1

In recent weeks a weird problem has started in my office. The internet seems to stop working, but it has not failed, it's just DNS problems.

Setup:

ADSL2+ AnnexM connection via a Draytek Vigor 2820 router. Windows server domain running Server 2008 R2. A DNS server is set up on the server, and DNS forwarders set to the values sent to the router (141.1.1.1 and 195.27.1.1 - Thus/CW/Vodafone). I've also added Google's public DNS as backup (8.8.8.8 and 8.8.4.4).

Symptoms

Most of the day the network works fine and web browsing works.

At various points of the day, DNS seems to stop working for external hosts so web browsing stops. There does not seem to be an obvious trigger, although it almost always fails about 4pm local time.

The ADSL line is still working (I run BBC radio 2 streaming over it and this does not stop), and the VPN links to the other office are also working. I can ping external IP addresses - so the problem definitely seems to be with DNS.

What I've Tried

I've tried diagnose the cause usingnslookup: it resolves only internal hosts, anything external times out. I tried setting the server to the CW and the Google ones directly, but this also times out:

> server 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [8.8.8.8]
Address:  8.8.8.8
>

The only solution appears to be to reboot the router. After this everything works again for a while.

I did suspect the problem was with the router but we've not made any configuration changes. So do the assembled experts think this is a router issue or is the ISP?

Quango
  • 229
  • 1
  • 4
  • 17
  • When the problem occurs what happens if you set DNS locally on your machine to one/all of the external DNS IP's above and re-test does it work this way? – CharlesH Dec 22 '14 at 13:14
  • Do you have the latest firmware on the device? – Christopher Perrin Dec 22 '14 at 13:48
  • @CharlesH I tested setting DNS locally, but it cannot 'see' the DNS server (or the traffic is blocked/lost) so has no effect. – Quango Dec 22 '14 at 13:58
  • @ChristopherPerrin Hi, yes we updated with latest firmware as a precaution, no change. Thx – Quango Dec 22 '14 at 13:59
  • @Quango it does sound like your router is blocking DNS traffic. Are you able to run telnet 8.8.8.8 53 from your command prompt on that machine? Does it connect ok? – CharlesH Dec 22 '14 at 14:01
  • Thx @CharlesH, I'll try that as well next time it goes off. It's working at present. – Quango Dec 22 '14 at 14:02
  • No worries let us know what happens and we can go from there... – CharlesH Dec 22 '14 at 14:04
  • Trying telnet to 8.8.8.8 53 i get blank screen and pressing a key exits. This is the same whether connected or not. If I telnet to 141.1.1.1 53 it stays connected. Sounds like Thus is blocking DNS traffic that goes outside its network? – Quango Dec 22 '14 at 15:28
  • That's a definite issue with the router, possibly it has issues with the NAT tables being overfilled for UDP, can you run `dig @8.8.8.8.8 +tcp some.random.domain` the next time you have the issue? – NickW Jan 14 '15 at 12:57

2 Answers2

1

I've had the exact same problem for almost a week. Had to re-dial / reboot the server so many times manually. I just found a possible solution and it has worked fine for past hour.

Log into the router as admin, Firewall >> DoS defense Setup, Unticked "Enable UDP flood defense".

Toni
  • 11
  • 1
1

I've had a similar problem...

BT's my ISP, my router is a Draytek 2820 and is TX and RX packets, I can access google.co.uk and search on wired and wifi connected devices, on none can I access any other websites. Issue across whole network, happens around 11am each morning for the last week. It's killing VOIP, gmail etc, everything bar google. I can successfully ping from my router, as mentioned above; it is still connected!

My guess is DNS...if it happens again then I'll do some more prodding, but for now I hadn't realised that there are DNS setting fields for LAN and WAN. I'm not sure if it's solved it yet, but I've now changed to Google's DNS in both DNS settings for WAN and LAN...previously I only had populated WAN.

WAN: WAN > Internet Access > WAN2 > Static or Dynamic IP

LAN: LAN > General Setup

A colleague just mentioned that Draytek are no longer supporting 2820's. He's had a stack of DNS problems with them, and suggests that they're getting progressively worse. Nice.

Ok, I wrote the above on Friday. It's dropped again this morning (Monday), I've done some further research, here's another promising solution:

See the posts from Jan 2015 here: http://community.spiceworks.com/topic/393025-dns-drops-roughly-once-a-week

and then see the bandwidth/packets per second table here: http://www.draytek.com/index.php?option=com_k2&view=item&id=5315&Itemid=293&lang=en)

Change the threshold config (Firewall > DoS Defense) for "Enable UDP flood defence" to whatever suits your bandwidth, I've gone with 2000/sec.

Having read this it's absolutely my problem. Hopefully it sorts it.

Mike
  • 11
  • 1