My DNS service keeps failing...

[Puritan]

I'm using a Netgear router, and for some reason, my DNS service keeps periodically failing. I'll be using the net fine, when suddenly the DNS will stop working, so whenever I try to access a site, it'll tell me that "www.thatsite.com cannot be found." The internet still works; any program, like my IM clients, which operate only with URNs will still work fine, but the URL-to-URN lookup no longer works. This just happens randomly periodically as I use the internet; it's been happening more and more these days. It affects both wired and wireless connections, but it only affects my computer, so there must be something wrong with it. So far as I can tell, there are no viruses or something; it must be in the configuration. Does anyone know why this would be or what would cause a problem like this?

[+BudMan MVC]

Are you using your router as DNS? Or directly pointing to your ISP, or other dns server.. say 4.2.2.2?

Keep in mind that by default xp will cache bad replies for default 300 second TTL.. So say if your looking for www.somesite.com, and your dns takes longer than windows thinks it should to respond.. windows will cache the fact that it could not find that site.. until that cache expires it will not go look again..

http://www.microsoft.com/resources/documen...jj_ipa_vitx.asp

http://www.google.com/search?q=negative+caching

It could be related to this.. or just the fact that most routers I have looked at have pretty ****ty dns forwarding.. When you say other machines work, it could be possible that they have it cached locally.. and you do not.. your router does not really cache it, or has a very small cache.. and so has to go look it up again when you ask.. times out, etc.. but your other machine has it locally cached and therefore can get it..

To see if it is related to your routers DNS features.. set your client to directly use your ISPs dns.. or some other one.. 4.2.2.2 4.2.2.3 4.2.2.5 are well known good dns servers that allow for queries from other than their own networks..

To see if its related to neg caching.. you can disable this feature in your reg.. Or just flush your local cache with ipconfig /flushdns and try again..

You can also use nslook, or dig to troubleshoot this types of issues.. when you can not look up a site.. use nslook or dig, and query a different server...

If in doubt on dns.. you can always query the OWNING server of the domain your trying.. just whois for the domains auth servers and query them directly..

[Puritan]

Are you using your router as DNS?  Or directly pointing to your ISP, or other dns server.. say 4.2.2.2?

I have my network set up to obtain a DNS automatically (from the router or whoever is supplying the router with its DNS or whatnot); I don't know what the actual DNS address of the ISP is (and it would be annoying to put that in, as each network I connect to would have a different DNS, and if they only allow connections from computers directly on their network, I'd have to change it each time).

I will look into cache flushing next time the problem happens. Would caching bad responses result in accessing no sites though? I would think that a site that doesn't respond might be cached, but if you try another site, that site still has a chance of working since it's unrelated to the site before, but for me, when the problem happens, no sites anywhere will work at all until I reboot...

[+BudMan MVC]

I don't know what the actual DNS address of the ISP is (and it would be annoying to put that in, as each network I connect to would have a different DNS

586152347[/snapback]

:blink:

Each network would have different DNS?? You lost me! You connect to multiple ISP's with your router? Your router should list in its status screen what dns servers your ISP told it to use when it got its IP address from them.. How big of hassle is that?, and then putting it in your tcp/ip settings? Or for that matter.. most routers allow for you to hand out different DNS to its dhcp clients, other than itself.. Put in 4.2.2.2 in the router - it will then hand that out its clients..

The 4.2.2.2 servers I gave you allow dns queries from anywhere on the planet -- so it would not matter what ISP your using to use them?

As to see what your client is currently using for dns.. an ipconfig /all will give you that info..

So when you dns issues happen.. you have to reboot your machine to be able to query anything? Have you tried a nslookup when your dns issues happen.. these do not work either? When asking another dns server? Or even what is configured?

When you have the issues - take a look at your cache with ipconfig /displaydns

If this does not work - you maybe having issues with the dns client, and the reboot restarts the service and clears up the problem.. If ipconfig /displaydns or /flushdns does not work.. try stoping the dns client and restarting it..

C:\>net stop dnscache

The DNS Client service was stopped successfully.

C:\>net start dnscache

The DNS Client service is starting.

The DNS Client service was started successfully.

[Puritan]

Each network would have different DNS??  You lost me!  You connect to multiple ISP's with your router?  Your router should list in its status screen what dns servers your ISP told it to use when it got its IP address from them..  How big of hassle is that?, and then putting it in your tcp/ip settings?  Or for that matter.. most routers allow for you to hand out different DNS to its dhcp clients, other than itself..  Put in 4.2.2.2 in the router - it will then hand that out its clients..

I meant that I use different ISPs all the time (it's a laptop, so I connect at home, I connect at school, I connect at work, all on different networks). Can I nonetheless just put in a static DNS server, or do DNS servers generally only allow queries if you're connected to their network? I thought it was the latter...

I'll try the 4.2.2.2 thing now.

The flushing of the DNS server didn't work at all... next time the problem comes up, I'll try stopping and restarting the service. The problem is occurring more and more frequently these days... nowadays, I can't even get in more than a couple hours before it goes all wonky. (I'll have to remember to save the page this time... the DNS just died again five minutes ago, but when it did, I couldn't access this page to look at your suggestions!)

[+BudMan MVC]

dude if your having the problem happen on a bunch of ISPs outside your router.. its highly unlikely that its related to the isp dns.. Since when you connect to different isps.. be it dialup.. or wireless connections (school, work, starbucks) etc.. you would be different dns servers..

Sounds more like a network issue then just dns.. this happens both wired and wireless?

Have you tried doing queries using nslookup once the problem happens? This would verify that whatever dns server your using is answering.. can you ping the dns server your using? Ipconfig /all will show you whatever dns server your using at the time..

Are you running any software firewall? I would really suggest when it happens you try doing nslookups to where you having issues.. example

C:\>nslookup

Default Server: dp2-400.local.lan

Address: 192.168.1.2

> www.neowin.net

Server: dp2-400.local.lan

Address: 192.168.1.2

Non-authoritative answer:

Name: neowin.net

Addresses: 69.93.228.21, 70.84.250.53

Aliases: www.neowin.net

If this works - then your NOT having dns issues.. And your problem is either in your local dns client.. or network connectivity.. If you can not do a query to your dns server.. can you even ping it?

When you have these issues - can you open up a website by IP address.. when you say IM is working.. you mean your actually talking to people.. or it just shows you connected?

When you have the issue can you access say.. http://69.93.228.21/ You will not get all the images, etc.. but you should get most of the page.. or you could try a different site that works with IP.. say one of the google IP's http://64.233.167.104/

[LOC Veteran]

Puritan, are you on Comcast by any chance?

If you are, Comcast has been having DNS issues for over a month now. Switching to 4.2.2.2 like Budman suggested above will help. If you aren't on Comcast, then that is a different story :|

[+BudMan MVC]

If you are, Comcast has been having DNS issues for over a month now

586152877[/snapback]

:rofl: - comcast is ALWAYS having dns issues! Part of the reason I run my own dns ;)

But yeah he mentions multiple ISP's I doubt all of them are having issues..

[LOC Veteran]

Yeah I know, but I was just assuming this was happening at home heh.

[+BudMan MVC]

Yeah I know, but I was just assuming this was happening at home heh.

586152938[/snapback]

Yeah, not quite 100% on the details either.. in his first post, he made NO mention of it happening everywhere.. If it is, what was the point of bring up his home router, etc.. and other machines..

Later he states that he has the problem at school, work, etc.. So it can have nothing to do with his home setup or isp..

I would think its more of a general connectivity issue, and not really dns related.. even though there could be something wrong with his dns client..

A nslookup check would help us pin that down.. and or even just turning off the dns client.. but if it is related to that.. then when he does the restart of the service should clear it up too..

[Puritan]

Yeah, not quite 100% on the details either.. in his first post, he made NO mention of it happening everywhere..  If it is, what was the point of bring up his home router, etc.. and other machines..

Oh, I just mentioned the other networks in reference to putting in a static DNS server address. So far, I've only seen the problem at my apartment and my parents' apartment, both of which have Netgear routers. (They're on different ISPs though... my apartment's internet is provided by the school, and my parents' is provided by Roadrunner I think?) It's never been a problem for me at school or at work, so I'm wondering if it's some sort of incompatibility with Netgear, or if I don't use the school or work connections long enough in order for the problem to manifest? It's not consistent, and it seems to be getting steadily worse; before, it was only a problem after hibernation, but now it's a problem during the regular course of the day while I'm using it too. And again, this never affects any of the other computers on the network, just mine, so I don't think it's a router configuration problem.

I never knew about nslookup... I will do that next time the problem occurs (which, if things hold, will probably be sometime this afternoon or evening... :blush:)

When you have these issues - can you open up a website by IP address.. when you say IM is working.. you mean your actually talking to people.. or it just shows you connected?

Oh yeah, I can talk to people fine. I can FTP into my server (with just the URN address) fine and transfer files. The connections still work, the URL lookup doesn't (exemplified, for example, by the fact that MSN can tell me that new email has arrived, but I can't actually access hotmail to read it).

[Puritan]

Well, an update to the problem...

Sure enough, the DNS failed again last night like it always does. Strangely enough, though, when I ran nslookup, it seemed to run perfectly. This was the output:

C:\>nslookup

*** Can't find server name for address 192.168.1.1: Non-existent domain

*** Default servers are not available

Default Server:  UnKnown

Address:  192.168.1.1

> www.google.com

Server:  UnKnown

Address:  192.168.1.1

Non-authoritative answer:

Name:    www.l.google.com

Addresses:  64.233.161.99, 64.233.161.104, 64.233.161.147

Aliases:  www.google.com

> exit

C:\>

So apparently nslookup can still find addresses even though my web browser, email program, etc. cannot. (I then put 64.233.161.99 into my browser and, sure enough, it connected to google.)

I then switched my DNS server from "get address automatically" to "4.2.2.2" and that cleared up the problem. But then when I switched it back to "get address automatically" again, it still continued to work. I'm not sure, therefore, if 4.2.2.2 works and the automatically-obtained server doesn't or if just the act of switching the server fixed the problem, that switching the server somehow restarted some service which made it work again.

I didn't stop and start the dns cache service because I tried switching the DNS server address to 4.2.2.2 first, and that solved the problem, so I won't have a chance to try it until the thing goes awry again.

I've left the DNS server at 4.2.2.2 for now to see if the problem will reoccur even if I use that as a static DNS server instead of the "get address automatically" I was using earlier. Of course, I'll probably have to wait around a while to determine if the problem does arise again with 4.2.2.2.

So does anyone have any clues about what's going on? I'm not sure exactly what nslookup does, but the fact that nslookup did work when the problem arose again earlier today even though I couldn't actually access any sites in my browser or email seems strange... I'm not sure what that would mean...

[+BudMan MVC]

nslookup does a query directly to the dns server you tell it too.. so this verified that your DNS is working.. and answers queries.. So it is NOT a problem with your dns server..

If the problem shows up again.. try restaring the dns client

net stop dnscache

net start dnscache

Since you say this happens after an amount of time surfing? It could have something to do with your dns client and the amount of entries in your cache crashing the client? Do you have anything in your event log?

When it happens again - when you stop client try going to some sites.. make sure these sites could not be in browser cache as bad.. ie they just failed.. or make sure you do a refresh, etc.. If they work.. then restart the dnsclient.. do they still work?

it is not really required that you even run the dns client.. it is designed to speed up dns queries... But if off, your machine will just query your dns server every time it needs to access something.. vs maintaining a local cache.. Your browser should maintain a session cache for sites you have access during this session as well.. But if your having issues with the client.. until you could resolve what is causing the issue.. you could leave it off, etc.. You sure there is NOTHING in your event log when this happens?

[Puritan]

More updates...

Using 4.2.2.2 didn't work; the same problem popped up after a while. Stopping and restarting the dnscache did fix the problem, so the problem must be in there somewhere.

If I just leave it off permanently, will it cause any problems? And what could be causing this?

If by "Event Log", you mean the "Event Viewer" in Administrative Tools, yeah, there is nothing that corresponds to the time when the problem occurs. No, wait, there are some errors, but I think timewise they occur before the problem actually becomes visible. There are a bunch of warnings for Tcpip that say

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and one for W32Time that says

The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Do those mean anything to you?

[+BudMan MVC]

Well yes they do.. the one about tcp/ip reaching its security limit... would explain your issue.. unless your running some p2p app.. your box is looking for a WHOLE lot of stuff.. for why? My guess some kind of infection..

Sp2 included this change;

--

Limited number of simultaneous incomplete outbound TCP connection attempts

The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system?s event log.;

--

This could I guess crash your dns cache.. if your looking for 1,000's of machines.. doing dns queries for all of them? With normal browsing, internet usage.. you should NEVER see any of those errors.. and you have a bunch of them.. before your dns crashes?? Yeah I would assume that is the root of your problem..

if you flush your dns cache with ipconfig /flushdns and then do a /displaydns -- what is in there? I would suggest you grab a sniffer, ethereal is FREE and run it on your machine.. to see what kind of traffic your machiine is putting on the wire.. that would cause those types of errors.. How many errors do you have? I would look back through your log.. do you have them before every time your dns stops working?

if your reaching this limit.. your going to be limited to 10 connections a sec.. which if have queued up enough.. this could really slow down your connections.. and just that alone could cause your browsers to not work..

Yes you can run with the service dns client off.. but this would seem to NOT be the root of your problem.. you really need to find out what is causing your machine to reach that limit.. Why would your machine be trying to talk to IP's that do not answer back? you can also do a netstat -ano which will list out the connections your machine has.. and the PID of the process making the connection.. you could look to see what is making the connections..

it could also be an indication of a bad connection.. if your connection is bouncing.. since nothing would be able to answer, you would have incomplete outbound connections.. The time one is saying your machine could not sync.. which could be another indication of a bad connection.. Or could be due to the fact you have reached the security limite for unanswered outbound..

edit:

Or certain traffic could be blocked at your router? Your machine is trying to make connections that are being blocked.. so you could reach the number or incomplete outbound.. and cause that error.. you REALLY need to figure out what is causing that error.. that must be the root of your issue..

Edited July 4, 2005 by BudMan

[Puritan]

I think the problem on my computer is doing something that's conflicting with Netgear routers, since I don't have the problem anywhere besides at my apartment and my parents' place (both of which are on Netgear routers) and none of the other computers on the routers have this problem.

After I run ipconfig /flushdns and then ipconfig /displaydns, I get a bunch of crap adsites in the results:

Windows IP Configuration

        adserver.directforce.net

        ----------------------------------------

        Record Name . . . . . : adserver.directforce.net

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        www.radiate.com

        ----------------------------------------

        Record Name . . . . . : www.radiate.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        www.adserver.com

        ----------------------------------------

        Record Name . . . . . : www.adserver.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        ads.x10.com

        ----------------------------------------

        Record Name . . . . . : ads.x10.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        adres.internet.com

        ----------------------------------------

        Record Name . . . . . : adres.internet.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        s12.sitemeter.com

        ----------------------------------------

        Record Name . . . . . : s12.sitemeter.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        afservant.guj.de

        ----------------------------------------

        Record Name . . . . . : afservant.guj.de

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        z0.extreme-dm.com

        ----------------------------------------

        Record Name . . . . . : z0.extreme-dm.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        www.valuesponsor.com

        ----------------------------------------

        Record Name . . . . . : www.valuesponsor.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        www.cash2002.de

        ----------------------------------------

        Record Name . . . . . : www.cash2002.de

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        ads.tripod.com

        ----------------------------------------

        Record Name . . . . . : ads.tripod.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        www.hit-parade.com

        ----------------------------------------

        Record Name . . . . . : www.hit-parade.com

        Record Type . . . . . : 1

        Time To Live  . . . . : 603498

        Data Length . . . . . : 4

        Section . . . . . . . : Answer

        A (Host) Record . . . : 127.0.0.1

        Section . . . . . . . : Answer

So I assume that's what's causing the problem? I don't know why something keeps trying to access these ad sites.

When I did a netstat -ano, however, nothing particularly unusual came up. The only weird thing I saw in Tasklist was that there are four instances of svchost.exe, one using up about 14 MB of memory, the others all using about 1.5 KB. Is that normal? I read somewhere that it's normal to have multiple instances of svchost.exe running simultaneously. Other than that, all of the programs that are accessing the net are programs that I'm either running myself (Firefox, Trillian, etc.) or components of Windows (svchost.exe, alg.exe, lsass.exe, etc.). My firewall (ZoneAlarm) isn't detecing any strange programs trying to use the internet, my antivirus (AVG Free) hasn't detected any viruses or trojans, and I ran Ad-Aware and Spybot and neither found any problems on my computer.

Actually, now that I see all these sites linked to 127.0.0.1... could this problem be a result of my hosts file in windows\system32\drivers\etc? I have a hosts file there that redirects a whole bunch of ad sites to 127.0.0.1 in order to block them. Would that cause this sort of problem where the TCP limit is reached? Although, even if that is the case, that wouldn't explain why these sites are constantly being queried to begin with, or why they're sticking around even after I flushdns...

How many errors do you have?  I would look back through your log.. do you have them before every time your dns stops working?

Yeah, looking back, I think I get at least one (and sometimes up to four or five) of these errors each time before the problem arises and the DNS shuts down. This last one happened this morning at 10:34, which is, I think when I started using my computer this morning or right before I started using it. It was working fine last night, though, so whatever is jamming this up is running overnight (when I leave my computer on overnight).

Now that I think about it, my use of the hosts file may be causing this problem? Because something keeps trying to query these ad servers and is only getting 127.0.0.1 in response, and that nonresponse is causing the limited stack? Is it just that I visit sites during the day that have links to ad sites that eventually amass this problem? On the other hand, considering that the problem also comes up overnight when I'm not browsing anything new and the adsites won't get flushed out of the dns with ipconfig /flushdns, is there something else that keeps trying to access these adsites that is escaping my firewall/adware/antivirus programs, and that program's continual access of 127.0.0.1 is causing the problem? (Or neither, and is the hosts file unrelated altogether?)

[+BudMan MVC]

If you put stuff in your host file, it will always be PRELOADED into your dns cache.. This is why they stay even after a /flushdns..

Preloaded entries would not be the actual reason for your dns cache issue, I personally do not think this is avery efficient way of blocking ads.. How about using adblock for FF? I rarely see any ads ;) Be happy to share my adblock listing with you..

But if you think about it - it could be a reason for your errors.. Say you hit a website that has an ad for "www.adserver.com" which you have listed as being 127.0.0.1 "your machine" Does your machine respond to http requests on port 80?? If not.. would this be considered an unanswered outbound request? I think it might? You get enough unanswered ad requests going.. all to your machine, which doesnt answer? This might cause you an issue.

As to multiple copies of svchost running - yes having more than one is quite normal..

Try taking these entries out of your host file.. see if the problem goes away.. If it does.. hey you found the problem.. if not, then we have to keep looking.. With all those preloaded entries.. its hard to tell if your machine is doing any queries you do not know about anyway.. since you really can't flush your cache..

We'll fix this thing yet ;)

[Puritan]

I removed the hosts file, rebooted my computer, and flushed the dns cache for safety's sake. When the problem didn't appear again yesterday, I thought I had the thing licked. Unfortunately, the problem rearose this morning.

This time, however, there's a different error message in the Event Viewer. No longer is it the security limit message; instead, it is:

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00061BCC7471.  The following error occurred:

The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

From the event time, this error took place just this morning when I turned on my computer, or, more accurately, brought it out of hibernation. Could there be a separate problem related to hibernation causing this, i.e. originally there were two problems? Over the weekend, I left my computer on all night, so the DNS failures then weren't due to hibernation -- maybe getting rid of the hosts file solved that problem -- but maybe there's a second independent problem that results in the same symptoms resulting from hibernation?

The DNS failure this morning was also solved by stopping and restarting the dns cache though, whereas the "your computer was not able to renew its address from teh network" error message sounds like it's an error with the computer connecting to the DHCP server that stopping and restarting the DNS cache wouldn't fix...?

(As an aside, what is the ad-blocker Firefox extension that you use? Is there only one ad-blocking extension or are there multiple ones, and if the latter, do you have a personal preference?)

[Puritan]

Hello? Are you still around? You helped me fix over half the problem with the hosts files... don't leave me now! :)

[Puritan]

Dammit, the "original" problem, the "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts" problem is up again. The problem doesn't correspond, timewise, to exactly when the DNS craps out. The event messenger says that there was a security warning at 9:08 AM, but the internet was working fine until the second error at 11:52 AM, which is approximately when it crapped out. So I guess the hosts file didn't solve it...? Now it seems like there are two separate problems, the TCP/IP security error and the unable to renew network address error, both of which knock out the DNS...

[+BudMan MVC]

Dude there should be no reason for you to get that security error.. that would be error 4226 I am guessing? If you have cleared up your host file to not point stuff to yourself? After you flush your cache - what shows up in it?

I do not see how it would be possible doing normal surfing to ever hit that limit.... You must be running some type of p2p app, or infected with something to get that error in your event log.

I am working on bits of info here - but if I had to guess.. your infected with something.. If you want.. I would be happy to look at it - we could setup a time.. give me remote access.. VNC, RDP.. some other app of your choice.. PM me

Have you grabbed a sniffer yet, and taken a look at what is going out your wire? Ethereal is FREE, and very easy to use.. You will know for sure what is going out your wire - that might be causing you issues..

PM me - if you want me to take a look remotely.. I am off tmrw.. be happy to see what is up..

[war]

Try disabling DNS cache service in services.msc. Then use 4.2.2.1 and 4.2.2.2 for DSN servers, primary and seconday respectifily.

Yes you should not be using that much open TCP connections.

Does your router have a hardware firewall and/or NAT ? I highly recommand you enable both if so. If not then get a better router. ;)

Anywas leaving the DNS cache service will not slow down browseing, that is if your router works correctly ;) . In fact it might even be faster.

Keep it disabled forever . ;) At least until the problem is solved. :p Then we will know for a fact it's not that.

Also you should be running a software firewall. If so post some logs when this happens if any. Or it no firewall download one, like zonealarm free. I recommand it over built in one anyday, seeing as xp sp2 firewall is inbound only.

I also higly recommand that you have your computer up to date. BTW what brower are you using ? Have you tried different browsers ?

Are you using a proxy ? What's your router's model number, serial number, etc. ? Any more info you think is relavent ?

Oh and what other appz are running when this happens ? Post a screen shot of task manger on process tab. Make it big so we can see everything. Full screen if need be...

Take Care,

Will

[Puritan]

Hmm... ZoneAlarm has a lot of blocked connections with 192.168.1.1:53 accessed by svchost.exe (I never noticed this before). I don't know what's causing this, but maybe this is on the track to the problem; there's a lot of talk between my computer and the router (192.168.1.1) that's being blocked for some reason? And only Netgear routers are doing this, which would explain why the problem only affects me when I'm on Netgear routers?

Try disabling DNS cache service in services.msc. Then use 4.2.2.1 and 4.2.2.2 for DSN servers, primary and seconday respectifily.

I tried the 4.2.2.1 and 4.2.2.2 solution, and it didn't work.

I assume my router has a hardware firewall and/or NAT; I actually don't know...

Are you using a proxy ? What's your router's model number, serial number, etc. ? Any more info you think is relavent ?

I also higly recommand that you have your computer up to date. BTW what brower are you using ? Have you tried different browsers ?

I'm not using a proxy. The routers that this problem affects are both Netgear, the MR814v2 and the WGR614v5. When the problem arises, it affects all browsers (Firefox, my primary, and IE) along with all other programs such as Outlook, etc.

I think these constant blocks by ZoneAlarm might be the problem? There are a lot of them, and they're all coming from the router, so maybe that explains why I'm running out of TCP/IP connections and why it only affects me on these routers? I'm posting screenshots of the logs, plus my task manager screenshots, below:

Zone Alarm screenshot

Task Manager screenshot 1

Task Manager screenshot 2

[+BudMan MVC]

dude 53 is DNS - that is your machine asking your router "your dns server" for the address of something.. Why in the WORLD would you block outbound dns requests?? :wacko:

This is why software firewalls are MORE trouble then they are protection!! Dude if you want to be able to look up sh_t on the net - your going to have to let your machine talk to your dns server on the standard freaking dns port of 53.. both tcp and udp can be used..

Your dns client service uses this command..

"C:\WINDOWS\System32\svchost.exe -k NetworkService"

So your blocking your dns client from asking your dns server for addresses? WTF!! dude? And you wonder why your having problems?? And you wonder why you can not lookup anything?

Dude your behind a nat router -- on your NETWORK!! why exactly are you using a software firewall? Oh yeah, to block your machine from looking of web pages - you want to go to ;)

edit:

Your firewall blocking outbound requests could also explain your 4226 errors.. Your machine tries to make a connection to its dns server.. some piece of software blocks it.. your machine does not know why.. just that it has an UNanswered outbound connection.. next thing you know you start queue up connections... etc.. etc..

[Puritan]

Hmm... I have no idea why ZoneAlarm would be doing that. It's not set to block anything from the local network...?

Okay, I'm going to leave it off and see if that problem comes up again.

Do you know a better software firewall to use then? I shouldn't need it behind my router, but when I take my laptop to other places where it connects directly without a router firewall, I feel like I should have something up there and not just be out there naked... or am I just being overly paranoid?