Are there any DNS experts in the house?

[Hawkes]

Hey gang.... I need a DNS expert.  Any takers?


I hvae a 2003 SBS box with ESET installed as the AV solution.  The ESET server cannot update to the ESET update servers.  We have disabled the firewall on both the server and router temporarily and that didn't clear it up.  We have cleared the DNS cached lookups... flushed DNS... disabled RSS... ran the server in a DMZ temporarily..... NOTHING CLEARS THIS UP.  

from a CMD prompt we have reset the TCP/IP stack, reset winsock.  If I do an NSLOOKUP update.eset.com, I will get a listing of all the update server IP's, however, I am unable to ping the URL or any of the IP's since it comes back as failed.  It is just this URL (update.eset.com) that is giving me this trouble.  I can ping yahoo.com or anything else so it appears that this i the only site.  I'm running out of ideas......



Anyone?

[Jim Tressel]

It won't fix the underlying problem, but you could manually add a dns pointer for update.eset.com.

[gr0n]

Does this help?

http://kb.eset.com/esetkb/index?page=content&id=SOLN372&actp=LIST_POPULAR

Sounds like DNS is working fine if you can nslookup and ping (even though you get no response it still resolves the IP?).  My guess is something on the machine stopping you... some other AV/anti-malware app?  Maybe a configuration issue of NOD32?

[Hawkes]

I've goine through all that as well and since we're an ESET partner, I spoke with premium support and everyone thinks the same thing.  DNS is fine, however, something installed on the machine (whether good or bad) is keeping us from hitting the URL/IP.  I apprecaite the suggestions and will let you guys know what happens.

T

[Varg]

I dont think this is a DNS issue, but here is what I get when I hit it-

Name:    update.eset.com
Addresses:  93.184.71.27, 62.67.184.68, 62.67.184.70, 89.202.149.34
          89.202.157.226, 89.202.157.227, 90.183.101.10, 93.184.71.21

PING update.eset.com: (62.67.184.68): 56 data bytes
64 bytes from 62.67.184.68: icmp_seq=0 ttl=47 time=151 ms
64 bytes from 62.67.184.68: icmp_seq=1 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=2 ttl=47 time=160 ms
64 bytes from 62.67.184.68: icmp_seq=3 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=4 ttl=47 time=149 ms
64 bytes from 62.67.184.68: icmp_seq=5 ttl=47 time=160 ms
64 bytes from 62.67.184.68: icmp_seq=6 ttl=47 time=152 ms



When it tries to update, run netstat in a command prompt and post what it says.

Have you tried another machine on the same subnet as this server and tried to ping/nslookup and compared?

Are you familiar with or ever used a packet capture program like "Wireshark"?

Nothing in the hosts file on the server right? (even though i dont think this is the issue as the IP failed the ping as well- worth a look anyhow)

just some random ideas

[Hawkes]

Got it...

Redosfru.GF was still on the machine.  There was a process called Comhidserv running under svchost.exe that finally triggered the ESET client.  Once I removed it, the updates came pouring down.  Thanks guys.