DNSCACHE bug?

[Dale McGary]

I am having a problem with the windows XP (home edition) "Client DNS
service". I have a DI-0604 router between my PC and my DSL modem. The
router uses dynamic PPPOE to log me in, get an IP address, and find the DNS
servers. The router acts as a DHCP server so I have my PC set up to
automatically get an IP address from the router, and to automatically detect
the DNS servers. With this setup the PC's IP configuration lists one
address for DNS servers. (The router). This works fine when I first boot
the PC. If I leave the PC sit idle for a few hours the DNS cache service
just stops working. Nslookups fail and I used a network sniffer to verify
that the PC never even sends a DNS query. It just fails without even
trying. The hardware is all still working fine because I can ping internet
addresses if I use the address. Flushing the DNSCACHE does not cure the
problem. If I stop and restart the dnscache service everything works again.

I have found I can work around this by manually entering the ISP's DNS
servers into the PC's DNS configuration. In this case there are two DNS
servers in the configuration. In this configuration the problem goes away.

Is this a bug in the DNSCACHE service? Does it have a problem with just one
address? I would like to use the automatic setup in case the ISP ever
changes the DNS servers however I can't get it to work.

Does anyone know how to cure this?

Thanks
Dale

 

[Dale McGary]

Since there were no responses can I assume no one else has this problem? Is
anyone using this same configuration without any problems? (Automatically
detect DNS servers, and router as only DNS server)?

Thanks
Dale McGary

 

[Alan J. McFarlane]

[...]

find the DNS servers. The router acts as a DHCP server so I have my [...]
works fine when I first boot the PC. If I leave the PC sit idle for
a few hours the DNS cache service just stops working. Nslookups
fail and I used a network sniffer to verify that the PC never even
sends a DNS query. It just fails without even trying. The hardware

Well firstly nslookup.exe does not use the system DNS lookup facilities, it
creates DNS query packets itself and sends them direct to the DNS Server is
is using. It does not use the machine DNS Resolver (DNS Cache). (Well this
is how it is on all other platforms--I'm not 100% sure on XP). Does
nslookup output any error messages? What DNS Server (address) does it say
it is using when it starts? If it does not say the router's address when
happens if you do "server ROUTER_IP_ADDR" at its prompt before doing the
query.

Are there any relevant Event Log entries. When my ISPs DNS Servers were in
a dodgy state recently I had Event Log messages saying "The DNS Client
service could not contact any DNS servers for a repeated number of attempts.
For the next 30 seconds the DNS Client service will not use the network
....".

Also can you show us "ipconfig /all" and "route print" after boot (when
things are working) and also after the idle period (when things are not
working).

 

[Dale McGary]

Thanks for the response. You are absolutely correct about nslookup. I
didn't look closely enough at the output.
Pings from the command prompt by name, and all lookups from IE fail when it
gets in this mode, but nslookups succeed. Pinging via address instead of
name also works. Stopping and starting the dnscache makes it all start
working again. There are no DNS errors in the event logs.

Below are copies of two command prompts containing the data you requested.
One session when working, and one when not working.

Any Ideas would be appreciated.

Thanks again

Dale McGary


****************************************************************************
***************
DNS is working here
****************************************************************************
***************


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Dale McGary>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dalepc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast
Ethernet
dapter
Physical Address. . . . . . . . . : 00-04-5A-8F-41-32
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Wednesday, November 19, 2003
11:55
4 AM
Lease Expires . . . . . . . . . . : Wednesday, November 26, 2003
11:55
4 AM

C:\Documents and Settings\Dale McGary>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 5a 8f 41 32 ...... Linksys LNE100TX(v5) Fast Ethernet Adapter -
P
ket Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None




****************************************************************************
***************
DNS is not working now
****************************************************************************
***************

C:\Documents and Settings\Dale McGary>ping verizon.net
Ping request could not find host verizon.net. Please check the name and try
agai
n.

C:\Documents and Settings\Dale McGary>ping verizon.net
Ping request could not find host verizon.net. Please check the name and try
agai
n.

C:\Documents and Settings\Dale McGary>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dalepc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast
Ethernet A
dapter
Physical Address. . . . . . . . . : 00-04-5A-8F-41-32
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : Wednesday, November 19, 2003
11:55:0
4 AM
Lease Expires . . . . . . . . . . : Wednesday, November 26, 2003
11:55:0
4 AM

C:\Documents and Settings\Dale McGary>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 5a 8f 41 32 ...... Linksys LNE100TX(v5) Fast Ethernet Adapter -
Pac
ket Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

C:\Documents and Settings\Dale McGary>ping verizon.net
Ping request could not find host verizon.net. Please check the name and try
agai
n.

C:\Documents and Settings\Dale McGary>arp -a

Interface: 192.168.0.101 --- 0x2
Internet Address Physical Address Type
192.168.0.1 00-80-c8-1d-04-57 dynamic

C:\Documents and Settings\Dale McGary>nslookup verizon.net
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1

Name: verizon.net
Address: 206.46.189.10


C:\Documents and Settings\Dale McGary>ping verizon.net
Ping request could not find host verizon.net. Please check the name and try
agai
n.

C:\Documents and Settings\Dale McGary>ipconfig /displaydns

Windows IP Configuration

1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 568638
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 568638
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1



C:\Documents and Settings\Dale McGary>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Dale McGary>ping verizon.net
Ping request could not find host verizon.net. Please check the name and try
agai
n.


****************************************************************************
***************
Stopping and restarting the DNSCACHE service makes it work again
****************************************************************************
***************

C:\Documents and Settings\Dale McGary>net start dnscache
The DNS Client service is starting.
The DNS Client service was started successfully.


C:\Documents and Settings\Dale McGary>ping verizon.net

Pinging verizon.net [206.46.189.10] with 32 bytes of data:

Reply from 206.46.189.10: bytes=32 time=66ms TTL=235
Reply from 206.46.189.10: bytes=32 time=66ms TTL=235
Reply from 206.46.189.10: bytes=32 time=66ms TTL=235
Reply from 206.46.189.10: bytes=32 time=66ms TTL=235

Ping statistics for 206.46.189.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 66ms, Average = 66ms

C:\Documents and Settings\Dale McGary>

[...]

find the DNS servers. The router acts as a DHCP server so I have my [...]
works fine when I first boot the PC. If I leave the PC sit idle for
a few hours the DNS cache service just stops working. Nslookups
fail and I used a network sniffer to verify that the PC never even
sends a DNS query. It just fails without even trying. The hardware

Well firstly nslookup.exe does not use the system DNS lookup facilities, it
creates DNS query packets itself and sends them direct to the DNS Server is
is using. It does not use the machine DNS Resolver (DNS Cache). (Well this
is how it is on all other platforms--I'm not 100% sure on XP). Does
nslookup output any error messages? What DNS Server (address) does it say
it is using when it starts? If it does not say the router's address when
happens if you do "server ROUTER_IP_ADDR" at its prompt before doing the
query.

Are there any relevant Event Log entries. When my ISPs DNS Servers were in
a dodgy state recently I had Event Log messages saying "The DNS Client
service could not contact any DNS servers for a repeated number of attempts.
For the next 30 seconds the DNS Client service will not use the network
...".

Also can you show us "ipconfig /all" and "route print" after boot (when
things are working) and also after the idle period (when things are not
working).

 

[Alan J. McFarlane]

Thanks for the response. You are absolutely correct about nslookup.
I didn't look closely enough at the output.

(I think it would be useful for there to be a way to query the dnscache
using nslookup. Or a separate command provided to do that. "ipconfig
/displaydns" isn't what I desire sometimes...)

At the time when DNS is working, does nslookup print the same initial
warning message ("...Can't find server name for address...")?

Pings from the command prompt by name, and all lookups from IE fail
when it gets in this mode, but nslookups succeed. Pinging via
address instead of name also works. Stopping and starting the

Hmm. Well that all supports the thesis that the Dnscache service is not
behaving as expected then. The DNS Server (on the router) is working at
that time, but system DNS resolving is not... :-(

dnscache makes it all start working again. There are no DNS errors
in the event logs.

Hmm, that's unfortunate. I'd hoped that's there'd be a log message noting
something had occured to stop the service working temporarily. So it does
seem like the dnscache service is bust.

Below are copies of two command prompts containing the data you
requested. One session when working, and one when not working.

Yup thanks, nothing illuminating there.

Any Ideas would be appreciated.

Any software firewalls installed etc? Such products are notorious for
breaking networking in Windows. Perhaps initially the dnscache is using one
port to send queries from, and the firewall allows it to. After the idle
period the port has been dropped and thus a new port is opened but the
firewall blocks it...

You could try setting the interface's IP parameters manually; just to see if
there's a difference. Or perhaps just the interface's DNS parameter, and
could even try adding the single server you have as both primary and
secondary (not to be recommended for real use!).

Or, it /might/ be a dns 'killer packet'. You could try sniffing the traffic
to your machine and see if before the dnscache stops working a particular
(badly constructed) packet is received...

Or, Phone Microsoft. (I can't find anything relevant in the KB.)

A workaround would be to leave the dnscache service stopped. Your ISP's DNS
server will be caching things so there won't be a large latency added.
http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp

[...]

C:\Documents and Settings\Dale McGary>net start dnscache
The DNS Client service is starting.
The DNS Client service was started successfully.

I take it there was a "net stop dnscache" immediately prior to this.
Otherwise it would seem that the dnscache service had aborted.

 

[Dale McGary]

Yes nslookup prints the same error message about the server name when DNS is
working.

I do have zone alarm installed, I could try disabling that.

I did find a workaround by manually configuring the DNS servers the router
normally finds into my windows configuration instead of letting windows
detect the settings automatically.

I did sniff the traffic using ethereal. There was nothing unusual in the
trace during the idle time. After the idle period, when I would try to
ping verizon.net, the only packets in the trace were the ARP request and
response. No NDS request.

You are correct I did stop and start the dnscache service, I must have
missed copying the stop command to the email.

I went and looked at the microsoft site, it looked like the only support
options they had they were charging for. I couldn't find a place to report
a bug. I will look again.

Thanks for your time.

Dale McGary

Thanks for the response. You are absolutely correct about nslookup.
I didn't look closely enough at the output.

(I think it would be useful for there to be a way to query the dnscache
using nslookup. Or a separate command provided to do that. "ipconfig
/displaydns" isn't what I desire sometimes...)

At the time when DNS is working, does nslookup print the same initial
warning message ("...Can't find server name for address...")?

Pings from the command prompt by name, and all lookups from IE fail
when it gets in this mode, but nslookups succeed. Pinging via
address instead of name also works. Stopping and starting the

Hmm. Well that all supports the thesis that the Dnscache service is not
behaving as expected then. The DNS Server (on the router) is working at
that time, but system DNS resolving is not... :-(

dnscache makes it all start working again. There are no DNS errors
in the event logs.

Hmm, that's unfortunate. I'd hoped that's there'd be a log message noting
something had occured to stop the service working temporarily. So it does
seem like the dnscache service is bust.

Below are copies of two command prompts containing the data you
requested. One session when working, and one when not working.

Yup thanks, nothing illuminating there.

Any Ideas would be appreciated.

Any software firewalls installed etc? Such products are notorious for
breaking networking in Windows. Perhaps initially the dnscache is using one
port to send queries from, and the firewall allows it to. After the idle
period the port has been dropped and thus a new port is opened but the
firewall blocks it...

You could try setting the interface's IP parameters manually; just to see if
there's a difference. Or perhaps just the interface's DNS parameter, and
could even try adding the single server you have as both primary and
secondary (not to be recommended for real use!).

Or, it /might/ be a dns 'killer packet'. You could try sniffing the traffic
to your machine and see if before the dnscache stops working a particular
(badly constructed) packet is received...

Or, Phone Microsoft. (I can't find anything relevant in the KB.)

A workaround would be to leave the dnscache service stopped. Your ISP's DNS
server will be caching things so there won't be a large latency added.
http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp

[...]
C:\Documents and Settings\Dale McGary>net start dnscache
The DNS Client service is starting.
The DNS Client service was started successfully.

I take it there was a "net stop dnscache" immediately prior to this.
Otherwise it would seem that the dnscache service had aborted.

 

[Dale McGary]

It was the software firewall. When I turned it off the problem went away.
Thanks again for the help!

Dale McGary

Yes nslookup prints the same error message about the server name when DNS is
working.

I do have zone alarm installed, I could try disabling that.

I did find a workaround by manually configuring the DNS servers the router
normally finds into my windows configuration instead of letting windows
detect the settings automatically.

I did sniff the traffic using ethereal. There was nothing unusual in the
trace during the idle time. After the idle period, when I would try to
ping verizon.net, the only packets in the trace were the ARP request and
response. No NDS request.

You are correct I did stop and start the dnscache service, I must have
missed copying the stop command to the email.

I went and looked at the microsoft site, it looked like the only support
options they had they were charging for. I couldn't find a place to report
a bug. I will look again.

Thanks for your time.

Dale McGary

(I think it would be useful for there to be a way to query the dnscache
using nslookup. Or a separate command provided to do that. "ipconfig
/displaydns" isn't what I desire sometimes...)

At the time when DNS is working, does nslookup print the same initial
warning message ("...Can't find server name for address...")?


Hmm. Well that all supports the thesis that the Dnscache service is not
behaving as expected then. The DNS Server (on the router) is working at
that time, but system DNS resolving is not... :-(

Hmm, that's unfortunate. I'd hoped that's there'd be a log message noting
something had occured to stop the service working temporarily. So it does
seem like the dnscache service is bust.

Yup thanks, nothing illuminating there.

Any software firewalls installed etc? Such products are notorious for
breaking networking in Windows. Perhaps initially the dnscache is using one
port to send queries from, and the firewall allows it to. After the idle
period the port has been dropped and thus a new port is opened but the
firewall blocks it...

You could try setting the interface's IP parameters manually; just to

see

if
there's a difference. Or perhaps just the interface's DNS parameter, and
could even try adding the single server you have as both primary and
secondary (not to be recommended for real use!).

Or, it /might/ be a dns 'killer packet'. You could try sniffing the traffic
to your machine and see if before the dnscache stops working a particular
(badly constructed) packet is received...

Or, Phone Microsoft. (I can't find anything relevant in the KB.)

A workaround would be to leave the dnscache service stopped. Your ISP's DNS
server will be caching things so there won't be a large latency added.

http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp

[...]
C:\Documents and Settings\Dale McGary>net start dnscache
The DNS Client service is starting.
The DNS Client service was started successfully.

I take it there was a "net stop dnscache" immediately prior to this.
Otherwise it would seem that the dnscache service had aborted.

 

[Alan J. McFarlane]

It was the software firewall. When I turned it off the problem went
away. Thanks again for the help!

Aren't all networking problems these days caused by these products! Most it
seems, anyway. :-(