Windows 10: Suspicious entries in dns cache

Discus and support Suspicious entries in dns cache in AntiVirus, Firewalls and System Security to solve the problem; I've spotted some suspicious entries in the dns cache. The domains seem to be of chinese origin and they have been reported by some as malware. I've... Discussion in 'AntiVirus, Firewalls and System Security' started by NONOosno, May 31, 2020.

  1. NONOOSNO
    NONOosno Win User

    Suspicious entries in dns cache


    I've spotted some suspicious entries in the dns cache. The domains seem to be of chinese origin and they have been reported by some as malware. I've run anti-malware programs, flushed the dns cache, changed the preferred dns, restarted my computer and so on, but they are still there. I haven't noticed any issues but I wonder if there is anything I can do to make them disappear, or if I should simply just reset my computer.


    The displaydns output:


    1.0.0.127.in-addr.arpa
    ----------------------------------------
    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : down.baidu2016.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : 123.sogou.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzgm.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzxl.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : down.baidu2016.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : 123.sogou.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzgm.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzxl.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : down.baidu2016.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : 123.sogou.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzgm.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : www.czzsyzxl.com


    Record Name . . . . . : 1.0.0.127.in-addr.arpa.
    Record Type . . . . . : 12
    Time To Live . . . . : 552338
    Data Length . . . . . : 8
    Section . . . . . . . : Answer
    PTR Record . . . . . : union.baidu2019.com


    www.czzsyzgm.com
    ----------------------------------------
    No records of type AAAA


    www.czzsyzgm.com
    ----------------------------------------
    Record Name . . . . . : www.czzsyzgm.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : www.czzsyzgm.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : www.czzsyzgm.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    123.sogou.com
    ----------------------------------------
    No records of type AAAA


    123.sogou.com
    ----------------------------------------
    Record Name . . . . . : 123.sogou.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : 123.sogou.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : 123.sogou.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    www.czzsyzxl.com
    ----------------------------------------
    No records of type AAAA


    www.czzsyzxl.com
    ----------------------------------------
    Record Name . . . . . : www.czzsyzxl.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : www.czzsyzxl.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : www.czzsyzxl.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    down.baidu2016.com
    ----------------------------------------
    No records of type AAAA


    down.baidu2016.com
    ----------------------------------------
    Record Name . . . . . : down.baidu2016.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : down.baidu2016.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    Record Name . . . . . : down.baidu2016.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1


    union.baidu2019.com
    ----------------------------------------
    No records of type AAAA


    union.baidu2019.com
    ----------------------------------------
    Record Name . . . . . : union.baidu2019.com
    Record Type . . . . . : 1
    Time To Live . . . . : 552338
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A Host Record . . . : 127.0.0.1

    :)
     
    NONOosno, May 31, 2020
    #1
  2. LEONLAUDE
    LeonLaude Win User

    DNS SERVER NOT RESONDING

    Hi Rita French,

    This issue often occurs when the DNS settings are incorrect. I suggest you to perform the following methods to troubleshoot the issue.

    Method 1:

    I would recommend you to change the Preferred DNS server and check if it helps.

    • Press Windows + R keys to open Run window, type
      ncpa.cpl and press Enter.
    • Right-click on the connection that you use for the local connection, and then click
      Properties.
    • Click to select Internet Protocol Version 4 (TCP/IPv4), and then click
      Properties.
    • In the Internet Protocol window, let's change the Preferred DNS server to
      208.67.222.222
    • Click OK twice to complete the modification.

    Note: If the issue persists, please repeat the steps and change the "Preferred DNS server" to 208.67.220.220.

    Method 2:

    If that does not help, try to flush the DNS. Follow these steps below.

    • From Start screen, type Command Prompt.
    • Right-click on Command Prompt and choose Run as Administrator.
    • Type: ipconfig /flushdns and press Enter.

    Note: The ipconfig /flushdns command provides you with a means to flush and reset the contents of the DNS client resolver cache. During DNS troubleshooting, if necessary, you can use this procedure to discard negative cache entries from the cache, as well
    as, any other dynamically added entries.

    Hope any of these methods help!

    Kind regards,

    Leon
     
    LeonLaude, May 31, 2020
    #2
  3. COUNTFRACKULA
    CountFrackula Win User
    Reset Cached DNS in Windows 10

    I recently set up an AD server that is also now my DNS server. Everything worked fine with my Windows 7 machines. I pointed my router to the new DNS server and everything worked like it should after disconnecting and reconnecting to the network.

    Unfortunately, Windows 10 is hanging on to old DNS entries and I just get this:

    IPv4 DNS Server: 8.8.8.8

    8.8.4.4

    192.168.1.1

    My Windows XP/7 machines got the DNS update with zero issues after refreshing their IP.

    All of the machines are set to automatically get the DNS server from the router.

    This is what I've tried.

    • Release/renew IP.
    • Flushdns/Renewdns.
    • Disabling/enabling adapters.
    • Deleting and reinstalling adapters.
    • Performing a Winsock reset.
    • Removing cached networks from my registry and rebooting.
    • Resetting my network from the network config.
    • Rebooting literally everything.
    Nothing works. It still hangs on to those old DNS servers. Short of chunking my router and
    forcing it to get a new DNS (from a new MAC address), I'm not sure what's left.
     
    CountFrackula, May 31, 2020
    #3
  4. COLINFABER
    ColinFaber Win User

    Suspicious entries in dns cache

    Windows 10 DNS caching problem

    After some time of messing around with the two windows 10 machines I have, one a laptop, the other a surface pro 4, I've consistently hit the DNS resolution issues that many other people have reported.

    Basically what happens is DNS resolution stops functioning for a period of time, however previously cached domains still resolve. A simple and effective solution to this is to just flush dns cache with ipconfig /flushdns command. More frustrating is that
    it appears when DNS resolution fails, nxdomain is cached as well (which may actually be a significant part of the problem).

    Microsoft network engineering should take a good look at how the resolver cache is handled, as it appears that some failure which results in DNS resolution failure will end up with a cached nxdomain (which should never happen). The fact that a simple dns
    flush fixes the problem instantly strongly suggests that there is a bug in this part of the code which needs closer examination.
     
    ColinFaber, May 31, 2020
    #4
Thema:

Suspicious entries in dns cache

Loading...

  1. Suspicious entries in dns cache - Similar Threads - Suspicious entries dns

  2. How to display all cached DNS entries on Windows

    in Windows 10 News
    How to display all cached DNS entries on Windows: The Windows operating system uses a cache for DNS entries. DNS (Domain Name System) is a core technology of the Internet that is being used for communication. In particular, it is used to lookup IP addresses of domain names. [ATTACH] When users type a domain name in the...

  3. DNS Entry Information

    in Windows 10 Network and Sharing
    DNS Entry Information: Where can I find DNS information similar to the information I can get from ipconfig /displaydns? Are they stored in a file? https://answers.microsoft.com/en-us/windows/forum/all/dns-entry-information/9324db66-26da-484e-acf0-ec07491301cd

  4. Flush DNS Cache

    in Windows 10 Network and Sharing
    Flush DNS Cache: The other day I tried to flush my DNS cache (no particular reason). command run as admin: ipconfig/flushdns result: Successfully flushed the DNS Resolver Cache. but with the command ipconfg/displaydns I still see 139 entries the service "DNS Client" is running (set to...

  5. Flush DNS Cache

    in Windows 10 Support
    Flush DNS Cache: The other day I tried to flush my DNS cache (no particular reason). command run as admin: ipconfig/flushdns result: Successfully flushed the DNS Resolver Cache. but with the command ipconfg/displaydns I still see 139 entries the service "DNS Client" is running (set to...

  6. Suspicious entries in dns cache

    in Windows 10 Network and Sharing
    Suspicious entries in dns cache: I've spotted some suspicious entries in the dns cache. The domains seem to be of chinese origin and they have been reported by some as malware. I've run anti-malware programs, flushed the dns cache, changed the preferred dns, restarted my computer and so on, but they are...

  7. DNS Cache Suspicious Entries

    in Windows 10 Network and Sharing
    DNS Cache Suspicious Entries: Hello, I have a DNS entry which never goes away even after flushing it multiple times and restarting the machine. I would like to know if there is a way to identify which program/application is constantly trying to access the network so that I can remove this suspicious...

  8. Suspicious DNS Rule.

    in AntiVirus, Firewalls and System Security
    Suspicious DNS Rule.: Hello. I was checking Windows Firewall and it came to my attention that, for these past few weeks, I have been seeing a suspicious set of rules that keep reappearing in my inbound rule set. These rules do not go away when I delete them and sometimes more of them appear. I...

  9. DNS Cache

    in Windows 10 Network and Sharing
    DNS Cache: I have a site that was pointed to shopify, and then closed the store. Now when I try to load the new site, it always directs to the closed shopify site. If I do a dns reset using ipconfig /flushdns it will work for a while, but then always reverts back. So I have to reset...

  10. DNS Cache Users

    in Windows 10 Network and Sharing
    DNS Cache Users: Do Google Chrome, MS Edge, & IE all use the same DNS Cache? And is there any wisdom to periodically flushing the cache just as a normal maintenance routine? 80766