4
2
Basically, after anywhere from 5-60 minutes, DNS queries fail for a few minutes, then slowly begin to resolve correctly. Then the cycle repeats. This occurs only when more than one computer is on the network. All computers on the network experience the same sporadic DNS outage at the same time.
Wireless or wired, Linux or Windows, fresh OS install or old, browser or ping, same symptoms. Duplicated on 3 routers (not chained together, mind you) and 3 ISP's and 3 separate locations over the past several months. The only common theme is a single 5 years old WIN XP laptop which has been in use on the network throught all this. There also may be anywhere between 1 - 10 devices hooked up wired or wirelessly at a time. The only reprieve I have from this torture is by using any VPN to an outside source - always smooth sailing.
I typically set up any router to
- use WPA2/etc security
- MAC whitelist
- UPNP OFF (if available)
- always update firmware when available
- obtain DNS from ISP automatically
- set the router to act as DHCP server for the internal network.
Adjusting channels has no effect. Any ideas?
I've experienced something similar, with the common machine being a laptop younger then that running both vista AND windows 7.
Does the laptop have to be actively using the network, or just on to trigger the problems? – Trezoid – 2010-09-23T04:20:39.223
@Trezoid: I could just be looking for patterns that aren't really there. But yes, when this one laptops uses the internet in any way, the trouble seems to start then for everyone. Regarding age: I also have another ancient, rusty laptop always on running as a server, and it has never appeared to affect DNS queries for anyone else. – bob-the-destroyer – 2010-09-23T04:37:43.577
The first think I thought of was the laptop could be causing the problem, because it is common to all. Other than a bad driver not playing well on the network, I was concerned that something bad crawled into the laptop and is trying to do an ARP spoof attack on the default gateway (the router). Probably not the problem, but I'm just thinking with my security hat on. However, the reason I thought that is pings not working. Computers cache DNS results and if you ping a place you were just at, then it isn't DNS lookup needed. Also if you ping an IP and the ping dies, it isn't DNS. Good luck – Scott McClenning – 2010-09-23T04:38:13.147
@Scott McClenning: Browse or ping by IP address always works fine (as far as I can tell). Intranet connections always work fine if by router-assigned IP address. It's just the Internet DNS queries that fail. I'll try and dig up the drivers for this one machine and run through more virus/malware checks to see if that works. – bob-the-destroyer – 2010-09-23T04:40:26.617
If pinging an IP always works, then it probably isn't something crawling into the machine or a bad driver. One assumption I has I want to confirm is the default gateway assigns IPs with DHCP and resolves DNS (like home routers do). Or is this more corporate where there is a dedicated router, DNS and DHCP each in a box. Also, is there a domain structure? It seems somehow the laptop (or it's IP) could be configured for something on the network and when the laptop doesn't respond there is a timeout. When the laptop is offline, the timeout is less because it knows the laptop is not online. – Scott McClenning – 2010-09-23T05:29:40.943
@Scott McClenning: Regular consumer ISP's provide the internet service, with the typical single, non-static IP address assignment to the account/building. I'm not privy to how the ISPs' gateway or DNS servers are configured. My router(s) lay behind the ISP-supplied modems. – bob-the-destroyer – 2010-09-23T06:11:43.733
Sounds like a typical "home" configuration. I agree with @Linker3000, if it isn't the laptop, then router firmware, change router DNS provider, or bypass the router DNS proxy and configure the router DHCP to push out a the DNS settings. Steve Gibson found building his DNS benchmark tool (http://www.grc.com/dns/benchmark.htm) many router DNS proxies are under powered and not intelligent. He said all modern OSs will use the fastest DNS from their list. I have my machines get OpenDNS (two addresses) and the third my ISP's DNS.
– Scott McClenning – 2010-09-24T01:35:32.423A word of warning about the benchmark tool, I've heard that some routers will crash from tool hammering it. If you are going to use it on the router, I suggest using it when the router traffic would be low. The benchmark did crash my Linksys WRT54G v1.1, and the results I did get was using the DNS proxy in my router was slowing me down. On the other hand I have a Zywall firewall and it did well because it caches results. – Scott McClenning – 2010-09-24T01:41:21.737