very odd DNS behavior with XP

G

George Csahanin

Hi all. I've asked this before and had only two responses, and those were
not able to fix this problem.

My dad's two laptops do this. Here is an ecerpt from the nameserver he is
accessing:

messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.microsoft.com/MX/IN
messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.yahoo.com/MX/IN
messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.intel.com/MX/IN
messages:Sep 16 04:58:06 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.intel.com/MX/IN
messages:Sep 16 04:58:06 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.google.com/MX/IN
messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.microsoft.com/MX/IN
messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.yahoo.com/MX/IN
messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.intel.com/MX/IN
messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.google.com/MX/IN
messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.microsoft.com/MX/IN
messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.yahoo.com/MX/IN
messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.intel.com/MX/IN
messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
XX+/192.168.0.4/www.google.com/MX/IN

This goes on continuously. Every ten seconds it looks up MX record for those
four domains.

You never can catch it in netstat. Stop all sorts of services, it doesn't
stop.

I have no more hair to pull out.

192.168.0.4 is his laptop.

Anyone ever hear of this? Most would never see it because they're accessing
an ISP's name server. But here I control that. Its filling the log file, and
I'm afraid that it is part of a keystroke monitoring deal, though it would
appear that whatever it is, it is not getting the answer it wants.

I'm NOT a Windows expert, I know more on the Unix side, but open to
suggestions. This was a fresh install. He's doing SOMETHING that allows
this. It didn't take him long. He does play online games thru Pogo.

GeorgeC
Austin, TX

reply by email to nic at dyb dot com

Thanks!
 
L

Luke

I did have this problem, but i took it to PC World and they fixed it for
£40. and by the way saying 192.168.0.4 is your dads laptob isnt very safe...
be careful.


"George Csahanin" <george@dyb.com> wrote in message
news:RveHi.3083$ZA5.550@nlpi068.nbdc.sbc.com...
> Hi all. I've asked this before and had only two responses, and those were
> not able to fix this problem.
>
> My dad's two laptops do this. Here is an ecerpt from the nameserver he is
> accessing:
>
> messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.microsoft.com/MX/IN
> messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.yahoo.com/MX/IN
> messages:Sep 16 04:58:05 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.intel.com/MX/IN
> messages:Sep 16 04:58:06 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.intel.com/MX/IN
> messages:Sep 16 04:58:06 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.google.com/MX/IN
> messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.microsoft.com/MX/IN
> messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.yahoo.com/MX/IN
> messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.intel.com/MX/IN
> messages:Sep 16 04:58:15 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.google.com/MX/IN
> messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.microsoft.com/MX/IN
> messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.yahoo.com/MX/IN
> messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.intel.com/MX/IN
> messages:Sep 16 04:58:25 netxpress_HD1 named[692]:
> XX+/192.168.0.4/www.google.com/MX/IN
>
> This goes on continuously. Every ten seconds it looks up MX record for
> those four domains.
>
> You never can catch it in netstat. Stop all sorts of services, it doesn't
> stop.
>
> I have no more hair to pull out.
>
> 192.168.0.4 is his laptop.
>
> Anyone ever hear of this? Most would never see it because they're
> accessing an ISP's name server. But here I control that. Its filling the
> log file, and I'm afraid that it is part of a keystroke monitoring deal,
> though it would appear that whatever it is, it is not getting the answer
> it wants.
>
> I'm NOT a Windows expert, I know more on the Unix side, but open to
> suggestions. This was a fresh install. He's doing SOMETHING that allows
> this. It didn't take him long. He does play online games thru Pogo.
>
> GeorgeC
> Austin, TX
>
> reply by email to nic at dyb dot com
>
> Thanks!
>
>
 
M

Malke

Luke wrote:
> I did have this problem, but i took it to PC World and they fixed it for
> £40. and by the way saying 192.168.0.4 is your dads laptob isnt very
> safe... be careful.

You've responded to a very old (in Usenet terms) post. It is unlikely
the Original Poster will come back. In any case, you are incorrect in
saying that it was unsafe of him to list the 192.168.0.4 IP address.
That is a private IP address and not accessible from the Internet. This
will make it clearer to you:

http://www.duxcw.com/faq/network/privip.htm


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
G

George Csahanin

Malke, I do check back to look for replies. I did smile over the comment
about the address, I guess some people don't know about private addresses.

But the problem really has me puzzled. The closest I have come to a
resolution was somone point out that it is a piece of Netgear wireless
adapter software that uses these lookups to check for network connection.

And you're right...Don't Panic...

GeorgeC


"Malke" <notreally@invalid.invalid> wrote in message
news:%23RawFaqBIHA.4496@TK2MSFTNGP06.phx.gbl...
> Luke wrote:
>> I did have this problem, but i took it to PC World and they fixed it for
>> £40. and by the way saying 192.168.0.4 is your dads laptob isnt very
>> safe... be careful.
>
> You've responded to a very old (in Usenet terms) post. It is unlikely the
> Original Poster will come back. In any case, you are incorrect in saying
> that it was unsafe of him to list the 192.168.0.4 IP address. That is a
> private IP address and not accessible from the Internet. This will make it
> clearer to you:
>
> http://www.duxcw.com/faq/network/privip.htm
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 
M

Malke

George Csahanin wrote:
> Malke, I do check back to look for replies. I did smile over the comment
> about the address, I guess some people don't know about private addresses.
>
> But the problem really has me puzzled. The closest I have come to a
> resolution was somone point out that it is a piece of Netgear wireless
> adapter software that uses these lookups to check for network connection.

Hi, George - You are an exception because usually if someone doesn't
come back in a day, that's all she wrote. I honestly don't know the
answer to your question. The possibility that this is the Netgear
checking for connectivity isn't completely far-fetched I suppose.

You might want to pull the Netgear and throw another router in there
just to see what happens.

Cheers,

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
G

George Csahanin

I do need to look at it first-hand. It is 1500 miles away in my dad's house.

The idea about it being to check for connectivity comes from a netgear forum
at their web site, and was confirmed by the moderator. Ugly way to do it.
Generates a huge amount of net traffic.



Thanks for the supportive words.

GeorgeC


"Malke" <notreally@invalid.invalid> wrote in message
news:eC1EFGcGIHA.3360@TK2MSFTNGP04.phx.gbl...
> George Csahanin wrote:
>> Malke, I do check back to look for replies. I did smile over the comment
>> about the address, I guess some people don't know about private
>> addresses.
>>
>> But the problem really has me puzzled. The closest I have come to a
>> resolution was somone point out that it is a piece of Netgear wireless
>> adapter software that uses these lookups to check for network connection.
>
> Hi, George - You are an exception because usually if someone doesn't come
> back in a day, that's all she wrote. I honestly don't know the answer to
> your question. The possibility that this is the Netgear checking for
> connectivity isn't completely far-fetched I suppose.
>
> You might want to pull the Netgear and throw another router in there just
> to see what happens.
>
> Cheers,
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 
You must log in or register to reply here.

Similar threads

P
  • Article
Copilot+ PCs expand availability with new AMD and Intel silicon
Replies
0
Views
28
Pavan Davuluri
P
S
  • Article
Devices hit the market with new AMD Ryzen AI 300 Series chips
Replies
0
Views
45
Steve Clarke, Editor
S
J
  • Article
Empowering every scientist with AI-augmented scientific discovery
Replies
0
Views
191
Jason Zander
J
M
Windows udpate stuck at "PreRegistering Staged package Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe"
Replies
0
Views
476
Mike.292
M
N
With each restart/startup, 2 "BlueScreenOfDeath" in a row, than no problems
Replies
0
Views
169
NathanChinchilla
N
Back
Top Bottom