DNS lookup bypass HOSTS file

Discussion in 'DNS Server' started by Ian, Jul 16, 2009.

  1. Ian

    Ian Guest

    Users' PCs are on company's internal network. A user has an issue to access
    an internal website because of no entry in the DNS server. So I copied a
    HOSTS file from another PC over. The HOSTS file has the entry:
    xxx,xxx,xxx,xxx servername.domainname.com

    when pinging servername.domainname.com on this PC, I got the reply rightaway:
    Ping request could not find host servername.domainname.com. Please check the
    name and try again.

    When pinging servername.domainname.com on other PCs, I got the name resolved:
    Pinging servername.domainname.com[xxx,xxx,xxx,xxx] with 32 bytes of data:

    Any suggestions? Thanks.
     
    Ian, Jul 16, 2009
    #1
    1. Advertisements


  2. Well, in this case, on that workstation, you would run an ipconfig
    /flushdns, which will load the hosts file into cache, or simply restart the
    machine to get it working.

    However, my first suggestion and recommendation is to not use hosts files.
    You can simply create the zone, and create the necessary "A" (hosts) records
    under the zone that you want everyone in the company to be able to resolve.

    The following is my blog with a guideline to help.
    ======================================================================================================
    How do I resolve my external website when my internal name is the same as my
    external name?

    Or

    From inside the office, I can't get to http://domain.com, but can using
    http://www.domain.com after creating an A 'www' record.
    ---
    By Ace Fekay, MCT
    Updated 7/29/2008
    ---

    Is your internal domain name and external domain name the same? If so, it's
    called a split zone.

    There are two ways to get to your website using 'www' in front of your
    domain name (such as www.domain.com), depending on how your web hosting
    provider's web servers are setup:

    1. The simplest way to allow your internal users to get to your external
    website is to simply create a "A" www record (DO NOT create an Alias or
    CNAME record), and provide the IP address of the external web server.

    2. However, if your web hosting provider uses more than one web servers,
    such as in a server farm, instead of an "A" record, I suggest to create a
    delegation for 'www' to the public name servers that are authorative for
    your zone. YOu will need to find the SOA of your zone. To create the record,
    simply right-click your zone name, choose new delegation, type in www, and
    provide the SOA of your public domain.

    How do you get your SOA for your public domain name? Use nslookup.
    In a command prompt, type in nslookup, hit enter.
    Then type in the following:
    The results will tell you the SOA of your domain name. Use that for the
    delegation record when you create the delegation in step# 2 above.


    As for getting to the domain with http://domain.com (without the www in
    front of it), is a little more complex because EACH domain controller
    registers themselves into DNS with an IP address, which appears under your
    internal zone name as:

    (same as parent) A x.x.x.x

    This record is actually called the LdapIpAddress. Each DC registers one for
    itself. AD uses that record for a number of things, such as DC to DC
    replication, Sysvol replication, GPOs and DFS. Don't mess with it please or
    expect problems. The DCs will re-register this record anyway if you delete
    it and thwart your attempt.

    To get around that, on EACH DC, install IIS. In the default website
    properties, Directory tab, select redirect, and redirect it to
    www.domain.com. This way when any one of your users type in
    http//domain.com, it will resolve to the www record you've created in Step#1
    or #2 above.


    If different internal and external name and website hosted externally:
    Nothing to do. Internet resolution will handle everything.

    Don't forget, ALWAYS and ONLY use the internal DNS servers in your AD
    environment for all machins (DCs, member servers and workstations, including
    your VPN clients). Never use your ISP's DNS servers, or your router's IP
    address as a DNS address in any internal machine's IP properties. Otherwise,
    expect AD problems.

    Don't forget to configure a forwarder for more efficient internet name
    resolution. I've always used this as a best practice. It offloads internet
    name resolution to your ISP's DNS addresses so your server doesn't have to
    use the Root Hints to resolve external names.

    Ace Fekay, MCT
    ======================================================================================================

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration
    among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Jul 16, 2009
    #2
    1. Advertisements

  3. Ian

    Ian Guest

    I did ipconfig /flushdns and restart PC but the issue still exists. The
    company does not allow to change on DNS server since it is the only user who
    needs it.

     
    Ian, Jul 16, 2009
    #3
  4. This normally just *works.* Is there an AV or other 'security' app running
    preventing changes to the hosts file or its use? Has the hosts file location
    been changed in the registry? Any policies applying to the machine that may
    affect it (whether aware of it or not)? Any spyware on the machine? If not
    sure, run www.malwarebytes.org to clean out any rogue apps and spyware.

    Ace
     
    Ace Fekay [MCT], Jul 16, 2009
    #4
  5. Ian

    Ian Guest

    I tried disable AV... repair O.S. xp sp2..I tried Ping Localhost and got
    reply 127.0.0.1 that is also in HOSTS file.
     
    Ian, Jul 16, 2009
    #5
  6. You stated the following in a previous post:
    xxx,xxx,xxx,xxx servername.domainname.com

    Are the commas typos?
    How long is the actual FQDN in character count?

    If you just put in servername instead of the FQDN, does it work?

    Ace
     
    Ace Fekay [MCT], Jul 16, 2009
    #6
  7. Ian

    Ian Guest

    There is no typo since HOSTS file was copied from another PC, on that it
    works. The total 26 characters in FQDN. It is the same if use servername only
    but taking longer time to get the result.
     
    Ian, Jul 17, 2009
    #7
  8. Ok, so you're saying the COMMAS in the FQDN example you provided in the
    previous posts are typos. I was asking because commas are not recognized
    characters.

    So you're saying that is you use SEVERNAME in the hosts file, it works, but
    it takes longer, and the loopback works, however the FQDN still does not
    work.

    It is odd, that if the loopback works, and no other entries work.

    Is the filename "HOSTS" named without the ".txt" on the end of it? Can you
    confirm that by making sure the View options to show all extensions are set
    to allowed, please?

    Once you've confirmed the hosts filename is actually hosts (without any
    extensions), and you've already tried disabling AV, then restarting the
    machine with the AV services disabled, and it still doesn't work, then I
    must ask if there is or was a Proxy setting in the user's IE or whatever
    browser they're using or any other security software installed?

    How about if this machine ever had the proxy or firewall client installed at
    one time or another, or has ZA ever been installed on this machine, or
    anything else on the machine installed that could even remotely cause this?

    If you create an entry such as:
    127.0.0.2 www.yahoo.com

    Is the browser not able to get to it?
    If you ping www.yahoo.com, does it resolve to 127.0.0.2?

    Don't bother using nslookup in this test, because nslookup doesn't use the
    hosts file.

    Ace
     
    Ace Fekay [MCT], Jul 17, 2009
    #8
  9. Ian

    Ian Guest

    Thanks a lot. It seem HOSTS is completely bypassed. I put answers in lines
    befollow:

    Sorry, they are typos in my question but not in the actual HOSTS file.

    No, SEVERNAME does not work either. Pinging localhost gets reply event after
    removing localhost entry from HOSTS file.
    Double checked, it is HOSTS, not HOSTS.txt
    Tried disabling AV and restarting but not working. This PC settings are the
    same as mine but my PC works.
    I tried disable Proxy in IE or put FQDN in Exceptions list of Proxy Settings
    in IE
    I got 69.147.76.15 after put 127.0.0.2 www.yahoo.com in HOSTS
     
    Ian, Jul 17, 2009
    #9
  10. So it's being ignored.

    Is the Proxy or ISA firewall client installed? If so, uninstall it and test
    again.

    Also, check the following reg entry. Where's the path pointing to?
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

    If it's pointing to the current location (assuming system32\drivers\etc),
    then you've got something corrupted on this box.

    Ace
     
    Ace Fekay [MCT], Jul 17, 2009
    #10
  11. Ian

    Ian Guest

    Just checked, there is no the Proxy or ISA firewall client installed. All PCs
    have the same image/settings. The HOSTS file path is correct. Agree about
    corruption but not sure where.
     
    Ian, Jul 17, 2009
    #11
  12. Go through Add/Remove programs listings. See what's in there that you do not
    recognize, such as possibly one of those DNS or some sort of resolution
    third party apps that may have been inadvertently installed. If not, I would
    suggest to pop the CD in and run a Windows upgrade on the workstation. Or if
    you are using image based distribution, just put another image on the
    machine. If using images, hopefully you're using Sysprepped images to
    eliminate duplicates SIDs.

    Ace
     
    Ace Fekay [MCT], Jul 17, 2009
    #12
  13. Ian

    Ian Guest

    Finally I found that it works after I stopped "DNS Client" service on the PC.
    Can you explain why? Thanks.
     
    Ian, Jul 18, 2009
    #13
  14. It should work with that service running. That service and the DHCP Client
    service are tied together for the client side resolver. So if you're saying
    it works with that service disabled, then something is really corrupted.

    Ace
     
    Ace Fekay [MCT], Jul 18, 2009
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.