Wolverines

Public Forums => Tech Talk => Topic started by: Hawkes on December 29, 2010, 09:27:28 PM



Title: Are there any DNS experts in the house?
Post by: Hawkes on December 29, 2010, 09:27:28 PM
Hey gang.... I need a DNS expert.  Any takers?


I hvae a 2003 SBS box with ESET installed as the AV solution.  The ESET server cannot update to the ESET update servers.  We have disabled the firewall on both the server and router temporarily and that didn't clear it up.  We have cleared the DNS cached lookups... flushed DNS... disabled RSS... ran the server in a DMZ temporarily..... NOTHING CLEARS THIS UP.  

from a CMD prompt we have reset the TCP/IP stack, reset winsock.  If I do an NSLOOKUP update.eset.com, I will get a listing of all the update server IP's, however, I am unable to ping the URL or any of the IP's since it comes back as failed.  It is just this URL (update.eset.com) that is giving me this trouble.  I can ping yahoo.com or anything else so it appears that this i the only site.  I'm running out of ideas......



Anyone?



Title: Re: Are there any DNS experts in the house?
Post by: Jim Tressel on December 29, 2010, 10:21:43 PM
It won't fix the underlying problem, but you could manually add a dns pointer for update.eset.com.


Title: Re: Are there any DNS experts in the house?
Post by: gr0n on December 29, 2010, 11:26:56 PM
Does this help?

http://kb.eset.com/esetkb/index?page=content&id=SOLN372&actp=LIST_POPULAR

Sounds like DNS is working fine if you can nslookup and ping (even though you get no response it still resolves the IP?).  My guess is something on the machine stopping you... some other AV/anti-malware app?  Maybe a configuration issue of NOD32?


Title: Re: Are there any DNS experts in the house?
Post by: Hawkes on December 29, 2010, 11:46:32 PM
I've goine through all that as well and since we're an ESET partner, I spoke with premium support and everyone thinks the same thing.  DNS is fine, however, something installed on the machine (whether good or bad) is keeping us from hitting the URL/IP.  I apprecaite the suggestions and will let you guys know what happens.

T


Title: Re: Are there any DNS experts in the house?
Post by: Varg on December 30, 2010, 12:58:19 PM
I dont think this is a DNS issue, but here is what I get when I hit it-

Name:    update.eset.com
Addresses:  93.184.71.27, 62.67.184.68, 62.67.184.70, 89.202.149.34
          89.202.157.226, 89.202.157.227, 90.183.101.10, 93.184.71.21

PING update.eset.com: (62.67.184.68): 56 data bytes
64 bytes from 62.67.184.68: icmp_seq=0 ttl=47 time=151 ms
64 bytes from 62.67.184.68: icmp_seq=1 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=2 ttl=47 time=160 ms
64 bytes from 62.67.184.68: icmp_seq=3 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=4 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=5 ttl=47 time=160 ms
64 bytes from 62.67.184.68: icmp_seq=6 ttl=47 time=152 ms



When it tries to update, run netstat in a command prompt and post what it says.

Have you tried another machine on the same subnet as this server and tried to ping/nslookup and compared?

Are you familiar with or ever used a packet capture program like "Wireshark"?

Nothing in the hosts file on the server right? (even though i dont think this is the issue as the IP failed the ping as well- worth a look anyhow)

just some random ideas


Title: Re: Are there any DNS experts in the house?
Post by: Hawkes on January 01, 2011, 08:07:23 PM
Got it...

Redosfru.GF was still on the machine.  There was a process called Comhidserv running under svchost.exe that finally triggered the ESET client.  Once I removed it, the updates came pouring down.  Thanks guys.



fmclip.com