There is an area business I do occasional web and media work for, and as of a couple days ago I noticed that I could no longer get their domain name to resolve. The website is most certainly there, I can connect to it as normal from other locations, including on-site–but at home, I can’t. The website is hosted off-site (of the business).
The URL address (searched on Network Solutions site, the registrar) is http://216.212.37.76/
[ http://www.networksolutions.com ]
,ANY address using the IP works for me, every time. None of the domain name links work for me, at all. They all time-out now, with no DNS result. And every other fucking website on the whole net works. My Firefox DCSC bookmarks don’t work, my Internet Explorer DCDC bookmarks don’t work, my Mozilla DCSC bookmarks don’t work, DCSC links returned from Google searches don’t work, links at affiliate sites back to DCSC don’t work, and if I even create a HTML page on my own PC with a DCSC domain-name link, that doesn’t work. If I make a HTML page with an IP-address link, that does work. A link with the IP address works every time.
My home computers consist of two separate PC’s running WinXP behind a Linksys BEFSR41 router, hooked to a cable modem through Charter. My own (connection) IP is 24.217.134.93 .
…
About the same time this started, something else happened as well.
A couple days ago, on the secondary-computer I had an expired Norton antivirus, so I uninstalled that and decided to try a free one (Avast!). I searched for it on Google and visited what I thought was the #1 return, the website with the same domain name. Well somehow, something got in it somewhere and infected it, everything went to shit, I tried running Spybot S&D (that was up to date, with like 26,000 spyware definitions last time I used it) and now it said it only had 5 spyware definitions. Also this second PC had ZoneAlarm installed, and ZA kept saying programs I’d never seen the filenames of before were trying to get outbound every few seconds.
Well I tried to reinstall Norton but the updater said that it could not update the three main files, so I figure the OS is hosed, so I unhooked the slave drive, fdisked all the partitions, and totally-reinstalled WinXP Home (a legit copy, I paid for). And did all the Windows critical updates, including SP-2, and reinstalled and scanned with Norton, and this second computer that JUST had everything reinstalled has the exact same problem. It will not resolve ANY of the DCSC domain name addresses.
So now, I have two separate computers, both running legit copies of XP Home and all-updated, one just reinstalled from nothing, both with up-to-date antivirus (one Norton, one F-Secure) and neither can connect to DCSC’s website by normal links. The only thing in common they have is going through the same router and modem, but the router only has one admin password, and I changed and then set-back some settings just to make sure that worked, and it did. I had the router’s NAT firewall running anyway, and the first thing I installed on the older-PC after the OS was ZoneAlarm, and ZA has so far not alerted anything odd since the reinstall. The router does not state that it is blocking any net addresses, and even so, why would this address get blocked? And I went and re-downloaded the Spybot and AdAware programs, and the Norton antivirus updated again normally, without any problems. Those programs run like normal, update their definition files as you’d expect, and all report nothing wrong. While re-installing FireFox on the older PC I even noticed that there was a never version out, so I uninstalled the older copy and installed that (ver 1.0.6) on both as well. On the wiped computer, the Firefox user account info was stored in the typical location on the Windows drive and wiped along with the rest of the OS, I did not import any user account files at all, so the problem is not a corrupted user-account file. And once again, every other website I’ve tried so far works normally. It is ONLY DCSC that I can’t get to. Both PC’s are functioning normally now.
As far as the router password goes, I don’t think I ever reset it from default–but as near as I can tell, all the settings are still the same as what I put them at. The cable modem (Motorola Surfboard SB4200) has no user-settings, no filtering options at all that I’ve ever seen, just a “reset defaults” and a “restart modem” function.
Who at Charter do I even ask about this? I have no idea what is going on here. I am guessing that the event of the secondary PC getting taken down is just a coincidence; I’ve never heard of any virus/trojan with the ability to block a domain name, especially able to block access to it permanently.
I’d like to think I’ve checked everything, but With the complete reinstall of the one OS, I’d have guessed that would have wiped out any previous problems. Anybody got any ideas why this would be happening?
~
It COULD be that there was some DNS mixup or there’s some caching at your ISP that’s not being experienced with your customer’s ISP when you check it on site. FTR I can get to it fine.
First off, ping the site. Go to START - RUN - type cmd (opens up a command prompt) - type ping dcsccorp.com
If it works, you will see a few lines of “REPLY FROM 216.212.37.76: bytes= 32… etc etc”
If pinging works and the browsers don’t, that might point to a browser problem.
You might also want to FORCE this info on your network by editing your HOSTS file.
Go to C:\Windows\system32\drivers\etc and you’ll see a bunch of tiny, extension-less files. Right click “Hosts” and open it with Notepad.
It should have some instructions at the top and then this near the bottom:
Certainly sounds like a name resolution issue (since you can get there by IP but not name). The question is where is the problem. If the site pings to an incorrect IP, try flushing your DNS cache - at a command prompt do an IPCONFIG /FLUSHDNS and then try again. If it still resolves to the same bad address (or can’t resolve) then:
Try a tracert (go to a command prompt and type in TRACERT WWW.DCSCCORP.COM) and see how things resolve. I assume that your results will go similarly to mine -
First hop will hit your router (so whatever the internal IP is, 192.168.10.1 or the like). Next should be DNS at your ISP - it’ll show an IP address of one of your DNS servers, check your broadband documentation (or might even be stored on your router) to make sure it’s legit. From then on you’ll see a bunch more hops which should eventually wind up at the dcscorp.com.
If tracert stops at your router then the problem is name resolution there, check your router config and make sure that the DNS server addresses are OK (you can go to your ISP website to confirm them, I imagine).
If tracert stops at your ISP then it’s probably an issue on their DNS…try contacting them about the issue?
You can also do an IPCONFIG /ALL at a command prompt and see if that shows your DNS servers (for me it just shows DNS coming from my router buy YMMV).
Sorry this isn’t totally comprehensive but it’s the first couple of things I’d try. Good luck!
You don’t have things quite right Valgard. Name resolution is done locally before any network traffic is done, so that tracert will fail. Your PC doesn’t send off packets to www.foo.com and expect it to work, it finds out that foo.com is 1.2.3.4, and sends packets to that IP address.
Unfortunately, Windows does not have any native tools to inspect DNS results. If you don’t want to call your ISP right away, I’m sure there are some free tools out there similar to dig or whois that will show you exactly what your ISP is returning when asked about the site in question.
Hm, I thought that tracert would effectively show the path that the attempted name resolution takes by bouncing past the router…just shows the actual routing steps to reach the final (resolved) IP?
Actually, Nanoda, I think it depends on how your system is set up. My win2000 system does not have any local DNS enabled, I use my ISP’s DNS machines to resolve names to addresses. When I do a tracert with a name in the command line I see the first two steps are to my ISP and then to it’s primary DNS. It is after the second step that (I believe) the name is resolved into an IP address.
For the record, I just tried to tracert www.dcsccorp.com and the trace completed in 16 steps. So, DougC, it’s probably worth your trying this to see what results you get.
Well it all started working again, so there’s no point. And I may never know, but at least it wasn’t anything with my hardware.
I tried to get online around 4:00 AM this morning and all-other pages would resolve but time-out. Tried again around noon and got the same thing. Tried at 2:00 PM and everything works, even DCSC. I didn’t change any of my metwork settings between those times, so it was Charter I guess. The DNS server the modem and the router were using was a Charter IP.
Someone on another forum suggested using a TLD DNS instead of the Charter ones but I didn’t have a chance to try before it all stopped working anyway.
~
I’m willing to be proven wrong moes lotion, but I don’t think it does.
If you do a tracert on a nonexistant domain, you will get an error message “Unable to resolve target system name *******”.
It makes no sense to route traffic through a DNS server.
