Upon exiting, DNS settings not restored correctly under certain conditions (Windows)

[recvfrom]

When Fakenet is run on a Windows machine with multiple DNS servers configured (for instance, via DHCP), the following error message is encountered early on:

04/09/18 04:18:16 PM [          Diverter] External IP: 192.168.0.29 Loopback IP: 127.0.0.1
04/09/18 04:18:16 PM [          Diverter] Failed calling GetNetworkParams
04/09/18 04:18:16 PM [          Diverter] WARNING: No DNS servers configured!
04/09/18 04:18:17 PM [          Diverter]          Setting DNS 192.168.0.29 on interface Ethernet0

Then, when finishing up, Fakenet indicates the following:

04/09/18 04:18:57 PM [          Diverter] Restored DNS on interface Ethernet0
04/09/18 04:18:57 PM [          Diverter] Restored DNS server 192.168.0.29 on the adapter: Ethernet0

192.168.0.29 is the IP address of my machine, though, which is not running a DNS server. This causes DNS lookups to fail, and I have to go into the adapter settings and specify that the DNS server information should be received via DHCP.

Pull request https://github.com/fireeye/flare-fakenet-ng/pull/72 addresses this issue. The problem is that the underlying call to GetNetworkParams (to retrieve the DNS server information) passes in too small of a buffer (the buffer is big enough only in the case where there is only one DNS server configured.) The example code on the following page shows how this case should be handled, which is ultimately what I implemented:

https://msdn.microsoft.com/en-us/library/windows/desktop/aa365900(v=vs.85).aspx

[recvfrom]

@strictlymike Any thoughts on this issue/pull request? This is still an issue last I checked. Thanks!

[kixxalot]

I have encountered the same issue. Workaround: after Fakenet has stopped, reset DNS server from DHCP via command line: netsh interface ip set dns name="Ethernet" dhcp