Troubleshooting Windows XP Hosts File Ignored Issue: DNS Caching and ISA Firewall Interference


1 views

When your Windows XP SP3 workstation stubbornly ignores the hosts file modifications, despite multiple reboots and DNS cache flushing, it's time to dig deeper into the system's name resolution behavior.

First, ensure the hosts file is properly formatted and located in the correct directory:

# Standard Windows XP hosts file location
C:\WINDOWS\system32\drivers\etc\hosts

# Correct format example
127.0.0.1       localhost
172.17.1.107    wiki

Windows XP's DNS resolver has some quirks:

# Force immediate hosts file reload (requires admin)
net stop dnscache
net start dnscache

# Alternative method using sc command
sc stop dnscache
sc start dnscache

The ISA firewall client often maintains its own DNS cache:

# Check ISA client status
fwengui.exe /status

# Temporarily disable ISA client
fwengui.exe /disable

# For permanent changes, modify registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Firewall Client 2004

Improper DNS server configuration can bypass hosts file:

# View current DNS settings
ipconfig /all

# Recommended configuration for hosts file priority:
1. Disable "Register this connection's addresses in DNS"
2. Set DNS servers manually (not DHCP)
3. Add 127.0.0.1 as primary DNS server

Verify name resolution independently of browsers:

# Using nslookup (bypasses local cache)
nslookup wiki

# Using Windows native resolver
ping -a 172.17.1.107

# Check all name resolution paths
pathping wiki

Force Windows to check hosts file first:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DatabasePath"="%SystemRoot%\System32\drivers\etc"
"UseDomainNameDevolution"=dword:00000000
"NegativeCacheTime"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"MaxCacheEntryTtlLimit"=dword:00000000

After applying all changes:

# Clear all possible caches
ipconfig /flushdns
ipconfig /registerdns
nbtstat -R
nbtstat -RR

# Test with raw socket connection
telnet wiki 80
GET / HTTP/1.0
Host: wiki

# Check active connections
netstat -ano | findstr "10.0.36.100"

When your Windows XP system ignores the hosts file, it's typically due to DNS caching or incorrect file handling. Let's examine the symptoms:

# Current hosts file content
127.0.0.1       localhost
172.17.1.107    wiki

# But system still resolves to:
10.0.36.100     wiki

You've performed several correct troubleshooting steps:

  • Multiple system reboots
  • DNS cache flushing via ipconfig /flushdns
  • Browser cache clearing (IE, FF)
  • Testing with ISA firewall client disabled

Try these commands in Command Prompt to gather more information:

nslookup wiki
netstat -r
netsh interface ip show dns

Windows XP maintains several DNS-related caches that might need clearing:

# Clear NetBIOS name cache
nbtstat -R

# Clear ARP cache
arp -d *

Verify the hosts file has correct permissions and isn't marked as read-only:

attrib -R %SystemRoot%\system32\drivers\etc\hosts

Try these methods to confirm where the resolution is coming from:

# Force use of hosts file (bypass DNS)
ping -a wiki

# Check DNS query order
reg query HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider

The ISA firewall client might be intercepting DNS requests. Try completely uninstalling it temporarily for testing.

Verify these registry keys aren't overriding your hosts file:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

If all else fails, try this comprehensive reset procedure:

1. Rename hosts file to hosts.old
2. Create new hosts file with minimal entries
3. Stop DNS Client service (net stop dnscache)
4. Delete all files in %SystemRoot%\system32\dns\cache\
5. Reboot