[thelist] Arguing with my ISP over DNS problem

Ken Schaefer ken.schaefer at gmail.com
Wed Aug 11 18:39:29 CDT 2004


Sorry to keep going on about this, but from what you've described, I
think you're misdiagnosing the situation.

On Wed, 11 Aug 2004 07:00:40 -0700, Mark Groen <mark at markgroen.com> wrote:

> > But you don't even know whether the DNS cache has anything to do
> with it...
> 
> Ummm, nope, that was the original problem exactly to start with, the
> local XP cache showed the wrong IP. The XP DNS cache had the wrong
> entries and although cleared it still wanted to go to the wrong www
> server first.

That just means that whatever DNS server the computer's getting its
answers from currently holds incorrect records. The DNS cache is
populated by querying a DNS server - whatever DNS server(s) it was
using had incorrect data.

You cleared the cache, and the XP box is now going back to the DNS
server again, and is getting the same incorrect data.

> > If the DNS cache was the problem, then changing the DNS servers to
> > your own wouldn't have solved the problem - there would still be
> > incorrect entries in the cache, and those would still be used by
> > the browser rather than your DNS server's correct entries.
> 
> You can specify which servers you want to go to first for a lookup on
> a domain via the browser through the TCP/IP properties, bypassing the
> machines internal cache.

This isn't entirely correct. The cache is populated by responses from
DNS server(s). I.e. when a site is first accessed, the DNS server is
queried, and the response is cached. For subsequent queries, the
cached response can be used *if* the cache is enabled, and the
response is cached. You flushed the cache, and later disabled the
cache. In these cases a DNS server would have been queried for data,
and if the client is going out to the wrong IP address, then the DNS
server is holding the wrong data.

As you indicated previously the network connection had "Obtain DNS
Server Automatically" set, which means that the DHCP or BOOTP server
where the computer is getting it's IP address from will supply the DNS
server's IP addresses. You later changed this to your own DNS servers,
and everything started working. This indicates that the DNS servers
that the site had (which the DHCP server was supplying) has incorrect
data. As soon as you told the machine to stop querying those DNS
servers, and start querying your own, name resolution started working
correctly. That all points to DNS as a problem. I think we both agree
an Ethereal capture would be helpful here.

Cheers
Ken

 Entered my own nameserver (at The Planet in
> Texas) because I knew it was correct.
> 
> I live on an island with a few thousand other people and we all share
> the same switches and copper going under the ocean to the continent
> and this was happening on just a few XP or ME machines consistently
> over the course of two days (three or four days after propagation).
> Win98, Linux, Mac were all okay.
> 
> > Quick follow up. If this is still a live issue, I'm happy to look
> at an
> > Ethereal capture from the client that is exhibiting the problem.
> 
> Temporarily changing the settings on the cranky puters to my own
> nameserver fixed it right away. Thanks for reminding me about
> Ethereal Capture though, a normal traceroute didn't tell me much and
> actually capturing the packets might tell me more.
> 
> As mentioned, this is an issue confined to just a couple XP machines
> out of many so it's not really a *big* problem (small island) because
> it's an easy fix and the fix is done. A mystery though, so thanks
> again for the hint to check the actual packets and I'll follow up
> after figuring out what the heck was going on with these isolated
> puters.


More information about the thelist mailing list