I am having a problem with the windows XP (home edition) "Client DNS
service". I have a DI-0604 router between my PC and my DSL modem. The
router uses dynamic PPPOE to log me in, get an IP address, and find the DNS
servers. The router acts as a DHCP server so I have my PC set up to
automatically get an IP address from the router, and to automatically detect
the DNS servers. With this setup the PC's IP configuration lists one
address for DNS servers. (The router). This works fine when I first boot
the PC. If I leave the PC sit idle for a few hours the DNS cache service
just stops working. Nslookups fail and I used a network sniffer to verify
that the PC never even sends a DNS query. It just fails without even
trying. The hardware is all still working fine because I can ping internet
addresses if I use the address. Flushing the DNSCACHE does not cure the
problem. If I stop and restart the dnscache service everything works again.

I have found I can work around this by manually entering the ISP's DNS
servers into the PC's DNS configuration. In this case there are two DNS
servers in the configuration. In this configuration the problem goes away.

Is this a bug in the DNSCACHE service? Does it have a problem with just one
address? I would like to use the automatic setup in case the ISP ever
changes the DNS servers however I can't get it to work.

Does anyone know how to cure this?

Thanks
Dale

Since there were no responses can I assume no one else has this problem? Is
anyone using this same configuration without any problems? (Automatically
detect DNS servers, and router as only DNS server)?

Thanks
Dale McGary


"Dale McGary" > wrote in message
...
> I am having a problem with the windows XP (home edition) "Client DNS
> service". I have a DI-0604 router between my PC and my DSL modem. The
> router uses dynamic PPPOE to log me in, get an IP address, and find the
DNS
> servers. The router acts as a DHCP server so I have my PC set up to
> automatically get an IP address from the router, and to automatically
detect
> the DNS servers. With this setup the PC's IP configuration lists one
> address for DNS servers. (The router). This works fine when I first boot
> the PC. If I leave the PC sit idle for a few hours the DNS cache service
> just stops working. Nslookups fail and I used a network sniffer to verify
> that the PC never even sends a DNS query. It just fails without even
> trying. The hardware is all still working fine because I can ping
internet
> addresses if I use the address. Flushing the DNSCACHE does not cure the
> problem. If I stop and restart the dnscache service everything works
again.
>
> I have found I can work around this by manually entering the ISP's DNS
> servers into the PC's DNS configuration. In this case there are two DNS
> servers in the configuration. In this configuration the problem goes
away.
>
> Is this a bug in the DNSCACHE service? Does it have a problem with just
one
> address? I would like to use the automatic setup in case the ISP ever
> changes the DNS servers however I can't get it to work.
>
> Does anyone know how to cure this?
>
> Thanks
> Dale
>
>

Dale McGary > wrote:
> "Dale McGary" > wrote in message
> ...

[...]
>> find the DNS servers. The router acts as a DHCP server so I have my
[...]
>> works fine when I first boot the PC. If I leave the PC sit idle for
>> a few hours the DNS cache service just stops working. Nslookups
>> fail and I used a network sniffer to verify that the PC never even
>> sends a DNS query. It just fails without even trying. The hardware

Well firstly nslookup.exe does not use the system DNS lookup facilities, it
creates DNS query packets itself and sends them direct to the DNS Server is
is using. It does not use the machine DNS Resolver (DNS Cache). (Well this
is how it is on all other platforms--I'm not 100% sure on XP). Does
nslookup output any error messages? What DNS Server (address) does it say
it is using when it starts? If it does not say the router's address when
happens if you do "server ROUTER_IP_ADDR" at its prompt before doing the
query.


>> is all still working fine because I can ping internet addresses if I
>> use the address. Flushing the DNSCACHE does not cure the problem.
>> If I stop and restart the dnscache service everything works again.
>>
Are there any relevant Event Log entries. When my ISPs DNS Servers were in
a dodgy state recently I had Event Log messages saying "The DNS Client
service could not contact any DNS servers for a repeated number of attempts.
For the next 30 seconds the DNS Client service will not use the network
....".

Also can you show us "ipconfig /all" and "route print" after boot (when
things are working) and also after the idle period (when things are not
working).
--
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.

Dale McGary > wrote:
> Thanks for the response. You are absolutely correct about nslookup.
> I didn't look closely enough at the output.

(I think it would be useful for there to be a way to query the dnscache
using nslookup. Or a separate command provided to do that. "ipconfig
/displaydns" isn't what I desire sometimes...)

At the time when DNS is working, does nslookup print the same initial
warning message ("...Can't find server name for address...")?

> Pings from the command prompt by name, and all lookups from IE fail
> when it gets in this mode, but nslookups succeed. Pinging via
> address instead of name also works. Stopping and starting the

Hmm. Well that all supports the thesis that the Dnscache service is not
behaving as expected then. The DNS Server (on the router) is working at
that time, but system DNS resolving is not... :-(

> dnscache makes it all start working again. There are no DNS errors
> in the event logs.
>
Hmm, that's unfortunate. I'd hoped that's there'd be a log message noting
something had occured to stop the service working temporarily. So it does
seem like the dnscache service is bust.

> Below are copies of two command prompts containing the data you
> requested. One session when working, and one when not working.
>
Yup thanks, nothing illuminating there.

> Any Ideas would be appreciated.
>
Any software firewalls installed etc? Such products are notorious for
breaking networking in Windows. Perhaps initially the dnscache is using one
port to send queries from, and the firewall allows it to. After the idle
period the port has been dropped and thus a new port is opened but the
firewall blocks it...

You could try setting the interface's IP parameters manually; just to see if
there's a difference. Or perhaps just the interface's DNS parameter, and
could even try adding the single server you have as both primary and
secondary (not to be recommended for real use!).

Or, it /might/ be a dns 'killer packet'. You could try sniffing the traffic
to your machine and see if before the dnscache stops working a particular
(badly constructed) packet is received...

Or, Phone Microsoft. (I can't find anything relevant in the KB.)

A workaround would be to leave the dnscache service stopped. Your ISP's DNS
server will be caching things so there won't be a large latency added.
http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp

[...]
> C:\Documents and Settings\Dale McGary>net start dnscache
> The DNS Client service is starting.
> The DNS Client service was started successfully.
>
I take it there was a "net stop dnscache" immediately prior to this.
Otherwise it would seem that the dnscache service had aborted.
--
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.

Yes nslookup prints the same error message about the server name when DNS is
working.

I do have zone alarm installed, I could try disabling that.

I did find a workaround by manually configuring the DNS servers the router
normally finds into my windows configuration instead of letting windows
detect the settings automatically.

I did sniff the traffic using ethereal. There was nothing unusual in the
trace during the idle time. After the idle period, when I would try to
ping verizon.net, the only packets in the trace were the ARP request and
response. No NDS request.

You are correct I did stop and start the dnscache service, I must have
missed copying the stop command to the email.

I went and looked at the microsoft site, it looked like the only support
options they had they were charging for. I couldn't find a place to report
a bug. I will look again.

Thanks for your time.

Dale McGary

"Alan J. McFarlane" > wrote in message
...
> Dale McGary > wrote:
> > Thanks for the response. You are absolutely correct about nslookup.
> > I didn't look closely enough at the output.
>
> (I think it would be useful for there to be a way to query the dnscache
> using nslookup. Or a separate command provided to do that. "ipconfig
> /displaydns" isn't what I desire sometimes...)
>
> At the time when DNS is working, does nslookup print the same initial
> warning message ("...Can't find server name for address...")?
>
> > Pings from the command prompt by name, and all lookups from IE fail
> > when it gets in this mode, but nslookups succeed. Pinging via
> > address instead of name also works. Stopping and starting the
>
> Hmm. Well that all supports the thesis that the Dnscache service is not
> behaving as expected then. The DNS Server (on the router) is working at
> that time, but system DNS resolving is not... :-(
>
> > dnscache makes it all start working again. There are no DNS errors
> > in the event logs.
> >
> Hmm, that's unfortunate. I'd hoped that's there'd be a log message noting
> something had occured to stop the service working temporarily. So it does
> seem like the dnscache service is bust.
>
> > Below are copies of two command prompts containing the data you
> > requested. One session when working, and one when not working.
> >
> Yup thanks, nothing illuminating there.
>
> > Any Ideas would be appreciated.
> >
> Any software firewalls installed etc? Such products are notorious for
> breaking networking in Windows. Perhaps initially the dnscache is using
one
> port to send queries from, and the firewall allows it to. After the idle
> period the port has been dropped and thus a new port is opened but the
> firewall blocks it...
>
> You could try setting the interface's IP parameters manually; just to see
if
> there's a difference. Or perhaps just the interface's DNS parameter, and
> could even try adding the single server you have as both primary and
> secondary (not to be recommended for real use!).
>
> Or, it /might/ be a dns 'killer packet'. You could try sniffing the
traffic
> to your machine and see if before the dnscache stops working a particular
> (badly constructed) packet is received...
>
> Or, Phone Microsoft. (I can't find anything relevant in the KB.)
>
> A workaround would be to leave the dnscache service stopped. Your ISP's
DNS
> server will be caching things so there won't be a large latency added.
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp
>
> [...]
> > C:\Documents and Settings\Dale McGary>net start dnscache
> > The DNS Client service is starting.
> > The DNS Client service was started successfully.
> >
> I take it there was a "net stop dnscache" immediately prior to this.
> Otherwise it would seem that the dnscache service had aborted.
> --
> Alan J. McFarlane
> http://homepage.ntlworld.com/alanjmcf/
> Please follow-up in the newsgroup for the benefit of all.
>
>
>
>
>

It was the software firewall. When I turned it off the problem went away.
Thanks again for the help!

Dale McGary

"Dale McGary" > wrote in message
...
>
> Yes nslookup prints the same error message about the server name when DNS
is
> working.
>
> I do have zone alarm installed, I could try disabling that.
>
> I did find a workaround by manually configuring the DNS servers the router
> normally finds into my windows configuration instead of letting windows
> detect the settings automatically.
>
> I did sniff the traffic using ethereal. There was nothing unusual in the
> trace during the idle time. After the idle period, when I would try to
> ping verizon.net, the only packets in the trace were the ARP request and
> response. No NDS request.
>
> You are correct I did stop and start the dnscache service, I must have
> missed copying the stop command to the email.
>
> I went and looked at the microsoft site, it looked like the only support
> options they had they were charging for. I couldn't find a place to
report
> a bug. I will look again.
>
> Thanks for your time.
>
> Dale McGary
>
> "Alan J. McFarlane" > wrote in message
> ...
> > Dale McGary > wrote:
> > > Thanks for the response. You are absolutely correct about nslookup.
> > > I didn't look closely enough at the output.
> >
> > (I think it would be useful for there to be a way to query the dnscache
> > using nslookup. Or a separate command provided to do that. "ipconfig
> > /displaydns" isn't what I desire sometimes...)
> >
> > At the time when DNS is working, does nslookup print the same initial
> > warning message ("...Can't find server name for address...")?
> >
> > > Pings from the command prompt by name, and all lookups from IE fail
> > > when it gets in this mode, but nslookups succeed. Pinging via
> > > address instead of name also works. Stopping and starting the
> >
> > Hmm. Well that all supports the thesis that the Dnscache service is not
> > behaving as expected then. The DNS Server (on the router) is working at
> > that time, but system DNS resolving is not... :-(
> >
> > > dnscache makes it all start working again. There are no DNS errors
> > > in the event logs.
> > >
> > Hmm, that's unfortunate. I'd hoped that's there'd be a log message
noting
> > something had occured to stop the service working temporarily. So it
does
> > seem like the dnscache service is bust.
> >
> > > Below are copies of two command prompts containing the data you
> > > requested. One session when working, and one when not working.
> > >
> > Yup thanks, nothing illuminating there.
> >
> > > Any Ideas would be appreciated.
> > >
> > Any software firewalls installed etc? Such products are notorious for
> > breaking networking in Windows. Perhaps initially the dnscache is using
> one
> > port to send queries from, and the firewall allows it to. After the
idle
> > period the port has been dropped and thus a new port is opened but the
> > firewall blocks it...
> >
> > You could try setting the interface's IP parameters manually; just to
see
> if
> > there's a difference. Or perhaps just the interface's DNS parameter,
and
> > could even try adding the single server you have as both primary and
> > secondary (not to be recommended for real use!).
> >
> > Or, it /might/ be a dns 'killer packet'. You could try sniffing the
> traffic
> > to your machine and see if before the dnscache stops working a
particular
> > (badly constructed) packet is received...
> >
> > Or, Phone Microsoft. (I can't find anything relevant in the KB.)
> >
> > A workaround would be to leave the dnscache service stopped. Your ISP's
> DNS
> > server will be caching things so there won't be a large latency added.
> >
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;318803&Product=winxp
> >
> > [...]
> > > C:\Documents and Settings\Dale McGary>net start dnscache
> > > The DNS Client service is starting.
> > > The DNS Client service was started successfully.
> > >
> > I take it there was a "net stop dnscache" immediately prior to this.
> > Otherwise it would seem that the dnscache service had aborted.
> > --
> > Alan J. McFarlane
> > http://homepage.ntlworld.com/alanjmcf/
> > Please follow-up in the newsgroup for the benefit of all.
> >
> >
> >
> >
> >
>
>

Dale McGary > wrote:
> It was the software firewall. When I turned it off the problem went
> away. Thanks again for the help!
>
Aren't all networking problems these days caused by these products! Most it
seems, anyway. :-(
--
Alan J. McFarlane
http://homepage.ntlworld.com/alanjmcf/
Please follow-up in the newsgroup for the benefit of all.