This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark uses wrong DNS to resolve network addresses

0

Hi,

before I file a bug I wanted to ask here for help:

I'm working with two different networks:Ethernet LAN in a 172.19.0.0 network (work) and Wireless in a 192.168.2.0 network (home).

For testing purposes, I activated preferences->name resolution->resolve network (IP) addresses in my home network. Since then, if resolve network addresses is activated, wireshark uses the home dns (192.168.2.1) server and not the dns-server which win7 uses (something with 172..., checked with ipconfig /all). Option use an external network name resolver is checked. The problem is reproducable.

Is there any option in wireshark 1.12.6 (v1.12.6-0-gee1fce6 from master-1.12) to force change the dns server it uses?

asked 02 Jul '15, 22:42

godone's gravatar image

godone
6113
accept rate: 0%


One Answer:

1

There are no options in Wireshark to specify the name resolver to use.

Wireshark uses either the c-ares asynchronous DNS resolver, the GNU adns asynchronous DNS resolver, or the (synchronous) DNS resolver the system provides, depending on how Wireshark was compiled. The Windows releases are, I think, compiled to use c-ares; from a quick look at its code, c-ares should use the same DNS servers that the system's DNS resolver does, although it might not re-check for the DNS servers to use if the machine moves from one network to another.

You should file a bug on this on the Wireshark Bugzilla; please give the full Wireshark "about" information when you fill out the bug form (so that we know what version of which DNS resolver your version of Wireshark is using), and indicate whether this problem shows up if you shut down all instances of Wireshark and then, when connected to your work network, start up a new instance of Wireshark, or if it only shows up if you start it on the home network and then take the machine to work and run it there.

answered 03 Jul '15, 00:16

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

(05 Jul '15, 22:15) godone