Windows 10 DNS caching oddity, can someone explain how this can happen?

I was at a friend's house who has Consolidated DSL service (soo slow). She started having problems where Chrome (on her Windows 10 desktop) started reporting that it could not find the IP address for any well-known hosts. I connected my Windows 10 laptop directly to her Zyxel vmg4825-b10a dsl modem/router and tried "ping google.com". It said it couldn't find the IP address. A few minutes later, I tried again, and it worked, getting 4 replies with times in the tens of milliseconds range. A few minutes after that, I tried again, and it was back to reporting it was unable to find the IP address for google.com. This makes no sense to me, as I thought that Windows would cache the working IP address result for a whole lot longer than the time I was away.

Eventually, the problem went away on its own, so I could only conclude that Consolidated fixed a problem with its DNS servers. So I can't reproduce the problem.

I hadn't thought to try "ipconfig /displaydns" at the time. But subsequent experiments with the same laptop on my own FIOS network suggest that a ping of google.com causes the IP address to show up in the output of "ipconfig /displaydns | grep google.com" for quite a while. Can anyone explain this behavior? Is there a fixed time that DNS lookups get cached? Can the remote DNS server cause Windows to flush its cache? I see that the output of ipconfig/displaydns does not include the IP address that was found for google.com, so maybe it's not really a cache, though I don't understand why it would remember the name without the address...

On a completely different note: I wanted to record the exact error message produced by the ping command when it failed to find the address for a name, so that I could include it here. So I tried ping with a non-existent domain. But I can't make it happen on my network at home, instead I get this:

$ ping blurfo.blurfo

Pinging blurfo.blurfo [92.242.140.21] with 32 bytes of data:

Any nonexistent name I can come up with gets mapped to 92.242.140.21. What's up with that??


Solution 1:

It looks like your Internet provider is intercepting non-existent domains and using them for advertising.

whois on the 92.242.140.21 IP address yields netname: BAREFRUIT-ERRORHANDLING and quick google search for it results in: https://www.barefruit.com/. Go there and you'll get the idea.