My DNS is dying!
<div class="IPBDescription">Anyone have an idea why?</div>My home-internet connection is dying randomly, and with all awesome tech-savvy people here I was hoping someone could give me a direction to look in before I haul it down to a repair shop and get ripped off because I don't know what I'm doing.
<b>Symptom 1:</b> While browsing the internet using Internet Explorer or Firefox, my computer will occasionally suddenly lose the ability to perform DNS lookups. I will still have an internet connection, and I can still access internet resources using the numeric IP address, but if I try to access anything using a named web address, I get an "unable to resolve hostname" error.
This symptom does not occur while using other programs that access the internet, like online games or a Ventrilo client. It only triggers while using an internet browser. It seems to happen more often with IE than Firefox, but both will trigger it. Once the problem triggers though, it affects any and all programs that access the internet -- numeric IPs still work, named IPs do not.
<b>Symptom 2:</b> Several minutes after Symptom 1 triggers, Windows will attempt to renew my IP address and fail. At this point I lose all internet connection entirely. My modem/router still reports a normal connection, but Windows tells me I have an invalid IP address and my connection status is listed as "limited or no connectivity".
At this point, restarting the computer will clear both problems and let me back online. Unplugging and/or restarting the modem/router does not help. Windows can tell the difference between having the modem plugged in vs not plugged in, as one is listed as "internet connection unplugged" and the other as "limited or no connectivity".
I'm running WinXP SP2 if it matters.
<b>Symptom 1:</b> While browsing the internet using Internet Explorer or Firefox, my computer will occasionally suddenly lose the ability to perform DNS lookups. I will still have an internet connection, and I can still access internet resources using the numeric IP address, but if I try to access anything using a named web address, I get an "unable to resolve hostname" error.
This symptom does not occur while using other programs that access the internet, like online games or a Ventrilo client. It only triggers while using an internet browser. It seems to happen more often with IE than Firefox, but both will trigger it. Once the problem triggers though, it affects any and all programs that access the internet -- numeric IPs still work, named IPs do not.
<b>Symptom 2:</b> Several minutes after Symptom 1 triggers, Windows will attempt to renew my IP address and fail. At this point I lose all internet connection entirely. My modem/router still reports a normal connection, but Windows tells me I have an invalid IP address and my connection status is listed as "limited or no connectivity".
At this point, restarting the computer will clear both problems and let me back online. Unplugging and/or restarting the modem/router does not help. Windows can tell the difference between having the modem plugged in vs not plugged in, as one is listed as "internet connection unplugged" and the other as "limited or no connectivity".
I'm running WinXP SP2 if it matters.
Comments
Do you connect directly to the modem or through a router? If through a router I would try directly connecting to the modem to rule it out/pinpoint the problem.
The symptoms are weird. It makes sense that the games/ventrilo wouldn't cause much trouble, because they preform DNS queries very rarely compared to a web browser. I'm stumped without knowing more.
I did call my ISP and after their standard diagnostic tests couldn't pinpoint the problem, they said they thought there might be a problem with the connection line somewhere and they offered to send a tech out to test the line. This would be free IF they found their own line was damaged, and cost me otherwise, so I didn't set an appointment.
Since the problem is always corrected by restarting the computer, and the indicator lights on the Modem show a normal connection even when my connection is dead, my suspicion is that their line is probably not the problem. I was going to guess that some setting on my computer was corrupted, but locally's suggestion of a conflict with the ISP's network setting might be important.
Thought: If the browsers are triggering the problem only because they make a greater volume of DNS queries, I could try spamming the DNS queries on my Vent program to see if that can reproduce the problem. If not, that would suggest some problem directly with the browsers.
The symptoms are weird. It makes sense that the games/ventrilo wouldn't cause much trouble, because they preform DNS queries very rarely compared to a web browser. I'm stumped without knowing more.<!--QuoteEnd--></div><!--QuoteEEnd-->
After rereading I'm really not sure either way because is it sounds like packet routing problems. It could very well be a setting on his end that incorrectly tries to get a new ip address and/or malforms his packets, but it could also be the ISP suddenly sending some bad info to his modem and all the hostnames get routed to Timbuktu and time out.
Given the nature of the problem, I'm going to guess that it could be a hardware problem with his NIC. If he could run a live CD and browse with that and also cause the problem then we'd be able to say for sure.
Er...whats a live CD?
First test on vent-DNS-spam was inconclusive. I spammed a few dozen DNS lookups on ventrilo, then opened STEAM just for a change of pace, and STEAM went crazy and opened 48 different IE windows for no apparent reason. I don't think there was anything <i>in</i> those IE windows, but it's hard to say for sure. At any rate, after that DNS was definately down, but I'm not entirely sure if it died before or after the 48 IE windows appeared.
So here is the short form:
1. Make sure your Ipconfig /all results remain constant.
1a. if they are identical between functional and nonfunctional, and you cannot get any response using <a href="http://support.microsoft.com/kb/200525" target="_blank">nslookup</a>, try switching your DNSserver: to <a href="https://www.opendns.com/homenetwork/start/computer/" target="_blank">open dns</a> if this fixes your issue your dns server is bad, bring us its ip.
1b. if the DNS server listings are are different
Edit: I forgot to mention that you the first thing in 1b should be to update your nic drivers. you should be able to get a that from the System part of the control panel, if you have a spare nic try that one.
If that don't help:
suspect spyware/malware begin using the following tools to track down the item:
<a href="http://housecall.trendmicro.com/" target="_blank">Housecall</a> Free Online Virus Scan
<a href="http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis" target="_blank"> Hijack this </a> bring us the logs
<a href="http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx" target="_blank"> Process explorer</a> look for scary things running on your pc.
<a href="http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx" target="_blank"> TcpView </a> Monitor your network activity. look for scary things on the network.
logs/screenshots etc are handy dandy.
IP Config:
Primary Dns Suffix . . . . . . . . . . (blank)
DNS Suffix Search List . . . . . .. . domain_not_set.invalid
Connection-specific DNS Suffix . . domain_not_set.invalid
DNS Servers . . . . . . . . . . . . . . . 192.168.0.1
. . . . . . . . . . . . . . . . . . . . . . . . . 192.168.0.1
So far, it would seem my computer is passing off the job of DNS searching to my modem rather than get involved at all. So I checked the settings on the modem.
DNS Servers 68.94.156.1 dnsr1.sbcglobal.net
. . . . . . . . . 68.94.157.1 dnsr2.sbcglobal.net
I have all of this screenshotted, but I think that's the relevant lines of information. Now let me wait for it to break and see if anything changes.
After Symptom 1 (no DNS checks) triggered, I ran those checks again. Here's what I got.
IPConfig -- no changes
NSLookup -- works just fine, <b>IF</b> I specify a DNS server. If I don't, the default server is unreachable.
192.168.0.1 (address to reach my modem) -- Cannot be reached! WTF??
Then I was able to figure out what causes Symptom 2 (no internet at all). Looking back at the screenshot for IP Config, I saw this line:
Lease Obtained . . . . . (date and time)
Lease Expired . . . . . . (date and time 10 minutes later)
Symptom 2 triggered at the exact time reported for the Lease expiring. I think thats the DHCP lease? My modem is set up to renew my local IP address every 10 minutes or so, and when my computer can no longer talk to the modem to request the IP address, the modem revokes it and leaves me with no net.
So, whats the next step? What would cause my modem to stop talking to my computer, but still be willing to pass information through to the net as long as I'm not asking the modem for anything?
Edit: It might be relevant that my Modem has a variety of built-in connection tests, and claims there's a problem with two of them. ATM OAM Segment Ping and ATM OAM End-to-end Ping tests both fail. But I don't have a clue what those ARE to interpret that result.
Your DHCP theory makes sense, what doesn't of course is that the router will not directly communicate with your system but still route packets. I have no idea what would cause that sort of behavior other than odd hardware failure (again, since rebooting you system seems to work and rebooting the modem doesn't, I'm leaning toward a failed NIC). A live CD is an operating system contained entirely on a CD that does not need to be installed. Like say the <a href="http://www.ubuntu.com/getubuntu" target="_blank">Ubuntu Install CD</a> in "Try Ubuntu without changing your computer" mode, or Damn Small Linux, or KNOPPIX, or any of a hundred thousand others. If you boot from one of these and browse for a while and it still fails, my money would be on failed network card. In that case just buy a new one (they're cheep) and replace. If it doesn't fail after prolonged usage, then the problem is in software, re-install Windows.
An idea for a temporary fix would be to set your IP statically (IP=192.168.0.50 subnet mask=255.255.255.0 gateway=192.168.0.1) and your DNS statically (to the two sbc DNS servers).