tnt118 Posted December 16, 2014 Share Posted December 16, 2014 Looking for a little help on a home network problem that is giving me fits. Several times a day DNS stops working and it takes a router reboot to bring connectivity back. At first I was ready to chalk this up to a dying router but it also roughly coincides with when I started using Cisco AnyConnect to VPN into work. However AnyConnect is just on one PC (and is rarely on or running when this happens). But the entire network goes down (except the wired Roku seems to stay working). The network is basically 1 PC, 1 laptop, 1 Roku (wired) and 3 cell phones/tablets. Netgear WNDR3700 router (already tried a factory reset) and a Cox cable modem. The router itself seems to have internet access. It is able to check for firmware updates (which may or may not rely on DNS). So I've tried a couple of things with no luck. I tried forcing Google's DNS servers in the router with no results. However when I manually put in Google's DNS (or the ISP's) into my PC, it can continue to work through an outage... but all other devices cut out. I have factory reset the router. I did talk with a Cox tech briefly and they mentioned that the modem is responsible for assigning the DNS servers (I admit I don't know much about this part of things). I'd think then that if the router was set specifically to use Google's DNS that would bypass the modem settings and things should work. I'd hate to go down the road of manually setting DNS on every device that is ever on the network. The cable modem status page mostly shows good connections. There are a couple of error messages in the log but none of them correspond with the time the connection drops. DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC= DCC-ACK rejected unknown transaction ID DCC-ACK not received ... a few others I've now also uninstalled the Cisco VPN. If that was the origin of the problem, uninstalling it did not help. At this point the only thing left I can do is borrow a router and swap it out temporary to see if problems persist, but beyond that I'm totally stumped. Any thoughts? Link to comment Share on other sites More sharing options...
speed3okie Posted December 16, 2014 Share Posted December 16, 2014 try doing a netsh winsock reset in a command prompt Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted December 16, 2014 MVC Share Posted December 16, 2014 I bet your Cisco device has DNS inspection turned on. We have had a similar issue (More with Mail than anything). http://ccnpsecurity.blogspot.co.uk/2011/10/dns-inspection.html Could be your ISP doing DNS Injection, Some of them are now for NX domains returning their own page. Who is your ISP? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 16, 2014 MVC Share Posted December 16, 2014 Well something up with your router, never been a fan of their little forwarders - you hit them with a bunch of queries and they die. Doing something like p2p normally generates a lot of queries, etc. Having your router use 8.8.8.8 doesn't help when the forwarding part that goes and asks google for your machine dies. So run a different dns forwarder on your network, and have your dhcp server point to that. Have your dhcp server hand out googledns vs the router, or manually set dns on all your machines. Get a new router with better dns support - but to be honest they all blow unless you run your own firewall/distro router that allows you to run what you want for your dns forward, be it tiny, unbound, dnsmasq or even bind itself, etc. The reason your roku keeps on ticking is hard coded dns I would assume - so its not using your routers dns. Other thing you could try is just rebooting the thing say every night to keep dns running. Or as Red suggest maybe turn off some of its features that might be killing it, like dns inspection. Simple test.. When you have an issue - drop to cmd line and do a nslookup.. It will show you what your using for dns example C:\>nslookup Default Server: pfsense.local.lan Address: 192.168.1.253 Try to lookup something C:\>nslookup Default Server: pfsense.local.lan Address: 192.168.1.253 > www.neowin.net Server: pfsense.local.lan Address: 192.168.1.253 Non-authoritative answer: Name: neowin.net Addresses: 54.86.19.37 54.172.165.25 54.173.39.38 Aliases: www.neowin.net Do you get an answer?? If so then dns is working, and you got other issue - but from what you have been saying I take it this going to fail. Then change over to another dns, simple server command. > server 8.8.8.8 Default Server: google-public-dns-a.google.com Address: 8.8.8.8 Then try again - does that work? If so then your router dns forwarder is not working. You pretty much validated it already when you say you changed your client to google and it continued to work when others had problem. But lets be sure - from an ipconfig /all it will tell you who your dns is on your client C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i5-w7 Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local: Connection-specific DNS Suffix . : local.lan Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, December 14, 2014 5:53:15 PM Lease Expires . . . . . . . . . . : Wednesday, December 17, 2014 6:46:32 AM Default Gateway . . . . . . . . . : 192.168.1.253 DHCP Server . . . . . . . . . . . : 192.168.1.253 DNS Servers . . . . . . . . . . . : 192.168.1.253 NetBIOS over Tcpip. . . . . . . . : Disabled If you want to run your own, and don't have linux box - unbound and bind both run on windows without much issue.. Link to comment Share on other sites More sharing options...
tnt118 Posted December 16, 2014 Author Share Posted December 16, 2014 Thanks for all the replies. It's helped me track down more info and confirm it is a router problem. I've spent two weeks narrowing down what is going on and with a little additional research (and now knowing what I was looking for) I came across the likely answer. There was a beta firmware Netgear never published from several years ago that apparently addresses this exact issue. The router still shows as running the newest firmware since it was never formally released but you can get the file from their website. On a sidenote it's a bit frustrating that v1 of the WNDR3700 got support cut off while v2-4 had years of additional releases (including this fix). There was a reference that "DNS can be called in two ways, one of which could cause the router to hang" (TCP/UDP?). My speculation is that using Cisco AnyConnect exposed this problem which was probably there all along. Reading reviews, the beta firmware apparently has other problems that are not insignificant. In fact, a pulled first beta is allegedly better than the one currently available. So my solution is to do something I've been meaning to try for ages: DD-WRT. Flashed today and we'll see how it holds up. So far it's looking quite good. Link to comment Share on other sites More sharing options...
tnt118 Posted December 20, 2014 Author Share Posted December 20, 2014 Just confirming... three days on DD-WRT and the problem has not reoccurred. It does look like Cisco AnyConnect was causing the router to hang because of how it requested DNS. Thanks again for all the help. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 20, 2014 MVC Share Posted December 20, 2014 And how would it be doing a anything on in a query? Maybe it was doing a lot of them? soho routes dns is quite often fragile, like a little girl with her sunday best on. Have more than couple of clients ask it for new stuff and crash.. While dd-wrt is better, don't be surprised if it crashes now and then too if your pounding it with dns, because of something odd. Link to comment Share on other sites More sharing options...
Recommended Posts