Home > IT Answers > Networking > intermittent dns issues not affecting entire ...
Help

Question

  Asked: Jun 29 2007   11:53 AM GMT
  Asked by: kfettig

intermittent dns issues not affecting entire network


Networking, Protocol analysis, Network monitoring, Tech support, Interoperability

Hello, everyone. There are two users in my office who are suddenly unable to access some internet sites that they have always been able to access before. I am able to navigate to the sites from other machines in the office with no problems. The two users who are having problems are receiving the "page cannot be displayed" message when they attempt to go to some sites; at the bottom of the error page it states "DNS error or server cannot be found". They are able to access other internet sites with no problems. It's not the sites themselves having problems because I am able to get to them from other computers.
One of the machines is running XP Pro, the other is 2000 Pro. We have a Novell network here with client version 4.91. I've tried adjusting the security settings in the browsers, but it has not made a difference. Nothing has changed on the network or on the machines; no new software or hardware has been installed. There are no viruses resident on either machine.
Please help if you can! Thank you in advance for your replies.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Jun 29 2007  12:17 AM GMT  by ghigbee




A quick test to see if they have cached bad DNS entries would be to ping one of the websites from a machine that works and compare the resolved address to the address resolved on a machine that didn't work. If the entries don't match do and ipconfig /flushdns and try it again to see if that clears up the issue.

You can also check their hosts file to see if something has placed entries in there. There have been some viruses that write entries to your hosts file.

HTH

Gary
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking and Development.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

astronomer  |   Jul 2 2007  2:55PM GMT

Gary had a good idea about checking the hosts file, but I suggest you use nslookup on both working and non-working systems. Are they getting information from the same DNS server? If the systems are the same, they should get identical information. If they do, and there are still differences, I world suspect redirection or similar malware causes.
rt

 

kfettig  |   Jul 2 2007  5:42PM GMT

Thank you, astronomer. I never thought to compare DNS servers, and sure enough, the machines that weren’t working were pointing to a different DNS server. I don’t believe that anyone changed those settings. Could malware have done it? I can’t tell you how appreciative I am, as well as the people this problem was affecting! Everything is working fine now.

Thank you!

 

astronomer  |   Jul 2 2007  7:44PM GMT

Malware could definitely have done it. You would be shocked and disturbed at what is now happening with javascript.
I watched a demo where the presenter uploaded script to an IIS server, downloaded it with an innocent client, (just by clicking on the link), and compromised the client. He installed a keylogger and showed the recent common websites visited. After this he showed, on his hack server, the username and password used for the ecommerce site. Then he scanned the local net, found the DSL modem, and cracked it using the manufacturers default admin and password.
This is the next big vulnerability area.
rt