From my home network I signed up to watch a webinar. As is typical when registering for a webinar I was provided the option to download an ICS file to save to my Outlook calendar. I clicked the link to open the ICS file & Outlook 2010 (which was already open) hung for about 3 minutes then finally displayed the appointment.
I closed the calendar item then clicked the link again only this time I saved it to my desktop. I double clicked the ICS file & same thing. Outlook hung for about 3 minutes.
I run Process Monitor & open the ICS file again to get a capture. After the appointment opens I stop the capture. I set the filter to only show Outlook.exe. In a case like this where I’m not really sure what’s going on I go through each of the utilities on the Tools menu. Nothing is really jumping out at me until I open Network Summary.
What’s with Outlook connecting to these various IPs? I flip over to Process Explorer, open the Properties of the running Outlook process, & select the TCP/IP tab. I open the ICS file again. To my surprise I see Outlook making all these connections for the next few minutes.
Well this should not be happening. My Outlook profile is configured to connect to a CAS array which does not have a public DNS record. I run a DIG to see what’s getting resolved. (I’m using alternate info but the results are the same with my production FQDN.)
Yeah, that’s not right. I should be getting a status of NXDOMAIN & no answers.
So what’s going on? DNS Hijacking or as Cox Communications likes to call it…”Enhanced Error Results”. I’ll post some links below for further reading but in a nutshell, DNS hijacking means that when you browse to a website (i.e. query DNS for an FQDN) that does not exist the DNS server returns an IP address instead of an NXDOMAIN error. Since you received an IP address your browser will go to that site. A chill should have just gone down your spine.
In my case Cox was gracious enough to post an article on how to “opt-out of enhanced error results”. I have to hard code two alternate DNS servers in my router. Once I made the change & renewed my IP settings I did another DIG.
Much better. I open the ICS file & it pops right up. “Problem” solved I guess. Of course I wish Outlook would handle this a little better. I have been unable to find a KB article addressing this issue but if you know of one please leave a comment. One day when I have some spare time I might open up a case with Microsoft about it.
Links & what not:
Now before any DNS hijacking huggers out there say anything I’m well aware of this draft RFC but it’s expired therefore RFC 1035 & 2308 take precedence. Even ICANN thinks it’s a bad idea. See here & here.
You can also read up on the subject here.
While rebuilding a computer I got an error trying to run DIG that says, “The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more details.”
The fix is to install the Microsof Visual C++ 2005 Redistributable package. As luck would have it the installer is in the folder that the BIND binaries are extracted to. Just look for vcredist_x86.exe.