addresses, but nothing worked with host names. It was a
virus.... don't remember the name.

I saw this posted on here recently; resetting the IP stack. These are the
commands to run:
netsh int ip reset reset.log
netsh winsock reset catalog
Which is basically the same as uninstalling TCP/IP and re-installing it,
only much easier.
Might give that a try.