Jeff Liebermann <jeffl@cruzio.com> wrote in
news:l8tqhh1e1eplrv47gkm2vtrd6v7kuom8c9@4ax.com:

> On Sun, 11 Sep 2022 00:52:39 -0000 (UTC), CALAMITYJANE
> <CALAMITYJANE@GMX.COM> wrote:
>
>>Jeff Liebermann <jeffl@cruzio.com> wrote in
>>news:a0o3fhlt07aq4mkuu09059n3bfmc21l48h@4ax.com:
>>
>>> On Mon, 8 Aug 2022 02:22:42 -0000 (UTC), CALAMITYJANE
>>> <CALAMITYJANE@GMX.COM> wrote:
>>>
>>>>I do know that the DNS lookups are often exceeding ly slow on
>>>>my machine. SUPPOSEDLY you can make your own DNS file under hosts,
>>>>but I could never get windows 7 (last OS I tried) to use the host
>>>>file for lookups.
>>>
>>> Perhaps benchmarking your DNS lookups might be useful. I use this
>>> tool (mostly because I'm too lazy to find something better):
>>> <https://www.grc.com/dns/benchmark.htm>
>>>
>>>>SUPPOSEDLY you can make your own DNS file under hosts, but I
>>>>could never get windows 7 (last OS I tried) to use the host file for
>>>>lookups.
>>>
>>> It works for me on Windoze 10. The hosts file should be here:
>>> C:\Windows\System32\Drivers\etc\hosts
>>> The etc directory is hidden.
>>>
>>> If you're using Firefox browser:
>>> <https://www.liquidweb.com/kb/dns-hosts-file/>
>>> "Firefox now uses DNS over HTTPS (or DOH) by default. That means
>>> instead of checking your local hosts file or even your DNS resolver.
>>> Firefox simply makes the DNS request over HTTPS from within the
>>> browser."
>>>
>>> Note that editing the hosts file will NOT change the name(s) of the
>>> DNS server(s) used by your machine. It will only change the name to
>>> IP address mapping. The actual names of the DNS servers are buried
>>> in the registry or set by DHCP. If you want to use a different
>>> specific DNS server, then either use the user friendly network
>>> config:
>>> Settings -> Network & Internet -> Change Adapter Settings.
>>> Then right-click on a connection and select:
>>> Properties -> IPv4 -> Properties:
>>> Select use the following DNS server address, fill in the blanks and
>>> remember save before exiting (my favorite screwup).
>>>
>>> Or, you can do it from the command line using netsh:
>>> netsh
>>> interface ip show config
>>> Find the network interface name. Ethernet 0 is a common name:
>>> interface ip set dns "Ethernet0" static 8.8.8.8
>>> Replace the 8.8.8.8 above with your desired DNS server. For the
>>> secondary DNS server, it's the same with index=2 appended:
>>> interface ip set dns "Ethernet0" static 8.8.4.4 index=2
>>>
>>> There's no way I'm going to even try to explain how to do this by
>>> editing the registry directly. I've screwed up too many machines
>>> (including my own). You have been warned.
>>>
>>> Don't forget to flush the DNS cache before testing or you will
>>> likely get lookups from previous config changes:
>>> ipconfig /flushdns
>>>
>>> Good luck.
>
>>Thanks for that additional info. Did not know that about ffox.
>>Supposedly you can add DNS entry in FFox, but must use a special
>>syntax because last time I tried would not work.
>
> There's no special syntax. DNS servers are simply the IP address of
> the server or the IP address of the various backup servers.
>
> Hamburger -> Settings -> General -> Network (bottom of page)
> If you disable (uncheck) DNS over HTTPS, you can then mangle your web
> browsers DNS settings whatever you find useful.
> <https://support.mozilla.org/en-US/kb/firefox-dns-over-https>
> Just remember that there is a hierarchy of DNS server and that
> "default server" means "use this DNS server if no other DNS server is
> specified. So, if you have your machine configured for:
> Firefox DNS over HTTPS (Cloudflare)
> Windows 8.8.8.8 (Google)
> Router 75.75.75.75 (Comcast)
> it is possible for different applications and devices to use
> completely different DNS servers on your network. In the above
> configuration, Firefox will always go to Cloudflare, no matter how you
> have DNS configured on your Windoze OS or Router. However, if you
> decided to use Chrome browser, and specified that it use the default
> DNS server, it would use whatever is configured in Windoze (including
> the Hosts file). If you have everything configured to use the "system
> default", then DNS will use whatever the router says (usually the
> ISP's DNS server). Things can also get confusing if I throw in a
> local DNS server, proxy server, VPN, DNS redirector or load balancer.
> If you find the DNS lookups are going a wide variety of DNS servers,
> you might want to reset all the DNS settings to default and start
> over. Don't forget to flush the DNS cache or your will continue to
> have lookup failures even after you reset to default.
>
>>I image my OS so if the
>>registry fucks up bad, I just restore the image, no problem.
>
> That's a good idea if you're sure that your registry entries are
> correct. (Assumption if the mother of all screwups). I save multiple
> registry backups as I blunder forward. Unfortunately, I don't recall
> the name of the program I was using.
>
>>Also I
>>notice something really weird, maybe you know why? I can only ping
>>certain specific DNS IP addresses from cmd. Others won't work. In some
>>cases I have to use the domain name to ping, which indicates to me
>>that they are routing ping through their ISP's OWN dns. For example
>>under win 8.1 if I ping one say, google's IP I get nothing, but if I
>>ping google.com I get normal ping. They do not recognize the IP. On
>>DNS Ip's some work no problem others will just stall. Maybe it's my
>>3rd party firewall causing this, I have to check it.
>
> I don't know what's causing that. Let's just take the Google problem,
> where pinging google.com works, but fails using the google IP address.
> I'll try it here (on Windoze 10):
> C:\Users\jeffl>ping google.com -4
> Pinging google.com [142.250.191.46] with 32 bytes of data:
> Reply from 142.250.191.46: bytes=32 time=9ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=10ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=8ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=9ms TTL=57
> Ping statistics for 142.250.191.46:
>
> C:\Users\jeffl>ping 142.250.191.46 -4
> Pinging 142.250.191.46 with 32 bytes of data:
> Reply from 142.250.191.46: bytes=32 time=9ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=9ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=9ms TTL=57
> Reply from 142.250.191.46: bytes=32 time=10ms TTL=57
> Ping statistics for 142.250.191.46:
>
> Looks like it works. Incidentally I use IPv6 by default, so I had to
> force IPv4 to make ping look reasonable.
>
> Next, try traceroute (tracert):
>
> C:\Users\jeffl>tracert 142.250.191.46
> Tracing route to nuq04s42-in-f14.1e100.net [142.250.191.46]
> over a maximum of 30 hops:
> 1 <1 ms <1 ms <1 ms router.asus.com [192.168.11.1]
> 2 8 ms 8 ms 8 ms 96.120.89.1
> 3 8 ms 8 ms 9 ms
> po-301-1203-rur01.scotts.ca.sfba.comcast.net [96.110.102.129]
> 4 8 ms 7 ms 8 ms
> be-221-rar01.santaclara.ca.sfba.comcast.net [69.139.199.205]
> 5 8 ms 8 ms 9 ms 96.108.99.153
> 6 10 ms 12 ms 10 ms
> be-299-ar01.santaclara.ca.sfba.comcast.net [68.86.143.93]
> 7 12 ms 9 ms 10 ms 96.112.146.26
> 8 12 ms 10 ms 10 ms 142.251.70.49
> 9 10 ms 9 ms 10 ms 142.251.65.129
> 10 9 ms 8 ms 9 ms nuq04s42-in-f14.1e100.net
> [142.250.191.46]
> Trace complete.
>
> I suspect that if you tried that on your system, the traceroute by IP
> will show a completely different route than the router by FQDN (fully
> qualified domain name), which suggests a DNS lookup for Google.com is
> returning the wrong IP address. Try nslookup or dig:
> "How to test DNS with dig and nslookup"
> <https://www.a2hosting.com/kb/getting-started-guide/internet-and-networ
> king/troubleshooting-dns-with-dig-and-nslookup>
>
> You might also try a sanity check on where your packets are going and
> which gateways are being used. Try:
> route -print -4
>
Ok thanks. I should mention the reason I am asking about this is that I
often get failed messages from my browser "cannot find address" or other
similar dns failure messages. When I change the DNS I can get the site.
From memory it seems to happen whether I change at the browser or under
win adapter settings.

Also the example you gave of pinging google vs google's IP is NOT what I
get. I get freeze/nothing when I ping the IP and normal ping when I ping
google. But this does not happen across all DNS IPs. Some will proceed
with the ping normally and others just stall. I also often get: your
access to the network is blocked. But when I change DNS or use a VPN, I
get through. I have done a housecall virus check and all my av checks
come up negative. That is why I am suspcious of an undiscovered R.A.T. or
similar or hacking by my ISP or others sharing the router.

I will try the other shell commands you mention maybe they will shed some
light. I frequently have to change my DNS at the OS level or use a VPN to
access sites. My FW disallows most all connections except for port 80 and
443. I tried blocking p 53 with no effect.