I need to monitor the DNS requests a program makes

[I'll try not to be long-winded, but I bet I'll fail.]

I'm having routing issues, and I believe the problem is with my ISP's DNS
servers or upstream. For example, today I might go to the Web site
www.xyz.com and I'll get 21.22.23.111 for an IP address and get to the site
just fine. Tomorrow (or even an hour later!) I'll refresh the site and get
an "Internet Explorer cannot display the Web page" error. A ping or tracert
will tell me that now www.xyz.com is at 21.22.0.5. Flushing the DNS cache
will do nothing (I've tried), and performing an nslookup will also return
the bogus address. A few hours later I'll get the good address again. If
it's a site I'm particularly interested in I'll just put it in my HOSTS file
and hope it doesn't change.

Here's where the problem gets worse. I play an online game, and it
apparently does a DNS lookup to find its server. Sometimes it gets a good
address, sometimes it doesn't. I know what the good IP address is, but the
problem is that I don't know what host name the program is looking up, so I
can't put this address in my HOSTS file.

To this end I'm hoping to find some sort of monitoring program or "sniffer"
or whatever that can tell me all the DNS requests being made by my computer,
or, preferrably, by a single process. I'm sure these things exist, because
that's what people use to track what malware is trying to do.

Oh, one other thing: I'm looking for freeware. This problem is annoying, but
it's not worth spending money on. Any suggestions?

(I suppose in the worst case scenario I could set up a DNS server on my
machine, tell it to forward all requests to my real DNS servers, and then
check the logs.)

"Jeff Johnson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> I know what the good IP address is, but the problem is that I don't know
> what host name the program is looking up, so I can't put this address in
> my HOSTS file.

Dammit, it just occurred to me that I could search the executable for
strings. I'll try that, but I'd still appreciate pointers to software.

"Jeff Johnson" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> [I'll try not to be long-winded, but I bet I'll fail.]
>
> I'm having routing issues, and I believe the problem is with my
> ISP's DNS servers or upstream. For example, today I might go to
> the Web site www.xyz.com and I'll get 21.22.23.111 for an IP
> address and get to the site just fine. Tomorrow (or even an hour
> later!) I'll refresh the site and get an "Internet Explorer cannot
> display the Web page" error. A ping or tracert will tell me that
> now www.xyz.com is at 21.22.0.5. Flushing the DNS cache will do
> nothing (I've tried), and performing an nslookup will also return
> the bogus address. A few hours later I'll get the good address
> again. If it's a site I'm particularly interested in I'll just put
> it in my HOSTS file and hope it doesn't change.
>
> Here's where the problem gets worse. I play an online game, and it
> apparently does a DNS lookup to find its server. Sometimes it gets
> a good address, sometimes it doesn't. I know what the good IP
> address is, but the problem is that I don't know what host name
> the program is looking up, so I can't put this address in my HOSTS
> file.
>
> To this end I'm hoping to find some sort of monitoring program or
> "sniffer" or whatever that can tell me all the DNS requests being
> made by my computer, or, preferrably, by a single process. I'm
> sure these things exist, because that's what people use to track
> what malware is trying to do.
>
> Oh, one other thing: I'm looking for freeware. This problem is
> annoying, but it's not worth spending money on. Any suggestions?
>
> (I suppose in the worst case scenario I could set up a DNS server
> on my machine, tell it to forward all requests to my real DNS
> servers, and then check the logs.)
>
>

It sounds like you could have a flaky DNS Server.

There's no reason that you *have* to use your own ISP's DNS Server.

Try a free public DNS Server instead and see if you get the same
problems:
<http://www.opendns.com/>
<http://en.wikipedia.org/wiki/Open_dns>

If you still want to monitor your DNS queries, you will probably have
to use a program such as [freeware] Wireshark to capture DNS packets
for later analysis.

<http://www.wireshark.org/>

HTH,
John

"John Wunderlich" <(E-Mail Removed)> wrote in message
news:Xns9B157FEC3879Awunderpsdrscray@138.126.254.2 10...

> It sounds like you could have a flaky DNS Server.
>
> There's no reason that you *have* to use your own ISP's DNS Server.

Oh, that's how I "solved" it last night: I pointed myself to my company's
DNS servers. But I consider that a hack and I'm not a fan of hacks.

> Try a free public DNS Server instead and see if you get the same
> problems:
> <http://www.opendns.com/>
> <http://en.wikipedia.org/wiki/Open_dns>

Good reference, I'll store this away, thanks.

> If you still want to monitor your DNS queries, you will probably have
> to use a program such as [freeware] Wireshark to capture DNS packets
> for later analysis.
>
> <http://www.wireshark.org/>

Cool. Will take a look.

Hello Jeff,

Please post an unedited ipconfig from your machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> [I'll try not to be long-winded, but I bet I'll fail.]
>
> I'm having routing issues, and I believe the problem is with my ISP's
> DNS servers or upstream. For example, today I might go to the Web site
> www.xyz.com and I'll get 21.22.23.111 for an IP address and get to the
> site just fine. Tomorrow (or even an hour later!) I'll refresh the
> site and get an "Internet Explorer cannot display the Web page" error.
> A ping or tracert will tell me that now www.xyz.com is at 21.22.0.5.
> Flushing the DNS cache will do nothing (I've tried), and performing an
> nslookup will also return the bogus address. A few hours later I'll
> get the good address again. If it's a site I'm particularly interested
> in I'll just put it in my HOSTS file and hope it doesn't change.
>
> Here's where the problem gets worse. I play an online game, and it
> apparently does a DNS lookup to find its server. Sometimes it gets a
> good address, sometimes it doesn't. I know what the good IP address
> is, but the problem is that I don't know what host name the program is
> looking up, so I can't put this address in my HOSTS file.
>
> To this end I'm hoping to find some sort of monitoring program or
> "sniffer" or whatever that can tell me all the DNS requests being made
> by my computer, or, preferrably, by a single process. I'm sure these
> things exist, because that's what people use to track what malware is
> trying to do.
>
> Oh, one other thing: I'm looking for freeware. This problem is
> annoying, but it's not worth spending money on. Any suggestions?
>
> (I suppose in the worst case scenario I could set up a DNS server on
> my machine, tell it to forward all requests to my real DNS servers,
> and then check the logs.)
>