Hi,
Short summary:
Since I am running comodo firewall I am experiencing a strange behavior of Windows XP: All applications directly try to connect to the DNS server UDP port 53 in order to query the DNS (e.g. firefox contacts DNS server UDP port 53). Despite the DNS client service (dnscache) is running fine. They used to do that through svchost.exe.
Any idea how to change this back to using svchost?
Long explanation:
Before I used Agnitum Outpost. There I had a rule allowing svchost.exe to connect to my DNS servers. All DNS queries on behalf of running applications were done through svchost.exe. Fine!
Then I uninstalled Outpost since I was not very convinced of it and installed Comodo. Since then, all applications directly try to query the DNS server. They do not use svchost.exe any more.
Well, of course, I could set up rules to allow each application to query the DNS. But having already around 100 application rules and then adding another 80 just to make DNS work makes everything very error prone. A situation I would like to avoid.
I have extensively searched the web for a solution with no outcome. I know this might be a question which should be directed to Microsoft. But since this behavior appeared with the installation of Comodo and since I hope someone here might already experienced this, I would like to ask it here:
Does anybody have a hint how I can tell Windows XP to use the DNS client cache again? Or - do you know if Comodo is involved in the fact that dnscache is more or less disabled?
I know if I would disable the DNS client service, I would experience exactly what I do now. But:
- the DNS client service (dnscache) is enabled and running. Sysinternals’ ProcessExplorer shows it (C:\WINDOWS\system32\svchost.exe -k NetworkService). Also ‘sc query’ shows it running:
SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
-
A ‘ipconfig /displaydns’ always shows me an empty DNS cache - except for the entries in my hosts file. Therefore I assume the dnscache is not in use.
-
Comodo already catched services.exe to call svchost.exe in order to make a DNS request. Therefore I expect the dnscache to work fine.
-
I checked my registry under ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters’. Only one string is in there:
ServiceDll → %SystemRoot%\System32\dnsrslvr.dll
So I assume there has not been done any tweaking of the dnscache parameters. But of course, this is windows where you can never be sure.
So I think my dnscache is running fine but applications are simply not using it.
I really do not want to nearly double the number of rules in my rules set with senseless entries. At least not as long as you cannot give your rules a name.
Thanks in advance for your help!
Regards,
Schlonz