Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dnscache Registry Value breaks Internet Access #659

Open
buu-huu opened this issue Feb 11, 2025 · 6 comments
Open

Dnscache Registry Value breaks Internet Access #659

buu-huu opened this issue Feb 11, 2025 · 6 comments
Assignees
Labels
😕 needs info Further information is needed

Comments

@buu-huu
Copy link

buu-huu commented Feb 11, 2025

What's the problem?

Guest VM: Windows 11 Pro (Version: 10.0.26100)

After the install script is finished, internet access is broken:

Image

Error: ERR_NAME_NOT_RESOLVED

The problem is the Windows DNS Service that gets disabled through the following line of code of the config.xml:

<registry-item name="Force DNS requests to always come from requesting process" path="HKLM:\SYSTEM\CurrentControlSet\services\Dnscache" value="Start" type="DWord" data="4" />

By changing the corresponding registry key back to the default value 2, internet access works

Can someone explain how this is intended to work without the Windows DNS Service? On my Windows 10 Guest VM, it works fine.

Steps to Reproduce

  1. Execute install script
  2. Try to connect to internet

Environment

  • Virtualization software: VMware Workstation Pro
  • VM OS version: 10.0.26100
  • VM PowerShell version: 5.1.26100.2161
  • VM Chocolatey version: 2.4.2
  • VM Boxstarter version: Boxstarter|3.0.3
  • VM-Get-Host-Info:
Host Information

VM OS version and Service Pack
-----


Version                 : 10.0.26100
BuildNumber             : 26100
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 11 Pro





VM OS RAM (MB)
-----
8192


VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName Size         FreeSpace
-------- --------- ------------ ---------- ----         ---------
C:       3                                 128048951296 77226115072
D:       5                      ESD-ISO    4957390848   0




VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.26100.2161

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
2.4.2

VM Boxstarter Version
-----

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3




VM Installed Packages
-----
010editor.vm|15.0.1
7zip.vm|23.1.0.20250206
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool.vm|2.11.0
autohotkey|1.1.37.1
autohotkey.install|2.0.19
autoit-ripper.vm|1.1.2
bindiff.vm|8.0.0.20240402
blobrunner.vm|0.0.5.20240411
blobrunner64.vm|0.0.5.20240411
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
bytecodeviewer.vm|2.13.0
capa.vm|9.0.0
capa-explorer-web.vm|1.0.0
chocolatey|2.4.2
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.11.1
chocolatey-windowsupdate.extension|1.0.5
chrome.extensions.vm|0.0.0.20250123
Cmder|1.3.25
cmder.vm|1.3.25
codetrack|1.0.3.301
codetrack.vm|1.0.3.20230526
common.vm|0.0.0.20250203
cryptotester.vm|1.7.1.20240411
cyberchef.vm|10.19.4.20250117
Cygwin|3.5.7
cygwin.vm|3.5.7
de4dot-cex.vm|4.0.0.20240411
debloat.vm|0.0.0.20240327
dependencywalker|2.2.6000.9
dependencywalker.vm|2.2.6000
dex2jar.vm|2.3.0.20240411
didier-stevens-beta.vm|0.0.0.20240726
didier-stevens-suite.vm|0.0.0.20240726
die.vm|3.10.0
dll-to-exe.vm|1.1.0
dnlib.vm|4.0.0
dnspyex.vm|6.5.1
dotdumper.vm|1.1.0.20240411
DotNet3.5|3.5.20241212
dotnet-5.0-desktopruntime|5.0.17
dotnet5-desktop-runtime|5.0.6
dotnet-6.0-desktopruntime|6.0.36
dotnet-6.0-runtime|6.0.36
dotnet-6.0-sdk|6.0.428
dotnet-6.0-sdk-4xx|6.0.428
dotnet-6.vm|0.0.0.20240507
dotnet-8.0-desktopruntime|8.0.12
dotnet-8.vm|0.0.0.20250122
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20250117
extreme_dumper.vm|4.0.0.20240603
ezviewer.vm|2.0.0.20240826
fakenet-ng.vm|3.3.0.20250117
file.vm|0.0.0.20240411
floss.vm|3.1.1
garbageman.vm|0.2.4.20240411
ghidra|11.2.1
ghidra.vm|11.2.1
git|2.47.1.20250115
git.install|2.47.1.20250115
googlechrome.vm|0.0.0.20250117
goresym.vm|3.0.1
graphviz|12.2.1
hashmyfiles.vm|0.0.0.20250110
hollowshunter.vm|0.4.0.20250206
hxd|2.5.0
hxd.vm|2.5.0.20230925
ida.plugin.capa.vm|8.0.1
ida.plugin.comida.vm|0.0.0.20240725
ida.plugin.dereferencing.vm|0.0.0.20241114
ida.plugin.diaphora.vm|3.2.1.20240725
ida.plugin.flare.vm|0.0.0.20240725
ida.plugin.hrtng.vm|2.2.21
ida.plugin.ifl.vm|1.4.4.20240725
ida.plugin.xray.vm|0.0.0.20250110
ida.plugin.xrefer.vm|1.0.3
idafree.vm|8.4.0.20250116
idr.vm|0.0.0.20230627
ifpstools.vm|2.0.2.20240411
ilspy|9.0.0
ilspy.vm|9.0.0
innoextract.vm|1.9.0.20240411
innounp.vm|0.50.0.20230710
installer.vm|0.0.0.20241002
internet_detector.vm|1.0.0.20241217
ipython.vm|8.27.0.20250122
isd.vm|1.5.0.20240217
js-beautify.vm|1.15.1.20240930
js-deobfuscator.vm|0.0.0.20240516
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
KB3063858|1.0.0
libraries.python3.vm|0.0.0.20241213
libraries-extra.python3.vm|0.0.0.20241029
magika.vm|0.5.0
malware-jail.vm|0.0.0.20240419
map.vm|0.0.0.20240416
nasm|2.16.3
nasm.vm|2.16.3
netfx-4.8|4.8.0.20220524
net-reactor-slayer|6.4.0
net-reactor-slayer.vm|6.4.0.20230621
nodejs|20.7.0
nodejs.install|20.7.0
nodejs.vm|0.0.0.20240827
notepadplusplus|8.7.6
notepadplusplus.install|8.7.6
notepadplusplus.vm|8.7.6
notepadpp.plugin.compare.vm|2.0.2
notepadpp.plugin.jstool.vm|1.2312.0
notepadpp.plugin.xmltools.vm|3.1.1.20231219
npcap.vm|1.80.20241216
obfuscator-io-deobfuscator.vm|0.0.0.20240514
offvis.vm|1.0.0.20240411
onenoteanalyzer.vm|0.0.0.20240226
openjdk|21.0.1
openjdk.vm|0.0.0.20240531
pdbresym.vm|1.3.6
pdfstreamdumper.vm|0.9.634.20240226
pe_unmapper.vm|1.0.0
pebear|0.7.0
pebear.vm|0.7.0
peid.vm|0.95.0.20240411
pesieve|0.4.0.1
pesieve.vm|0.4.0.20250205
pestudio.vm|9.60.0
pkg-unpacker.vm|1.0.0.20240419
pma-labs.vm|0.0.0.20240411
procdot.vm|1.22.57
processdump.vm|2.1.1.20240217
pycdas.vm|0.0.0.20250110
pycdc.vm|0.0.0.20250110
python3|3.10.11
python3.vm|0.0.0.20240726
python310|3.10.11
rat-king-parser.vm|4.0.1
recaf.vm|2.21.14
reg_export.vm|1.3.0.20240217
regcool.vm|2.22.0
regshot.vm|1.9.1.20240411
resourcehacker.portable|5.2.7
resourcehacker.vm|0.0.0.20240423
rundotnetdll.vm|2.2.0.20240411
scdbg.vm|0.0.0.20240411
sclauncher.vm|0.0.6
sclauncher64.vm|0.0.6
setdefaultbrowser|1.5.0
sfextract.vm|2.1.0
shellcode_launcher.vm|0.0.0.20240217
sysinternals.vm|0.0.0.20250117
systeminformer.vm|3.2.25036
uncompyle6.vm|3.9.2
uniextract2.vm|2.0.0.20240411
unpyc3.vm|0.0.0.20241206
upx.vm|4.2.4
vbdec.vm|1.0.917.20240614
vb-decompiler-lite.vm|12.5.0
vcbuildtools.vm|0.0.0.20240217
vcredist140|14.42.34433
vcredist140.vm|0.0.0.20241213
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
vcredist2017|14.16.27052
visualstudio2017buildtools|15.9.58
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
vscode|1.96.4
vscode.extension.jupyter.vm|2024.6.2024060601
vscode.extension.python.vm|2024.9.11621011
vscode.install|1.96.4
vscode.vm|1.96.4
windump.vm|0.3.0
wireshark|4.4.3
wireshark.vm|4.4.3
x64dbg.plugin.dbgchild.vm|10.0.0
x64dbg.plugin.ollydumpex.vm|1.84.0.20240606
x64dbg.plugin.scyllahide.vm|1.4.0
x64dbg.plugin.x64dbgpy.vm|1.0.59.20240124
x64dbg.vm|2024.4.11.20240606
yara|4.5.2
yara.vm|4.5.2


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\Users\user920\Desktop\Tools
RAW_TOOLS_DIR: C:\Tools

Additional Information

No response

@buu-huu buu-huu added the 🐛 bug Something isn't working label Feb 11, 2025
@Ana06
Copy link
Member

Ana06 commented Feb 11, 2025

This change was introduced in #630 to force DNS requests to always come from requesting process. It should not break internet access.

@Ana06
Copy link
Member

Ana06 commented Feb 19, 2025

I have tried the installation in Windows 10 and this does not break internet. I can't test it on Windows 11 at the moment. Can someone else confirm if they get this issue in Windows 11 too?

@Ana06 Ana06 added 😕 needs info Further information is needed and removed 🐛 bug Something isn't working labels Feb 19, 2025
@drumtechphoto
Copy link

I have tried the installation in Windows 10 and this does not break internet. I can't test it on Windows 11 at the moment. Can someone else confirm if they get this issue in Windows 11 too?

I am running a fresh install on Windows 11 Pro to test this out. I previously ran into no internet issues in Windows 11 after starting the vm the next day, days later. Running this on Fedora 41 in VMware Workstation 17 Pro, version 17.6.2 build-24409262

Will update here within the next 1-2 hours.

Current Windows 11 vm Build info:

Edition Windows 11 Pro
Version 24H2
Installed on ‎2/‎22/‎2025
OS build 26100.3194
Experience Windows Feature Experience Pack 1000.26100.48.0

@Ana06 Ana06 self-assigned this Mar 7, 2025
@kenzobenj
Copy link

I ran into this same issue after installing Flare on a new Windows 11 VM on VirtualBox. Setting the registry value back to 2 fixed the issue.

Edition Windows 11 Enterprise
Version 24H2
Installed on ‎03/07/2025
OS build 26100.3194
Experience Windows Feature Experience Pack 1000.26100.48.0

@mikukula
Copy link

Hi, same issue here.

Windows 11 Pro
Version 24h2
Installed on 13/03/2025
OS build 26100.3476

@googhigg
Copy link

googhigg commented Mar 14, 2025

I have tried the installation in Windows 10 and this does not break internet. I can't test it on Windows 11 at the moment. Can someone else confirm if they get this issue in Windows 11 too?

I can confirm that this issue has also occurred to me. It happened 2 days after installation.
Nslookup returns addresses successfully, but ping and edge can't resolve domains.
Wireshark shows that no DNS requests are made from those programs.

Environment

  • Virtualization software: Proxmox
  • VM OS version: 10.0.26100
  • VM PowerShell version: 5.1.26100.2161
  • VM Chocolatey version: 2.4.3
  • VM Boxstarter version: Boxstarter|3.0.3
VM-Get-Host-Info: Host Information

VM OS version and Service Pack

Version : 10.0.26100
BuildNumber : 26100
OSArchitecture : 64-bit
ServicePackMajorVersion : 0
Caption : Microsoft Windows 11 Pro

VM OS RAM (MB)

8192

VM OS HDD Space / Usage

DeviceID DriveType ProviderName VolumeName Size FreeSpace


C: 3 106567823360 42550505472
D: 5 virtio-win-0.1.266 724434944 0
E: 5 ESD-ISO 4957390848 0

VM AV Details

AntiVirusProduct classname does not exist...

VM PowerShell Version

5.1.26100.2161

VM CLR Version

4.0.30319.42000

VM Chocolatey Version

2.4.3

VM Boxstarter Version

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3

VM Installed Packages

010editor.vm|15.0.1.20250219
7zip.vm|23.1.0.20250219
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20250219
apktool.vm|2.11.0.20250219
autohotkey|1.1.37.1
autohotkey.install|2.0.19
autoit-ripper.vm|1.1.2.20250219
bindiff.vm|8.0.0.20250219
blobrunner.vm|0.0.5.20250219
blobrunner64.vm|0.0.5.20250219
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
bytecodeviewer.vm|2.13.0.20250219
capa.vm|9.0.0.20250219
capa-explorer-web.vm|1.0.0.20250219
chocolatey|2.4.3
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.11.1
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.25
cmder.vm|1.3.25.20250219
codetrack|1.0.3.301
codetrack.vm|1.0.3.20250219
common.vm|0.0.0.20250206
cryptotester.vm|1.7.1.20250219
cyberchef.vm|10.19.4.20250219
Cygwin|3.5.7
cygwin.vm|3.5.7.20250219
de4dot-cex.vm|4.0.0.20250219
debloat.vm|0.0.0.20240327
dependencywalker|2.2.6000.9
dependencywalker.vm|2.2.6000.20250219
dex2jar.vm|2.3.0.20250219
didier-stevens-beta.vm|0.0.0.20250219
didier-stevens-suite.vm|0.0.0.20250219
die.vm|3.10.20250219
dll-to-exe.vm|1.1.20250219
dnlib.vm|4.0.0.20250219
dnspyex.vm|6.5.1.20250219
dotdumper.vm|1.1.0.20250219
DotNet3.5|3.5.20241212
dotnet-5.0-desktopruntime|5.0.17
dotnet5-desktop-runtime|5.0.6
dotnet-6.0-desktopruntime|6.0.36
dotnet-6.0-runtime|6.0.36
dotnet-6.0-sdk|6.0.428
dotnet-6.0-sdk-4xx|6.0.428
dotnet-6.vm|0.0.0.20250219
dotnet-8.0-desktopruntime|8.0.13
dotnet-8.vm|0.0.0.20250219
dotnetfx|4.8.0.20220524
explorersuite.vm|0.0.0.20250219
extreme_dumper.vm|4.0.0.20250219
ezviewer.vm|2.0.0.20250219
fakenet-ng.vm|3.3.0.20250220
file.vm|0.0.0.20250220
floss.vm|3.1.1.20250220
garbageman.vm|0.2.4.20250219
ghidra|11.2.1
ghidra.vm|11.2.1.20250219
git|2.48.1
git.install|2.48.1
googlechrome.vm|0.0.0.20250218
goresym.vm|3.0.1.20250219
graphviz|12.2.1
hashmyfiles.vm|0.0.0.20250219
hollowshunter.vm|0.4.0.20250219
hxd|2.5.0
hxd.vm|2.5.0.20250219
ida.plugin.comida.vm|0.0.0.20250213
ida.plugin.dereferencing.vm|0.0.0.20250213
ida.plugin.diaphora.vm|3.2.1.20250213
ida.plugin.flare.vm|0.0.0.20250213
ida.plugin.hrtng.vm|2.2.21.20250213
ida.plugin.ifl.vm|1.4.4.20250213
ida.plugin.xray.vm|0.0.0.20250213
idafree.vm|8.4.0.20250219
idr.vm|0.0.0.20250219
ifpstools.vm|2.0.2.20250219
ilspy|9.0.0
ilspy.vm|9.0.0.20250219
innoextract.vm|1.9.0.20250219
innounp.vm|0.50.0.20250219
isd.vm|1.5.0.20250219
js-beautify.vm|1.15.1.20250219
js-deobfuscator.vm|0.0.0.20250219
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
KB3063858|1.0.0
libraries.python3.vm|0.0.0.20250218
map.vm|0.0.0.20250219
nasm|2.16.3
nasm.vm|2.16.3.20250219
netfx-4.8|4.8.0.20220524
net-reactor-slayer|6.4.0
net-reactor-slayer.vm|6.4.0.20250219
nodejs|20.7.0
nodejs.install|20.7.0
nodejs.vm|0.0.0.20250219
notepadplusplus|8.7.6
notepadplusplus.install|8.7.6
notepadplusplus.vm|8.7.6.20250220
notepadpp.plugin.compare.vm|2.0.2.20250218
notepadpp.plugin.jstool.vm|1.2312.0.20250218
notepadpp.plugin.xmltools.vm|3.1.1.20250218
npcap.vm|1.80.20250219
obfuscator-io-deobfuscator.vm|0.0.0.20250219
offvis.vm|1.0.0.20250219
onenoteanalyzer.vm|0.0.0.20250219
openjdk|21.0.1
openjdk.vm|0.0.0.20250218
pdbresym.vm|1.3.6.20250219
pdfstreamdumper.vm|0.9.634.20250219
pe_unmapper.vm|1.0.20250219
pebear|0.7.0
pebear.vm|0.7.0.20250219
peid.vm|0.95.0.20250219
pesieve|0.4.0.1
pesieve.vm|0.4.0.20250219
pestudio.vm|9.60.20250219
pkg-unpacker.vm|1.0.0.20250219
pma-labs.vm|0.0.0.20250219
procdot.vm|1.22.57.20250219
processdump.vm|2.1.1.20250219
pycdas.vm|0.0.0.20250219
pycdc.vm|0.0.0.20250219
python3|3.10.11
python3.vm|0.0.0.20250218
python310|3.10.11
recaf.vm|2.21.14.20250219
reg_export.vm|1.3.0.20250219
regcool.vm|2.22.20250220
regshot.vm|1.9.1.20250219
rundotnetdll.vm|2.2.0.20250219
scdbg.vm|0.0.0.20250219
sclauncher.vm|0.0.6.20250219
sclauncher64.vm|0.0.6.20250219
setdefaultbrowser|1.5.0
sfextract.vm|2.1.0.20250219
shellcode_launcher.vm|0.0.0.20250219
sysinternals.vm|0.0.0.20250219
systeminformer.vm|3.2.25036.20250219
uniextract2.vm|2.0.0.20250219
upx.vm|4.2.4.20250219
vbdec.vm|1.0.917.20250219
vb-decompiler-lite.vm|12.5.20250219
vcbuildtools.vm|0.0.0.20250228
vcredist140|14.42.34438.20250221
vcredist140.vm|0.0.0.20250220
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
vcredist2017|14.16.27052
visualstudio2017buildtools|15.9.58
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
windump.vm|0.3.20250219

Common Environment Variables

VM_COMMON_DIR: C:\ProgramData_VM
TOOL_LIST_DIR: C:\Users\PC\Desktop\Tools
RAW_TOOLS_DIR: C:\Tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
😕 needs info Further information is needed
Projects
None yet
Development

No branches or pull requests

6 participants