Constant DNS lookup issues
January 21, 2013 11:26 AM Subscribe
Why do I have constant internet stability / DNS lookup issues on my laptop but not on my iPad etc.?
Every so often, when browsing the internet on my laptop, it'll get stuck trying to access a page ("sending request...") and eventually time out with a DNS lookup failure. Other times, it'll load the page, but only partially - the formatting will be messed up or the images are broken, and I need to reload a couple times. Sometimes some pages will load and other pages will time out with a DNS lookup failure.
If I wake up the laptop from sleep, this is guaranteed to happen - I'll be connected to the WiFi and pinging IP addresses directly works fine, but DNS lookups fail. For a few minutes. Then all of a sudden, it works.
The weird thing is, my iPad and iPhone never have this problem - they can always access sites instantaneously even when the laptop is timing out with a DNS lookup. Both laptops in our household have the DNS lookup problem. They're both fairly new.
I'm in NYC and I have Time Warner "RoadRunner" cable internet. I'm using the Google DNS servers; I've also tried using OpenDNS as well as the automatic ISP-provided DNS and it makes no difference.
Every so often, when browsing the internet on my laptop, it'll get stuck trying to access a page ("sending request...") and eventually time out with a DNS lookup failure. Other times, it'll load the page, but only partially - the formatting will be messed up or the images are broken, and I need to reload a couple times. Sometimes some pages will load and other pages will time out with a DNS lookup failure.
If I wake up the laptop from sleep, this is guaranteed to happen - I'll be connected to the WiFi and pinging IP addresses directly works fine, but DNS lookups fail. For a few minutes. Then all of a sudden, it works.
The weird thing is, my iPad and iPhone never have this problem - they can always access sites instantaneously even when the laptop is timing out with a DNS lookup. Both laptops in our household have the DNS lookup problem. They're both fairly new.
I'm in NYC and I have Time Warner "RoadRunner" cable internet. I'm using the Google DNS servers; I've also tried using OpenDNS as well as the automatic ISP-provided DNS and it makes no difference.
My best guess is your DNS queries are not in fact going to Google DNS and instead are going to the ISP. Google DNS is very reliable in my experience. Maybe DHCP is overriding your settings? The details of this depend on exactly how you've configured your Windows network connection. The failure after wake from sleep could be part of it; your laptop may be working off the old DHCP info right after resume, before it can get a new DHCP response.
If you really want to track this down, install the WireShark packet sniffer and configure it to listen only to DNS traffic (UDP port 53). You'll quickly be able to see where the requests are being sent. But because it's UDP you won't learn much about timeout failures; all you'll see are requests that go unanswered.
posted by Nelson at 3:20 PM on January 21, 2013
If you really want to track this down, install the WireShark packet sniffer and configure it to listen only to DNS traffic (UDP port 53). You'll quickly be able to see where the requests are being sent. But because it's UDP you won't learn much about timeout failures; all you'll see are requests that go unanswered.
posted by Nelson at 3:20 PM on January 21, 2013
I don't think this is a dns issue. Next time it happens, can you ping your router and show us the results? Then ping your dns server.
The time after that, renew your ip address and tell us what happens.
posted by devnull at 1:29 AM on January 22, 2013
The time after that, renew your ip address and tell us what happens.
posted by devnull at 1:29 AM on January 22, 2013
If your laptops are running Windows 7, try restarting the DNS Client service (Control Panel->Administrative Tools->Services->DNS Client->Restart).
I have a handful of school computers that need this done semi-regularly to get rid of the exact behavior you're describing. I used to have more, but managed to fix some by disabling UDP Checksum Offloading on those machines (all the same make and model, so they probably had a common problem with their NIC and/or its driver).
Windows XP running on the exact same machines was not affected.
posted by flabdablet at 5:25 AM on January 22, 2013
I have a handful of school computers that need this done semi-regularly to get rid of the exact behavior you're describing. I used to have more, but managed to fix some by disabling UDP Checksum Offloading on those machines (all the same make and model, so they probably had a common problem with their NIC and/or its driver).
Windows XP running on the exact same machines was not affected.
posted by flabdablet at 5:25 AM on January 22, 2013
Response by poster: Thanks for the answers. When I say I'm using Google's DNS servers, I mean I went into the TCP/IP config and told Windows to use the IP's of the Google DNS rather than obtaining one automatically.
Here's what happens when I ping the router, then Google's DNS server, then do an nslookup for google.com. I am indeed running Windows 7, and I'm using one of those combo modem/wifi router things that my ISP gave me.
C:\Users\Pravit>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\Pravit>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=52
Reply from 8.8.8.8: bytes=32 time=21ms TTL=52
Reply from 8.8.8.8: bytes=32 time=19ms TTL=52
Reply from 8.8.8.8: bytes=32 time=20ms TTL=52
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 21ms, Average = 19ms
C:\Users\Pravit>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
posted by pravit at 4:59 PM on January 22, 2013
Here's what happens when I ping the router, then Google's DNS server, then do an nslookup for google.com. I am indeed running Windows 7, and I'm using one of those combo modem/wifi router things that my ISP gave me.
C:\Users\Pravit>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\Pravit>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=19ms TTL=52
Reply from 8.8.8.8: bytes=32 time=21ms TTL=52
Reply from 8.8.8.8: bytes=32 time=19ms TTL=52
Reply from 8.8.8.8: bytes=32 time=20ms TTL=52
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 21ms, Average = 19ms
C:\Users\Pravit>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
posted by pravit at 4:59 PM on January 22, 2013
Best answer: That's consistent with the pattern I've seen on school workstations that came good after I restarted their DNS Client service.
It might also be security software mistakenly blocking DNS requests or responses. Do your laptops have a Norton or Symantec security suite installed? I've seen that garbage bollix up networking like you wouldn't believe.
It would be worth following Nelson's advice and using Wireshark to monitor the network connection you're using to connect to your router.
There are only a few ways to cause DNS timeouts:
1. Something inside your computer eats the outgoing DNS requests before they make it out of your network interface. Wireshark will show you whether this is happening. If it is, the most likely causes are (a) DNS Client service has gone wrong and needs restarting (b) soft firewall misconfiguration, which is far more likely if you're using something other than the inbuilt Windows firewall.
2. DNS requests go out, but the replies never come back. Given that your non-Windows devices are working, this is unlikely - but Wireshark will confirm it either way. Most likely cause for this is configuration differences inside your router for the PCs vs the iThings; perhaps the iThings are using a different DNS server, and your router is being bloody-minded about which DNS servers it will relay traffic for? Next most likely cause is something screwing up the format of the outgoing DNS requests so the remote server doesn't respond to them (checksum errors due to offloading not working can do this).
3. DNS requests go out, replies come back over the network, but something inside your computer eats them before the application layer can see them. Once again, this is most likely to be a DNS Client service or firewall misconfiguration issue.
posted by flabdablet at 7:19 PM on January 22, 2013
It might also be security software mistakenly blocking DNS requests or responses. Do your laptops have a Norton or Symantec security suite installed? I've seen that garbage bollix up networking like you wouldn't believe.
It would be worth following Nelson's advice and using Wireshark to monitor the network connection you're using to connect to your router.
There are only a few ways to cause DNS timeouts:
1. Something inside your computer eats the outgoing DNS requests before they make it out of your network interface. Wireshark will show you whether this is happening. If it is, the most likely causes are (a) DNS Client service has gone wrong and needs restarting (b) soft firewall misconfiguration, which is far more likely if you're using something other than the inbuilt Windows firewall.
2. DNS requests go out, but the replies never come back. Given that your non-Windows devices are working, this is unlikely - but Wireshark will confirm it either way. Most likely cause for this is configuration differences inside your router for the PCs vs the iThings; perhaps the iThings are using a different DNS server, and your router is being bloody-minded about which DNS servers it will relay traffic for? Next most likely cause is something screwing up the format of the outgoing DNS requests so the remote server doesn't respond to them (checksum errors due to offloading not working can do this).
3. DNS requests go out, replies come back over the network, but something inside your computer eats them before the application layer can see them. Once again, this is most likely to be a DNS Client service or firewall misconfiguration issue.
posted by flabdablet at 7:19 PM on January 22, 2013
Response by poster: I haven't tried WireShark yet, although I did try restarting the DNS service - while it didn't work instantaneously, it does seem to have reduced the time it takes to start for DNS requests to start working again - down to < 1 minute rather than around 3-5 minutes like before.
I'm not using Norton or Symantec, just basic Windows firewall.
posted by pravit at 9:31 PM on January 24, 2013
I'm not using Norton or Symantec, just basic Windows firewall.
posted by pravit at 9:31 PM on January 24, 2013
Response by poster: As another update, I have had some luck using "Hibernate" instead of "Sleep" with my laptop. Takes a bit longer to start up, but I'm on the internet faster. I get the feeling something screws up with the DNS client when I put it into the instantaneous "Sleep" mode.
posted by pravit at 8:08 AM on March 3, 2013
posted by pravit at 8:08 AM on March 3, 2013
Sleep-related wireless network weirdness on Windows, in my experience, is disappointingly common. Sometimes all it takes to fix it is updating the wireless network driver with the latest available version from Windows Update or the wireless chipset manufacturer's support site (drivers available from your mobo vendor will often be several versions out of date).
I have seen Windows Update get the version wrong (installing a 32 bit XP driver into 64 bit Vista, wtf?) so I generally prefer to go straight to the chipset manufacturer. Do you know how to track yours down? If not, post back and I'll walk you through the steps.
posted by flabdablet at 4:20 PM on March 3, 2013
I have seen Windows Update get the version wrong (installing a 32 bit XP driver into 64 bit Vista, wtf?) so I generally prefer to go straight to the chipset manufacturer. Do you know how to track yours down? If not, post back and I'll walk you through the steps.
posted by flabdablet at 4:20 PM on March 3, 2013
Response by poster: Updating the wireless network driver didn't work, but I think I may have finally solved the problem.
I went into my router's admin page and changed two things. Not sure which one fixed it:
1. Changed DHCP Lease Time to -1 ("infinite")
2. Set Port Scan Detection and IP Flood Detection to OFF
Before I did this, I did try using WireShark but couldn't really tell what the issue was. I would see a stream of unanswered queries like this:
15 1.379670000 192.168.0.12 8.8.8.8 DNS 85 Standard query 0xb8d3 A teredo.ipv6.microsoft.com
16 1.379796000 192.168.0.12 8.8.4.4 DNS 85 Standard query 0xb8d3 A teredo.ipv6.microsoft.com
17 1.800531000 192.168.0.12 192.168.0.255 NBNS 92 Name query NB WPAD<0>
(etc.)
with the occasional
27 5.438310000 IntelCor_77:1d:20 Broadcast ARP 42 Who has 192.168.0.1? Tell 192.168.0.12
28 5.439803000 HonHaiPr_56:8a:2f IntelCor_77:1d:20 ARP 42 192.168.0.1 is at 90:6e:bb:56:8a:2f
posted by pravit at 4:23 PM on June 4, 2013
I went into my router's admin page and changed two things. Not sure which one fixed it:
1. Changed DHCP Lease Time to -1 ("infinite")
2. Set Port Scan Detection and IP Flood Detection to OFF
Before I did this, I did try using WireShark but couldn't really tell what the issue was. I would see a stream of unanswered queries like this:
15 1.379670000 192.168.0.12 8.8.8.8 DNS 85 Standard query 0xb8d3 A teredo.ipv6.microsoft.com
16 1.379796000 192.168.0.12 8.8.4.4 DNS 85 Standard query 0xb8d3 A teredo.ipv6.microsoft.com
17 1.800531000 192.168.0.12 192.168.0.255 NBNS 92 Name query NB WPAD<0>
(etc.)
with the occasional
27 5.438310000 IntelCor_77:1d:20 Broadcast ARP 42 Who has 192.168.0.1? Tell 192.168.0.12
28 5.439803000 HonHaiPr_56:8a:2f IntelCor_77:1d:20 ARP 42 192.168.0.1 is at 90:6e:bb:56:8a:2f
posted by pravit at 4:23 PM on June 4, 2013
I expect it was the Scan and Flood detection setting. DHCP lease times typically only matter on subnets with lots of devices coming and going.
Something else you might care to check on your laptop, if you're using Internet Explorer: under Internet Options -> Connections -> LAN Settings, try turning off "Automatically detect settings".
Your laptop appears to be interested in resoving the name "WPAD", which probably means it's trying to use Web Proxy Auto Discovery. For a typical home Internet service you won't ever want to use a web proxy, and WPAD is just one more opportunity for things to go wrong. Unless that laptop also needs to be used inside a corporate LAN where WPAD is used to automate the discovery of a mandatory web proxy, turning it off should have no negative consequences.
posted by flabdablet at 10:24 PM on June 4, 2013
Something else you might care to check on your laptop, if you're using Internet Explorer: under Internet Options -> Connections -> LAN Settings, try turning off "Automatically detect settings".
Your laptop appears to be interested in resoving the name "WPAD", which probably means it's trying to use Web Proxy Auto Discovery. For a typical home Internet service you won't ever want to use a web proxy, and WPAD is just one more opportunity for things to go wrong. Unless that laptop also needs to be used inside a corporate LAN where WPAD is used to automate the discovery of a mandatory web proxy, turning it off should have no negative consequences.
posted by flabdablet at 10:24 PM on June 4, 2013
This thread is closed to new comments.
If you haven't done anything to the router, switching back is as simple as picking the "Obtain DNS server address automatically" radio box instead of the "use these DNS servers" box.
posted by wierdo at 11:51 AM on January 21, 2013