A few days ago I was troubleshooting an issue with my laptop when I noticed a large number of errors in the system log that looked like this:
Name resolution for the name nrumtznshm.mydomain.org timed out after none of the configured DNS servers responded.
This was a warning in the Windows System Event Log with a Source of DNS Client Events and an Event ID of 1014.
I was seeing a lot of failed DNS requests in the log because the evening before my home network had gone down and been offline overnight. I wasn’t surprised to see DNS resolution failures (since the network was offline). But what in the world is my laptop doing making DNS requests for a machine named nrumtznshm on my domain? I know there is no machine with this name.
To make things even scarier I saw dozens of these DNS lookup failures in the log for the night before. Each failure was against a different and random ten character machine name. This looked a little suspicious to me. My first thought was a virus or malware application was searching my network!
Immediately I ran a full scan of my system with a virus scanner. Fortunately it came back completely clean. The virus definition file was up to date and it hadn’t found any viruses or malware. Not even any questionable cookies. Ok, so that was a good sign.
Next I searched the internet for this issue with search terms about random machine name, DNS name resolution failed, malware, virus, etc, but with no luck. I couldn’t find anyone else who had encountered this exact issue. Dr. Google had failed me!
I set about trying to figure out which application on my network was initiating these mysterious requests. Although the DNS Client log events had a process ID listed, I had difficulty tying this back because the process was no longer running and being displayed in Process Explorer. In order to figure out what was causing this issue I decided to open Fiddler Web Debugger (a fantastic tool by Eric Lawrence that I rely on constantly to help me troubleshoot issues with web servers and web applications) and let it run in the background while I worked. I was interested to see if the random DNS requests would show up.
Sure enough, after a couple of minutes, the mysterious requests appeared in Fiddler:
Aha! This was a great clue. The requests were being issued by Google Chrome. Could this be a bad extension? Some malware I inadvertently installed into Chrome?
A little more searching on Google led me to this chromium bug report: 47262
It turns out Google issues these queries for nonexistent sites on purpose. This is done to prevent ISPs from hijacking search requests that users type into the URL bar of Chrome. More information on this may be found in the 47262 issue above. They have closed this issue and are not planning to modify these requests in any way as it is working as designed. I don’t think this is really a problem, but it was a little scary to see traces of these requests and not understand their purpose.
Hopefully this article will help save some time for others who notice these requests in their log. It’s not malware or a virus, but just Chrome making it easier for you to search and keeping ISPs from showing you advertisements on your Google searches.
Essence of Code 
I’ve been looking for help on this issue for hours! Thanks! Just what I needed!
Thanks! I ran into the same issues and had me worried for a moment.
Dr. Google failed me too, but with some tinkering to the search query your post came up. Relieved now =).
Not sure if this matter but my DNS is at 8.8.8.8 making it Google’s address and I’m still getting this message. It’s kicking me off of online gaming MMORPGs, and it’s the only event happening at the exact moment I get kicked out.
Hi Is this blog still on?,
i have a question what if your machine/pc doesn’t have a google chrome or other browsers?
just IE. do you think Dr.Google could still be the cause if you encounter the same problem?
Hi Eren. I am still maintaining the blog although I haven’t had time to post any new content in a few months. Good question about IE. I haven’t tested to see if IE is also using this technique to make sure that the user’s DNS isn’t intercepting unknown dns requests and redirecting to their own search engine. I’ll give it a shot with Fiddler and let you know what I find out.
Hi, Thank you for this… I was wondering whats going on as I had some DNS/Replication errors with my servers. Been said that what do u think I should do…. ?Just ignore the Error/Event ID 1014… Isn’t there a work around for the same?