GrayW Posted November 25, 2010 Share Posted November 25, 2010 (edited) -------------------------------------- Update: For no reason what so ever it has started working again :/ No explanation. (On the 4th Restart of the laptop) -------------------------------------- Hey guys just a quickie, I have an XP Laptop, which up until now has been working perfectly fine going to the website ra-forum.co.uk. However it is now heading over to the registrars website holding page. My computer and 2 phones go to the site just fine using the same internet connection. (My comp Wired, Phones WiFi) When I ping from my machine I get the correct IP of 89.xxxxxxxx When I ping from the laptop I get 195.xxxxxx I have tried Flushing the DNS Cache via the command prompt and clearing all browsing, cookie history etc from the browser. Same result comes up whether or not I use Chrome, IE, Firefox. Also added the correct IP with the Web Address in to the Hosts file (No idea whether or not that would help) This has been working fine all morning and then all of a sudden when my partner tried to add a post, upon clicking submit was suddenly redirected :/ Any suggestions because I am quite simply at a loss. Edited November 25, 2010 by Grayski Link to comment https://www.neowin.net/forum/topic/956180-computer-resolving-web-address-with-wrong-ip/ Share on other sites More sharing options...
sc302 Veteran Posted November 25, 2010 Veteran Share Posted November 25, 2010 malware/virus? Link to comment https://www.neowin.net/forum/topic/956180-computer-resolving-web-address-with-wrong-ip/#findComment-593425500 Share on other sites More sharing options...
+BudMan MVC Posted November 25, 2010 MVC Share Posted November 25, 2010 (edited) understanding how name resolution works would be the first step into troubleshooting such an issue. What are you using for dns?? Are all you machines using your router? What is your router using? Your ISP, opendns, googledns? or do you machines point to outside dns on their own, again isp, opendns, etc.. your phone if using your phone connection for internet would most likely use a different dns than your other devices? But how you have it setup I am not sure. This is the first thing you need to understand in troubleshooting the problem -- where are you getting your dns from. You could have 100 browsers on your machine -- they are all going to use whatever your machine is set to for dns. Next step is understanding the basics of dns.. When your machine asks for the ip of www.neowin.net -- it will ask the dns it is pointing too.. If that dns has it cached, thats what it will reply with.. If not that dns server will ask maybe a forwarder it has setup, or it might go directly to the owning server by asking the root servers for the authoritative server for that domain. The root servers have this info because the registrars have given it to them. The length of time any caching dns, say your router or even your machines own local dns cache will hold a record for is the length of the TTL of said record. You can view this your self.. Clear your cache on your machine -- then query something and then look at the cache on your machine. You can look the owning servers for a domain on your own, and you can query them directly.. --- I snipped out some stuff ---- C:\Windows\System32>ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Windows\System32>ping www.neowin.net Pinging neowin.net [209.124.63.219] with 32 bytes of data: <snipped> C:\Windows\System32>ipconfig /displaydns Windows IP Configuration www.neowin.net ---------------------------------------- Record Name . . . . . : www.neowin.net Record Type . . . . . : 5 Time To Live . . . . : 42409 Data Length . . . . . : 8 Section . . . . . . . : Answer CNAME Record . . . . : neowin.net C:\Windows\System32>ipconfig /displaydns Windows IP Configuration d9.dropbox.com ---------------------------------------- Record Name . . . . . : d9.dropbox.com Record Type . . . . . : 1 Time To Live . . . . : 35050 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 75.126.115.36 www.neowin.net ---------------------------------------- Record Name . . . . . : www.neowin.net Record Type . . . . . : 5 Time To Live . . . . : 42390 Data Length . . . . . : 8 Section . . . . . . . : Answer CNAME Record . . . . : neowin.net ------------------ But notice how the Time To Live is counting down.. Another way you can see this when you query your dns, you can see the length of the TTL and watch it count down. --- again snipped out some stuff --- ;; QUESTION SECTION: ;www.neowin.net. IN A ;; ANSWER SECTION: www.neowin.net. 42191 IN CNAME neowin.net. neowin.net. 42191 IN A 209.124.63.215 neowin.net. 42191 IN A 209.124.63.219 ;; Query time: 13 msec ;; SERVER: 192.168.1.253#53(192.168.1.253) ;; WHEN: Thu Nov 25 09:36:04 2010 ;; MSG SIZE rcvd: 88 ; <<>> DiG 9.7.2-P2 <<>> www.neowin.net ;; QUESTION SECTION: ;www.neowin.net. IN A ;; ANSWER SECTION: www.neowin.net. 42180 IN CNAME neowin.net. neowin.net. 42180 IN A 209.124.63.219 neowin.net. 42180 IN A 209.124.63.215 --- So ask each caching dns queries the server above it, be it set to forward to a specific, etc. Its going to cache a record for a specific amount of time.. And it can only cache it for the length of the TTL the server it asked it for had left.. So you have boxes on your network that both use your router for dns which caches records.. But when it does not know it asks your ISPs dns.. So machine 1 asks for www.domainX.tld -- your router does not know, so it asks your isp dns. Your isp has it cached and there was say 1000 seconds left on the ttl.. Your router will cache that record for 1000 seconds.. Your machine will get the answer from your router so it will cache it for 1000.. Now everything starts counting down.. So in say 500 seconds your machine needs to go to that site again, well it still has it cached in its local cache.. So your good.. But now machine 2 wants to go -- so it asks your router -- your router still has it cached for 500 seconds as well, so now your machine 2 will cache it for 500 seconds. So you see that no machine on your network can cache the record for longer than what the TTL of your router has it cached for -- since they all ask your router.. If machine 3 asks your router 300 seconds later, it will only have 200 seconds left on the TTL. etc... TTL is a major player in understanding how dns works across the globe.. NO server will cache the record for longer than the TTL, once the TTL is expired it has to ask who it asks for dns again to see if the record has changed. The TTL of a record is set by the persons setting up the authoritative server for the domain. So you can always ask them for the IP of any record.. Les do neowin.net Easy way for you to find a owning server is just simple whois.. But you can also get the info direct from the root servers for any domain.. So here I do whois for Domain Name: NEOWIN.NET Registrar: DOTSTER, INC. Whois Server: whois.dotster.com Referral URL: http://www.dotster.com Name Server: NS1.NEOWIN.NET Name Server: NS2.NEOWIN.NET So I can query these servers directly.. How do you get their IPs... Well the root servers have these -- if your worried about your dns being corrupted then ask the roots servers for them. But normally you can just normally query these, and you can tell from your query of them if they are authoritative for the domain or not, etc. So just to show you I queried the root server directly for the IP of ns1.neowin.net ; <<>> DiG 9.7.2-P2 <<>> @l.gtld-servers.net ns1.neowin.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61032 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;ns1.neowin.net. IN A ;; AUTHORITY SECTION: neowin.net. 172800 IN NS ns1.neowin.net. neowin.net. 172800 IN NS ns2.neowin.net. ;; ADDITIONAL SECTION: ns1.neowin.net. 172800 IN A 209.124.63.212 ns2.neowin.net. 172800 IN A 209.124.63.214 ;; Query time: 45 msec ;; SERVER: 192.41.162.30#53(192.41.162.30) ;; WHEN: Thu Nov 25 09:54:08 2010 ;; MSG SIZE rcvd: 96 You can do the same with nslookup, just change the server you asking.. But dig gives more info than nslookup C:\Windows\System32>nslookup Default Server: pfsense.local.lan Address: 192.168.1.253 > server l.gtld-servers.net Default Server: l.gtld-servers.net Address: 192.41.162.30 > ns1.neowin.net Server: l.gtld-servers.net Address: 192.41.162.30 Name: ns1.neowin.net Served by: - ns1.neowin.net 209.124.63.212 neowin.net - ns2.neowin.net 209.124.63.214 neowin.net So now I know for sure who the owning servers for neowin.net are.. And I can directly ask them for www.neowin.net ; <<>> DiG 9.7.2-P2 <<>> @209.124.63.212 www.neowin.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10040 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.neowin.net. IN A ;; ANSWER SECTION: www.neowin.net. 432000 IN CNAME neowin.net. neowin.net. 432000 IN A 209.124.63.215 neowin.net. 432000 IN A 209.124.63.219 ;; AUTHORITY SECTION: neowin.net. 432000 IN NS ns2.neowin.net. neowin.net. 432000 IN NS ns3.neowin.net. neowin.net. 432000 IN NS ns1.neowin.net. ;; ADDITIONAL SECTION: ns1.neowin.net. 14400 IN A 209.124.63.212 ns2.neowin.net. 14400 IN A 209.124.63.214 ns3.neowin.net. 14400 IN A 208.43.57.26 ;; Query time: 27 msec ;; SERVER: 209.124.63.212#53(209.124.63.212) ;; WHEN: Thu Nov 25 10:00:39 2010 ;; MSG SIZE rcvd: 180 From here you will what correct IPs are from the owning server.. Plus you see what the actual TTL is, 432000 seconds or 5 days.. Another way to find owning serverse is to just query roots directly for whatever record your looking for and they will return the ns records for that domain, which you can then query, etc. But understanding the caching, TTL and owning servers are the big pieces.. If you believing your getting the WRONG IP for a host, then you need to be able to verify -- by checking with the owning server, etc.. its quite possible maybe it changed, or you got a bad cache.. So for example you see that neowin can be cached for 5 days.. So your ISP can cache that record for 5 days.. So I look it up now - the counter starts down.. What if neowin changes their IP tomorrow??? My machine and my ISP have it cached for 5 days.. So in theory I will have to wait 5 days until I start getting the new IP, have to wait for the TTLs to expire!! This is how you can run into trouble.. If this is the case -- like I pointed out just ask the owning server for the domain directly. You flushing your local cache does not mean it just wont ask your router again and get the same bad info?? But without seeing the ttls of the records in question you were having issues with, being able to query the owning server for the host, etc. hard to tell what your problem was exactly. But flushing your local cache doesn't really buy you much to be honest -- since as you see your local cache is never going to be longer than your routers anyway.. So flushing local just means you will ask your router again.. Which is still going to have that bad record cached, etc. Again how TTL works for caching records. Now placing an entry in your host file would work -- but you have to make sure your doing it right, and you might need to flush your local cache, etc. So as you can see.. C:\Windows\System32>ping www.neowin.net Pinging neowin.net [209.124.63.219] with 32 bytes of data: lets change my host file 1.2.3.4 www.neowin.net saved... now look C:\Windows\System32>ping www.neowin.net Pinging www.neowin.net [1.2.3.4] with 32 bytes of data: look what it does in your local cache when you put entries in your host file.. C:\Windows\System32>ipconfig /displaydns Windows IP Configuration 4.3.2.1.in-addr.arpa ---------------------------------------- Record Name . . . . . : 4.3.2.1.in-addr.arpa. Record Type . . . . . : 12 Time To Live . . . . : 86400 Data Length . . . . . : 8 Section . . . . . . . : Answer PTR Record . . . . . : www.neowin.net www.neowin.net ---------------------------------------- Record Name . . . . . : www.neowin.net Record Type . . . . . : 1 Time To Live . . . . : 86400 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 1.2.3.4 www.neowin.net ---------------------------------------- No records of type AAAA So I am sure I have rambled on long enough -- and went into way more details than Im sure you were expecting, etc.. But my point is telling us different browsers go to the same IP, or that your laptop resolves something different does not help us help you.. Yes every browser should go to the same IP your machine has for a site ;) They don't use different dns, your laptop or phone resolving a different IP for a host, well we need to understand what dns these different devices are using.. The output of say dig on your machine, or even a nslookup with debug set would go along way in helping us help you understand the problem your seeing. Hope that helps --- even if a bit long ;) Edited November 25, 2010 by BudMan Link to comment https://www.neowin.net/forum/topic/956180-computer-resolving-web-address-with-wrong-ip/#findComment-593425750 Share on other sites More sharing options...
GrayW Posted November 25, 2010 Author Share Posted November 25, 2010 Wow thanks for that BudMan. I know I certainly have a lot to learn on the more detailed side of things. I have printed a copy out, so will have a longer look at it later when my daughter is in bed and I have a can of beer in my hand :D As for the setup, It's just a simple wireless router. My computer is connected via cable, partners laptop is connected via the wifi. The two phones were connected to the router's wifi for the internet so they would all have been using the same router, same connection to the internet etc. And therefore I am assuming that they would all have been using the same method of dns? I think I will start reading a little bit more in to HOW it all actually works. Thank you again :) Link to comment https://www.neowin.net/forum/topic/956180-computer-resolving-web-address-with-wrong-ip/#findComment-593426010 Share on other sites More sharing options...
Recommended Posts