Router(s) Issue: DNS queries sporadically fail with multiple computers hooked in

4

2

Basically, after anywhere from 5-60 minutes, DNS queries fail for a few minutes, then slowly begin to resolve correctly. Then the cycle repeats. This occurs only when more than one computer is on the network. All computers on the network experience the same sporadic DNS outage at the same time.

Wireless or wired, Linux or Windows, fresh OS install or old, browser or ping, same symptoms. Duplicated on 3 routers (not chained together, mind you) and 3 ISP's and 3 separate locations over the past several months. The only common theme is a single 5 years old WIN XP laptop which has been in use on the network throught all this. There also may be anywhere between 1 - 10 devices hooked up wired or wirelessly at a time. The only reprieve I have from this torture is by using any VPN to an outside source - always smooth sailing.

I typically set up any router to

  • use WPA2/etc security
  • MAC whitelist
  • UPNP OFF (if available)
  • always update firmware when available
  • obtain DNS from ISP automatically
  • set the router to act as DHCP server for the internal network.

Adjusting channels has no effect. Any ideas?

bob-the-destroyer

Posted 2010-09-23T04:11:00.967

Reputation: 216

I've experienced something similar, with the common machine being a laptop younger then that running both vista AND windows 7.

Does the laptop have to be actively using the network, or just on to trigger the problems? – Trezoid – 2010-09-23T04:20:39.223

@Trezoid: I could just be looking for patterns that aren't really there. But yes, when this one laptops uses the internet in any way, the trouble seems to start then for everyone. Regarding age: I also have another ancient, rusty laptop always on running as a server, and it has never appeared to affect DNS queries for anyone else. – bob-the-destroyer – 2010-09-23T04:37:43.577

The first think I thought of was the laptop could be causing the problem, because it is common to all. Other than a bad driver not playing well on the network, I was concerned that something bad crawled into the laptop and is trying to do an ARP spoof attack on the default gateway (the router). Probably not the problem, but I'm just thinking with my security hat on. However, the reason I thought that is pings not working. Computers cache DNS results and if you ping a place you were just at, then it isn't DNS lookup needed. Also if you ping an IP and the ping dies, it isn't DNS. Good luck – Scott McClenning – 2010-09-23T04:38:13.147

@Scott McClenning: Browse or ping by IP address always works fine (as far as I can tell). Intranet connections always work fine if by router-assigned IP address. It's just the Internet DNS queries that fail. I'll try and dig up the drivers for this one machine and run through more virus/malware checks to see if that works. – bob-the-destroyer – 2010-09-23T04:40:26.617

If pinging an IP always works, then it probably isn't something crawling into the machine or a bad driver. One assumption I has I want to confirm is the default gateway assigns IPs with DHCP and resolves DNS (like home routers do). Or is this more corporate where there is a dedicated router, DNS and DHCP each in a box. Also, is there a domain structure? It seems somehow the laptop (or it's IP) could be configured for something on the network and when the laptop doesn't respond there is a timeout. When the laptop is offline, the timeout is less because it knows the laptop is not online. – Scott McClenning – 2010-09-23T05:29:40.943

@Scott McClenning: Regular consumer ISP's provide the internet service, with the typical single, non-static IP address assignment to the account/building. I'm not privy to how the ISPs' gateway or DNS servers are configured. My router(s) lay behind the ISP-supplied modems. – bob-the-destroyer – 2010-09-23T06:11:43.733

Sounds like a typical "home" configuration. I agree with @Linker3000, if it isn't the laptop, then router firmware, change router DNS provider, or bypass the router DNS proxy and configure the router DHCP to push out a the DNS settings. Steve Gibson found building his DNS benchmark tool (http://www.grc.com/dns/benchmark.htm) many router DNS proxies are under powered and not intelligent. He said all modern OSs will use the fastest DNS from their list. I have my machines get OpenDNS (two addresses) and the third my ISP's DNS.

– Scott McClenning – 2010-09-24T01:35:32.423

A word of warning about the benchmark tool, I've heard that some routers will crash from tool hammering it. If you are going to use it on the router, I suggest using it when the router traffic would be low. The benchmark did crash my Linksys WRT54G v1.1, and the results I did get was using the DNS proxy in my router was slowing me down. On the other hand I have a Zywall firewall and it did well because it caches results. – Scott McClenning – 2010-09-24T01:41:21.737

Answers

1

Self-answered with some help by Belkin tech support, I suppose. After resetting the router to factory defaults, power cycling both the router and the modem, and setting the router to use WEP-64bit for wireless instead of WPA2, all problems seem to have gone away. This is possibly either due to the router carrying over bad configuration (which is not accessible by the user) from being set up on the previous ISP's network, or otherwise due to certain devices on my network not supporting WPA2 encryption and thereby confusing the router.

Also solved by just doing the above was a seemingly unrelated problem where all outside incoming connections on port 80 were always directed to the router main config page rather than forwarded on to a designated virtual server within the network. Port forwarding now works correctly.

The root cause of all this drama is still undetermined, but according to Belkin tech support, a firmware update to address these issues is being developed. Until then, I'm stuck with WEP-64bit.

Edit: I take that back. Above fix only temporarily resolved the DNS issue. Slowly, the problem has been coming back in full force once again.

Edit 2: Wooohoo! After a new firmware update, the problem hasn't yet returned. I'm glad the manufacturer of my current router figured out the issue. If it's a fault with a crappy industry-wide standard, hopefully other manufacturers will follow suit.

bob-the-destroyer

Posted 2010-09-23T04:11:00.967

Reputation: 216

0

What make and model of router - I've seen some (Esp: older Linksys) where their DNS proxying b0rks after a while. Worth seeing if there's a firmware update for the router.

Try fixing one PC to use OpenDNS (208.67.220.220 and 208.67.222.222) or Google (8.8.8.8 and 8.8.4.4) for its resolution and see if this machine keeps going when the others fail.

Linker3000

Posted 2010-09-23T04:11:00.967

Reputation: 25 670

Belkin Share N300 802.11n (6 months old), Belkin N Wireless (3 years old), and some unknown older Linksys. I've set one system to use Google DNS, and don't seem to have any issues there. For some reason, if I manually set the DNS IP on the newer Belkin itself to anything else but automatic, it blocks completely. – bob-the-destroyer – 2010-09-24T05:14:40.973

Try setting the manual DNS on one of the PCs so that it (hopefully) doesn't rely on the router for DNS proxying or for the router to tell it what DNS servers to use and see if that PC behaves when the others don't – Linker3000 – 2010-09-24T08:04:37.593

doing that now. I'll try it out for a day or so, plus some more synchronized browsing tests to really pinpoint exactly when and why this happens. I've already contacted Belkin a few times, but I think my support case has been thrown in the bin by now. – bob-the-destroyer – 2010-09-24T22:09:41.460

0

You could have a faulty ARP table or being the victim of ARP poisoning. I would flush the ARP table on all the computers on the network and on the Router if you can. Also, ipconfig /flushdns on all the Windows based computers, as this has helped me in some situations.

brandon927

Posted 2010-09-23T04:11:00.967

Reputation: 1 039

Yeah, I've found that ipconfig /flushdns immediately corrects the problem for that system for a few minutes. It almost seems like this intranet is the victim of DNS poisoning by its own routers... – bob-the-destroyer – 2010-10-15T02:35:36.563

That is entirely possible, I've seen it first hand. Glad you got it resolved. – brandon927 – 2010-10-15T03:53:09.007

Asked: 2010-09-23T04:11:00.967

Viewed: 4 324 times

Active: 2015-02-22T22:31:29.063