Dialup, nslookup works, but other apps can't do name lookups

  • Thread starter Thread starter Doug Hockin
  • Start date Start date
D

Doug Hockin

I have two computers at home, one running XP (A) and the
other Windows 2000 (B). As far as I can tell, they are
configured identically. Computer A can dialup the ISP and
everything works fine. On computer B, nslookup works just
fine, but all other applications (IE, Firefox,
Thunderbird, Mozilla, AVG) are unable to do name lookups.
If I do manual nslookups and then plug the IP address into
the browser, it works fine (until it needs the next
name looked up).

Box B is getting all the correct info from the ISP, it's
IP address and the ISP's DNS server addrs as shown
by 'ipconfig /all'.

On box A, after doing a name lookup from an app, the new
entry shows up in the DNS Client's cache
(ipconfig /displaydns). On box B, after a lookup fails
(they all fail), there are no new entrys added to the DNS
cache.

What's different between how nslookup does name lookups
and the way other apps do? How can one work, but not all
the others?

Box B was working fine (for several years). I tryed
running ZoneAlarm on it, it worked mostly, but I got
annoyed, removed ZoneAlarm and somewhere in there (I
guess) something got changed, but I can't figure out what
it might have been. I've looked everywhere, configuration
wise. I can find no evidence that there's any part
of ZoneAlarm left behind -- I used published lists
of it's files/registry entries to look for debris
but could find none.

-- Doug
 
In
Doug Hockin said:
I have two computers at home, one running XP (A) and the
other Windows 2000 (B). As far as I can tell, they are
configured identically. Computer A can dialup the ISP and
everything works fine. On computer B, nslookup works just
fine, but all other applications (IE, Firefox,
Thunderbird, Mozilla, AVG) are unable to do name lookups.
If I do manual nslookups and then plug the IP address into
the browser, it works fine (until it needs the next
name looked up).

Box B is getting all the correct info from the ISP, it's
IP address and the ISP's DNS server addrs as shown
by 'ipconfig /all'.

On box A, after doing a name lookup from an app, the new
entry shows up in the DNS Client's cache
(ipconfig /displaydns). On box B, after a lookup fails
(they all fail), there are no new entrys added to the DNS
cache.

What's different between how nslookup does name lookups
and the way other apps do? How can one work, but not all
the others?

Box B was working fine (for several years). I tryed
running ZoneAlarm on it, it worked mostly, but I got
annoyed, removed ZoneAlarm and somewhere in there (I
guess) something got changed, but I can't figure out what
it might have been. I've looked everywhere, configuration
wise. I can find no evidence that there's any part
of ZoneAlarm left behind -- I used published lists
of it's files/registry entries to look for debris
but could find none.

-- Doug
Click to expand...

Nslookup has it's own internal resolver service. It doesn't rely on the DNS
Client side resolver and works independently. Ping, tracert, and everything
else depends on the client side resolver service.

Are there any Event log errors? If you run nslookup, you can change focus on
what DNS server it's using to perform your tasks. You can do this by:

C:\>nslookup
Default Server: ns03.toresd01.pa.comcast.net
Address: 68.80.0.12
server 4.2.2.2
Click to expand...
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2

Notice how when I typed in 'server 4.2.2.2' that it is now using that
server? Try that and test which server is working or not. Just type in after
that command something such as www.yahoo.com. If it's not working, it will
respond with something like 'server not responding'.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In Then Kevin replied below:


I've cc'd this reply to Ace, I think he missed the part about you have ZA
and having removed it, he has a list of files ZA leaves behind that causes
exactly this.
Box B was working fine (for several years). I tryed
running ZoneAlarm on it, it worked mostly, but I got
annoyed, removed ZoneAlarm and somewhere in there (I
guess) something got changed, but I can't figure out what
it might have been. I've looked everywhere, configuration
wise. I can find no evidence that there's any part
of ZoneAlarm left behind -- I used published lists
of it's files/registry entries to look for debris
but could find none.
Click to expand...

Ace, while your at it can you forward direct to me the Zone Alarm file list
and instructions for removing them.
 
The dreaded Zone ALarm that doesn't go away, is what I call it! Read this
passage below...
Ace

====================

----- Original Message -----
From: DDJ
Newsgroups: microsoft.public.win2000.dns,microsoft.public.win2000.networking
Sent: Saturday, July 31, 2004 1:05 PM
Subject: Re: IE Routing Problem


Ace,

I found the following Zone Alarm files in the System32 directory:

vsdata.dll
vsdatant.sys
vsmonapi.dll
vsutil.dll

Was able to delete the three dll's without a problem (although I noticed
after doing so that the 5 minute "window" I always had for using IE after a
reboot went away...which was kind of our biggest clue actually).

The sys file, on the other hand, was (pardon my french) the file from Hell.
Took forever, but we finally found a way to kill it (by changing permissions
on file, then rebooting in safe mode with networking and deleting the file).
Problem solved. However, I'm still kicking myself because (particularly
since our boxes here are development machines), I would have liked to figure
out what was loading the vsdatant.sys to begin with...I assume that whatever
that process is, is still lurking somewhere.

Let me know if you need any more info. Again, Thanks!

Dan


"Ace Fekay [MVP]"
In DDJ <[email protected]> asked for help and I offered my suggestions below:

Dan, can you let us know what exact files you and PSS found that were
causing this?

Thanks!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
Click to expand...





---- Original Message ----
From: "Kevin D. Goodknecht Sr."
Sent: Thursday, August 19, 2004 6:17 AM
Subject: Re: Dialup, nslookup works, but other apps can't do name
lookups
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
wrote their comments
Then Kevin replied below:
I would have liked to figure out
what was loading the vsdatant.sys to begin with...
Click to expand...

Ace, I know the answer to this, it is loaded in Device manager, you have to
show hidden devices, then you can see vsdatant , set the startup to
disabled. I had this one come up on Joe's server, that is how I found it.
 
That's part of what ZA does and they use this method as a system 'device'
that intercept network traffic to inspect. If you remove the app, but this
guy stays, it still intercepts, but doesn't know what to do with the traffic
and falls to the default to block it.

:-)

Ace

Kevin D. Goodknecht Sr. said:
In Ace Fekay [MVP]
Click to expand...
 
Ace, while your at it can you forward direct to me the
Zone Alarm file list
and instructions for removing them.

Thanks much! I'd appreciate a copy of the list as well:

dough AT ipeg DOT com

-- Doug
 
I found the following Zone Alarm files in the System32 directory:

vsdata.dll
vsdatant.sys
vsmonapi.dll
vsutil.dll
Click to expand...

Oops, guess I got excited too soon. I can't find
any of those files. Searched for 'vs*' files throughout
all drives too. Perhaps they've changed the names
or have installed a modified copy of some standard
file, changed the names or put them somewhere weird.

Any possibility it's some registry settings?

Perhaps as my son suggested, I'm looking at a reinstall.

-- Doug
 
Well I found vsdatant on my system under
Computer Management, Device Manager, Non-Plug
and Play Drivers, but the
General tab says "This device is not present,
is not working properly, or does not have all its
drivers installed [Code 24]."
And the Driver tab says Status: Unavailable.
So you'd think it would be inoperative, but it
still seems to have it's tentacles in somewhere.

As I said in another post, there is no longer
any 'vsdatant*' file on my system anywhere.

-- Doug
 
In
Doug Hockinj said:
Well I found vsdatant on my system under
Computer Management, Device Manager, Non-Plug
and Play Drivers, but the
General tab says "This device is not present,
is not working properly, or does not have all its
drivers installed [Code 24]."
And the Driver tab says Status: Unavailable.
So you'd think it would be inoperative, but it
still seems to have it's tentacles in somewhere.

As I said in another post, there is no longer
any 'vsdatant*' file on my system anywhere.
Click to expand...

Right click on that and set it to disabled.
 
Right click on that and set it to disabled.
Click to expand...

Since the driver file was no longer available,
the "disabled" box was grayed out, and not available.
Instead I deleted the driver entry. I right-clicked
on the driver name in the list of drivers and
selected delete. Then rebooted, but it still
has the problem...

-- Doug
 
In
Doug Hockin said:
I have two computers at home, one running XP (A) and the
other Windows 2000 (B). As far as I can tell, they are
configured identically. Computer A can dialup the ISP and
everything works fine. On computer B, nslookup works just
fine, but all other applications (IE, Firefox,
Thunderbird, Mozilla, AVG) are unable to do name lookups.
If I do manual nslookups and then plug the IP address into
the browser, it works fine (until it needs the next
name looked up).

Box B is getting all the correct info from the ISP, it's
IP address and the ISP's DNS server addrs as shown
by 'ipconfig /all'.

On box A, after doing a name lookup from an app, the new
entry shows up in the DNS Client's cache
(ipconfig /displaydns). On box B, after a lookup fails
(they all fail), there are no new entrys added to the DNS
cache.

What's different between how nslookup does name lookups
and the way other apps do? How can one work, but not all
the others?

Box B was working fine (for several years). I tryed
running ZoneAlarm on it, it worked mostly, but I got
annoyed, removed ZoneAlarm and somewhere in there (I
guess) something got changed, but I can't figure out what
it might have been. I've looked everywhere, configuration
wise. I can find no evidence that there's any part
of ZoneAlarm left behind -- I used published lists
of it's files/registry entries to look for debris
but could find none.

-- Doug
Click to expand...

Try this:
817571 - You receive an An operation was attempted on something that is not
a socket error message when you try to connect to:
http://support.microsoft.com/default.aspx?scid=kb;en-us;817571
 
D> I would have liked to figure
D> out what was loading the vsdatant.sys to begin with...

Did you tell him that it was almost certainly a device driver, and that
as such the way to uninstall it properly is via Device Manager, which
will remove all of the concomitant registry bits and bobs ?
 
Very good idea. Tryed it, but it didn't help.

I'm wondering, is there the equivalent of
the Unix host.conf file in Windows. The
'order' entry being wrong (missing
'bind') would give these symptoms I think.

How does ZA wedge itself into the name lookup system
so it can do it's work. Is it in any way configuration
based, or do the driver-things it installs make
system calls to attach themselves where they
need to be to do the work?

Since ZA didn't do the uninstall completely,
leaving around a couple registry entries
and two entries in Device Manager (though
the referenced drivers had been deleted).
Maybe it's left something else around...
but where?

-- Doug
 
In (e-mail address removed) <[email protected]>
wrote their comments
Then Kevin replied below:
Very good idea. Tryed it, but it didn't help.

I'm wondering, is there the equivalent of
the Unix host.conf file in Windows. The
'order' entry being wrong (missing
'bind') would give these symptoms I think.

How does ZA wedge itself into the name lookup system
so it can do it's work. Is it in any way configuration
based, or do the driver-things it installs make
system calls to attach themselves where they
need to be to do the work?

Since ZA didn't do the uninstall completely,
leaving around a couple registry entries
and two entries in Device Manager (though
the referenced drivers had been deleted).
Maybe it's left something else around...
but where?
Click to expand...

If it is a ZA problem, you might try here to see if you can get some help:
http://forum.zonelabs.org/zonelabs
 
Back
Top