RE: strange DNS behavior over the last 2 days

From: Levinson, Karl (LevinsonK@STARS-SMI.com)
Date: Fri Mar 28 2003 - 13:00:29 PST

Next message: Jacob: "Re: strange DNS behavior over the last 2 days"

Previous message: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"
Maybe in reply to: steve baker: "strange DNS behavior over the last 2 days"
Next in thread: Jacob: "Re: strange DNS behavior over the last 2 days"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Two thoughts: when I see different results from NSLOOKUP and PING, I think
about checking other sources of name resolution, such as WINS or NetBIOS
name broadcast requests [and looking at the local machine name cache using
NBTSTAT -c and IPCONFIG /FLUSHDNS on Windows 2000 to display, NBTSTAT -R and
IPCONFIG /FLUSHDNS to flush the local caches].  If the problem is due to
NetBIOS names, you might consider confirming your firewall blocks NetBIOS
both to and from the internet.

Also, you might read the article at www.cert.org concerning DNS cache
poisoning [Microsoft naturally had to rename it to "pollution"] and see if
that might apply to your situation.  If this was the case, flushing the name
caches on both the local host and the server [for example by restarting the
DNS service] would probably make the problem go away immediately [though
temporarily].  Whether or notn this is the problem here, IMHO you really
should consider enabling the setting to prevent cache poisoning on probably
any Microsoft DNS server as described here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;241352



-----Original Message-----
From: steve baker [mailto:stephenbbakerat_private]
Sent: Thursday, March 27, 2003 1:07 PM
To: incidentsat_private
Subject: strange DNS behavior over the last 2 days


For some odd reason, periodically our clients will visit a site, only to 
have a blank page appear as if the site loaded.

Nslookup resolves the correct IP address, but ping returns 64.251.66.2 for 
every address that has this problem.  There are NO hosts files on these 
machines and regardless of which DNS server we point them to, the same 
problem occurs.

The problem occurs intermittently as well, which makes it even harder to pin

down.  Some sites previously affected will be accessible and new sites not 
affected suddenly have the same problem - but they eventually clear up in 
just about 10 minutes.

Very strange.  Has anyone heard or seen this before on a network running 
windows nt 4 DNS server with nt/2000 clients?



----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfihl1

Next message: Jacob: "Re: strange DNS behavior over the last 2 days"
Previous message: Cliff Gilley (System Admin, HolyElvis.com): "Re: California State Bill SB1386"
Maybe in reply to: steve baker: "strange DNS behavior over the last 2 days"
Next in thread: Jacob: "Re: strange DNS behavior over the last 2 days"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Mar 29 2003 - 10:04:13 PST