DNS resolver cache content still shows after /flushdns

I am trying to get rid of the content of dns cache which some are porn sites that I never ever go into.  After I did ipconfig/flushdns and /displaydns, it still shows the same addresses.  What could be wrong here folks.  Need some guidance.  Thanks to all.
r_yagueAsked:
Who is Participating?
 
ded9Commented:
go to "start, control panel, administration tools,services,then look for DNS Client, and make sure it's started, and set to manual

if in manual set to automatic


Reps
points

0
 
Scotty_ciscoCommented:
can you reboot the pc?

Thanks
scott
0
 
prashsaxCommented:
have you check the hosts file.

Its located under c:\windows\system32\drivers\etc\hosts


All these records can be listed here.

Please open it in notepad and check.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
ded9Commented:
If above does not work
 Try this
command

dnscmdServerName /clearcache

Reps


0
 
ded9Commented:
Also try this
Clearing the Cache

1.Start the DNS Manager from Administrative Tools.

2.From the left-tree view, select the applicable DNS server.

3.On the Action menu, click Clear Cache.

Reps
0
 
mikeleebrlaCommented:
hold up,,, you are trying to clear this on a dns server, or a DNS client

doing "After I did ipconfig/flushdns and /displaydns" will only clear the DNS CLIENT cache.

remember, most dns servers are also dns clients.
0
 
r_yagueAuthor Commented:
None of these seemed to work:  Still waiting for that one solution.

-  from Scotty_cisco----I rebooted pc....same result
-  from prashsax--------I checked this path > c:\windows\system32\drivers\etc\hosts,  "lmhosts.txt" instead of "hosts",  showed 2 ip addresses,  then, what's next?
-  from ded9-------------DNS service already set to automatic, same result
-  from ded9-------------dnscmdServerName /clearcache, no such command
-  from ded9-------------here is no DNS Manager from administrative tools (this is stand alone PC, not domain pc
0
 
prashsaxCommented:
So you don't have hosts file in your system.

Their must exists this hosts file at that location.




0
 
Ron MalmsteadInformation Services ManagerCommented:
prashsax is right.

If the file is missing, you can restore it from your i386 folder as well.

Sounds to me like you got a spyware/malware problem that is modifying your host file.

Make sure your folder properties is set to show hidden files, and show system files.  Sometimes malware virii will change the Hosts file and give it hidden attributes.

once you get that one figured out,  I would reboot into safe mode and run some scans.
0
 
r_yagueAuthor Commented:
I set to show hidden files and "hosts" file showed this sample lines.  Now what should I do with them?

# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
127.0.0.1      008k.com      # Added by SNM
127.0.0.1      00hq.com      # Added by SNM
127.0.0.1      100sexlinks.com      # Added by SNM
127.0.0.1      157.238.62.14      # Added by SNM
127.0.0.1      17-plus.com      # Added by SNM

127.0.0.1      1-domains-registrations.com      # Added by SNM
127.0.0.1      1sexparty.com      # Added by SNM
127.0.0.1      1stpagehere.com      # Added by SNM
127.0.0.1      2020search.com      # Added by SNM                                    
etc....etc...
0
 
giltjrCommented:
What is SNM?  Delete all lines that you do not know what they are for.  Please note that some software will add hosts file entries with the loopback address (127.0.0.1) as the IP address to prevent you from going there.
0
 
Kumar_Jayant123Commented:
Hi,

The DNS Cache goes off once you restart the DNS server Service.

What if you uppluf your network card, Restart the DNS Service, Do a Ipconfig /flushdns and try to ping the website.

There are some Porn site which gets stored in your system and comes up like the default page of the System.

I would recomend do a thorow Virus checkup.

Kumar
0
 
ansh_guptaCommented:
The host file clearly is bad. You only need to have 127.0.0.1       localhost there. remove everything else.

0
 
Kumar_Jayant123Commented:
Hi,

Delete the Host file and rename the Host.sam file and remove the extention .sam.

or

copy a host file from a different server.

0
 
prashsaxCommented:
That is what I was asking you.

Their are the bad records you want to get rid off.

# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost


This is how it should look like.(By default)

Now make sure that you are not using some of these entries to access some websites.

The best option is to backup your current host file and then delete all entries from it and make it look like the above.



0
 
giltjrCommented:
Before he starts wiping out the hosts file, he need to figure out what the Added by SNM means.  I don't know what product it was, but I have worked with somebody that installed a software product that blocked web sites that had adult content.

It did this by adding host file entires with the host names of the sites to be block to the hosts file with and IP address of the loop back address.

The reason that these hosts show up in the ipconfig /displaydsn after you do a ipconfig /flushdsn is that Windows reads the hosts file and preloads everything in it so that it limits the number of times it must read the file.

So, first step is to figure out what added or is adding these entries to the hosts file.

The bad part of using the hosts file to block sites is performance.  The person I worked with was complaining about "slow response time surfing the web".  There were so many entries in the hosts file (it was over 6KB) that it took six seconds to scan it to find out if the host name he was trying to reslove was in the hosts file or not.  After cleaning up the hosts file surfing the web was much faster.
0
 
r_yagueAuthor Commented:
Kumar_jayant123, there is no DNS server Service.  Only DNS client service

ansh_gupta, everything is on 127.0.0.1.  You mean to say keep all of them?  This is now getting confusing.

Kumar_jayan123, there is no Host.sam.  But there is lmhost.sam.  Also,  what server am I going to copy from.  My computer is not a server but a standalone desktop.

0
 
prashsaxCommented:
I totally agree with giltjr.

This is done by some Parental Control Software(Or something like that).

Since the IP address is loopback address, the purpose is very clear.(Stop access to these sites)

Deleting these entries would mean that your pc would resolve correct ip address to these sites and can access them.


0
 
mikeleebrlaCommented:
if any program does internet blocking by using the host file it is a POS and needs to be removed right away.  Do you realize that there are BILLIONs of websites out there and adding them all to the hostfile is the dumbest thing on earth.

More than likely SNM is an old admin who didn't know what he was doing and tried to block 'bad' sites by adding them to the hostfile with the loopback address.
Further evidence that SNM didn't know what he/she was doing is the fact that they had an IP pointed to an IP in the host file:

127.0.0.1     157.238.62.14     # Added by SNM

sorry, but this has no effect what-so-ever since whenver the PC tries to access 157.238.62.14 it will do so directly, and never even look at the hostfile.
0
 
ded9Commented:
it seems malware stuff

Scan computer
reps
0
 
giltjrCommented:
Well, I do agree that using the hosts file is not the brightest way to handle site blocking and whatever/whoever is updating the host file obvioulsy does not understand how it works and is just blindly adding entries.  Some of the entries are not adult related and some are no longer valid.

If this is what this person is using and he "cleans up" his host file, his PC can now get to sites that they may beleive are blocked.  Which could cause problems if this is a computer that kids use.  

Of couse if it is not getting updates there are many (10's, 100's, 1,000's, who knows) sites created daily that are not being blocked.

You could issue the following command:

    find /V "127.0.0.1" hosts > newhosts

This will put all lines that do NOT contain the string 127.0.0.1 in the file hosts into the file called newhosts.  If new hosts contains ANY lines, you need to evalutate them to see if they are still valid.  If they are, then I would suggest that you rename hosts to oldhosts.  Edit newhosts and add:

   127.0.0.1 localhost

as the first line and save it.  Then rename newhosts to hosts.

If newhosts was empty then copy hosts to oldhosts.  Edit hosts and delete EVERYTHING after the line:

    127.0.0.1 localhost

and save.  Then do ipconfig /flushdsn and ipconfig /displaydns and the entries should be gone.


However, I guess it is time for the author to respond back.  

Do you, did you have anytype of parental control software, pop-up blocker or advertisment blockers on this computer?

Do you know who or what SNM is/was?
0
 
prashsaxCommented:
I was talking about these entries.

>127.0.0.1     1sexparty.com     # Added by SNM
>127.0.0.1     1stpagehere.com     # Added by SNM
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.