• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

An ISP mystery

bruto

Penultimate Amazing
bruto
Joined
Jun 7, 2005
Messages
39,298
Location
Way way north of Diddy Wah Diddy
I might as well take a chance that someone here knows something about this problem, which has both me and the local tech guy at my ISP baffled. Here it is:

At random, intermittent intervals, I cannot get a DNS lookup. At the best of times, I get quick, but not instantaneous lookups, and it occasionally slows to 5 seconds or more, and occasionally times out for periods of up to 5 minutes. It does this regardless of the computer I'm using, the OS, the browser version, or (and this is the mystery) the DNS server. I can specify "server assigned" or the specific ones my ISP recommends, or completely different ones, such as those provided by name.space.com, and the results are the same.

Other things are not affected. Dowloads are fast, and a page that is bookmarked by number, rather than name, will come up instantly. I am on a DSL connection, but the problem is the same if I switch to dialup. When I take my portable computer traveling, I use a roaming dialup service, and lookups are always instantaneous even when the connection is slow.

If anyone here has direct experience with a problem like this and can point the direction to look for the problem, I'd sure like to know, and so would the ISP.
 
What OS/browser/ISP are you you using? Have you tried another browser?

Also, what kind of environment do you use to connect to the Internet? Do you have a router/modem/switch/hub etc? If so, what models?

Do you have any bogus data in your hosts file (%system32%\drivers\etc\)?

Make sure you don't have any DNS spoofing viruses (do you have a current scanner?).

You might see if there is an updated driver for your network card, or try another NIC if you have one laying around and are comfortable putting it in.
 
Has your ISP guy ruled out an ARP storm? E.g. if someone tries to start a box with the same IP as the DNS server, dns lookups slow to a crawl while things are sorted out.

Can you get a response from nslookup while the problem happens?
 
Thanks for the responses. I think the ISP guy has checked for attacks on the DNS server, and found nothing.

This problem has us stumped, because it occurs the same with different browsers (Mozilla, Netscape and IE of various types), different OS's (Win 98 and XP), different computers, on dialup or DSL, with or without firewall, all machines checked for viruses, and it occurs even when I manually change the DNS server addresses to direct to servers that are not connected with my ISP. I have a "dumb" network hub, but bypassing this doesn't do anything. Since the problem occurs with two different computers, I think the network card can be ruled out. Add to this that one of the computers, a laptop, gets instantaneous and consistent lookups when I use dialup in other places. It seems that somewhere in the network, the process that sends out DNS requests is being interrupted or slowed down, regardless of where the requests are directed.

I haven't tried nslookup, but I'll try it later.
 
I don't know if it's exactly the same, but I've been having problems with my internet connection going down and then taking several minutes to reconnect. This has happened with two different computers and two different cable modems, starting about two months ago. I also had to totally reinstall my XP operating system in that time.

All I can think of is it might be a problem with the cable itself.
 
I hesitate to ask this, since I work for a big (and I mean big) ISP and will probably regret the answer ifit turns out to be us, but... what ISP are you using, and what is your connection speed?
 
Do other users in your area have the same problem (and have they noticed it ?) Could be a DSLAM issue.
 
Could be a wiring issue...any chance you have little furry rodents eating holes in your wires and tripping over them? Or it could be an issue with your residence's connection to the telephone wires (I forget what the unit is called). Or a bad patch cable?
 
bruto said:
Other things are not affected. Dowloads are fast, and a page that is bookmarked by number, rather than name, will come up instantly. I am on a DSL connection, but the problem is the same if I switch to dialup. When I take my portable computer traveling, I use a roaming dialup service, and lookups are always instantaneous even when the connection is slow.
Click to expand...

DNS uses port 53.

If it's DNS, and only DNS that's giving you headaches then my guess is incoming traffic problems.

Someone, somewhere out in Internet Land has your IP number set as a DNS server. You'r enot a DNS server, but maybe you're getting a lot of incoming port 53 traffic.

Set up a local firewall that has logging. Zone alarm will work (and it's free); see if it logs anything coming in on port 53.

Since most firewalls allow port 53 (it being DNS and all) the with/without firewall aspect would still apply. Downloads are done on a different port. Setting up an IP number in your browser bypasses the DNS query.

It's worth a look.

ETA: If it's happening on dial-up as well, is the dial-up from the same company as the DSL line?
 
Re: Re: An ISP mystery

ShowMe said:
DNS uses port 53.

If it's DNS, and only DNS that's giving you headaches then my guess is incoming traffic problems.

Someone, somewhere out in Internet Land has your IP number set as a DNS server. You'r enot a DNS server, but maybe you're getting a lot of incoming port 53 traffic.

Set up a local firewall that has logging. Zone alarm will work (and it's free); see if it logs anything coming in on port 53.

Since most firewalls allow port 53 (it being DNS and all) the with/without firewall aspect would still apply. Downloads are done on a different port. Setting up an IP number in your browser bypasses the DNS query.

It's worth a look.

ETA: If it's happening on dial-up as well, is the dial-up from the same company as the DSL line?
Click to expand...

Dialup and DSL are on the same line/ISP. I'll definitely try to have a look at port 53. Apparently this is not happening to other people, or at least not enough to generate complaints. It's been very hard to track this down because it comes and goes so randomly. But it's definitely just DNS. Everything else works well even when the DNS problem is active.

In answer to the question on wiring, I've got a direct line from the modem to the outside box, and after other problems with connection dropping before I got DSL, the phone company, which is also my ISP, replaced the entire overhead line. I get good, reliable dialup connections as well as DSL.

My ISP, by the way, is Shoreham.net, run by the Shoreham Telephone Company in Vermont. They're really nice and cooperative, a mom-and-pop kind of company, but this one has everyone stumped.

Of course this whole thing could be something spiritual, right? Maybe I need to wash my computer in some kind of mystical water, or write on it with green markers. There's a program that inserts a small mantra on your hard drive to turn it into a buddhist prayer wheel, but it hasn't helped!
 
Are your lookup failures a predictable set of domains or are they completely random domains? Does it happen at random times or more during certain hours?

Do any domains always fail to lookup?

Also, did this just start happening out of the blue or has it always been like this?
 
Phillybee said:
Are your lookup failures a predictable set of domains or are they completely random domains? Does it happen at random times or more during certain hours?

Do any domains always fail to lookup?

Also, did this just start happening out of the blue or has it always been like this?
Click to expand...

Random times and durations, and when it happens, all domains. It never seems to last more than about 5 minutes at a time, but can recur as soon as a few minutes later, or not at all for a day. It seems to occur more frequently during "prime time" hours, late nights, but it isn't consistent enough to get a pattern. It has occurred before, but comes and goes, and recently has become more frequent. At one point a year or so ago, it got very bad, and the ISP did some kind of workaround of a server they said was being clobbered by a virus or other repetitive attack, but this time it apparently is not the same problem, though it appears the same at my end. I've set Norton Internet Protection to monitor port 53, and we'll see what happens.
 
I just looked up your ISP's DNS servers (AUTH1.AMERICA.NET, AUTH2.AMERICA.NET), and they are in Atlanta, about 7 miles from me, hosted by Zcorum, Inc. This may be why you get slow response times.

See if you can find a public DNS closer to you, perhaps one at UVM, and see if your lookups speed up.

I did a tracert from my ISP (Bellsouth) to these DNS servers and it took >25 hops.
 
You're doing better than we are at home right now.

Seems when it gets above about 75 or 80 F outside, our connectivity to the outside world just goes away. I can get around inside the house and we verified that we can talk between neighbors on the local net, but connections outside just do not work.

The cable company says, of course, "oh, your computer must be broken". Yes, right. Four different computers running 3 different operating systems are all breaking at the same time, and restoring function at the same time. Sure, uh huh, really.

But no, they won't even file a service request, the people on the other end of the phone insist (i think they always do) that it's your computer.
 
But no, they won't even file a service request
Click to expand...

I hope your ISP has a cable or DSL competitor...that's just a crappy response.

If you haven't already, you should tell him that the local net works, thank the tech for his time, and ask for the problem to be escalated. If they won't do this, ask for a supervisor.

If you've done all this already with no service, start shopping and can 'em.
 
I think my ISP switched us over to more local servers a couple of years ago, but I'll see if I can find something more local and try it. My firewall logs aren't showing any activity on port 53, and nothing much else of note either, but I'm getting better input here than I have anywhere else.

JJ, I certainly am in a better situation than you. A couple of years ago, when I was having trouble with dropped connections on dialup, I had some trouble convincing the tech guy at the ISP that it wasn't my fault, but when I went through all the hoops he suggested without any success, he came out to my house with his laptop and plugged it into the outside box. It dropped his connection something like 3 times in five minutes. The next day a big truck rolled up and I got a new overhead wire! The problem this time is not a lack of responsiveness, it's just that it's baffling.
 
bruto said:
My firewall logs aren't showing any activity on port 53, and nothing much else of note either
Click to expand...


I hate to let go of a pet theory.

Try this: When you connect via DSL, check what you IP number is. Can be done via ipconfig, or by going to http://www.whatismyip.com

Do the same on dial-up

Are the two IP numbers the same?

If so, then your ISP is assigning you an IP address based on your user account. If that's hte case maybe you could ask them to assign you a different IP; if it is an incoming DNS problem that should fix it.

Your firewall may not show approved incoming connections in its logs. If you're technically hand a program like ethereal can be a huge help in these situation.
 
ShowMe said:
I hate to let go of a pet theory.

Try this: When you connect via DSL, check what you IP number is. Can be done via ipconfig, or by going to http://www.whatismyip.com

Do the same on dial-up

Are the two IP numbers the same?

If so, then your ISP is assigning you an IP address based on your user account. If that's hte case maybe you could ask them to assign you a different IP; if it is an incoming DNS problem that should fix it.

Your firewall may not show approved incoming connections in its logs. If you're technically hand a program like ethereal can be a huge help in these situation.
Click to expand...

Well, I guess here of all places pet theories are fair game. I just checked, and my IP with both dialup and DSL is dynamic. It changes every time I connect. So far, it really looks as if the problem is with the ISP. Something must be messing up DNS requests. I guess I'll just have to see if they come up with anything.

I tried punching in the DNS numbers from UVM, and they were dead slow. Right now, I'm using Stanford University, and for some reason it seems a little better, but of course I never know from one minute to the next. It would be interesting if that solved the problem, but I'm not too hopeful.

I'll probably call Shoreham.net tomorrow and see if they have any more ideas. Maybe see if I can bring my laptop over there (the office is just down the road), or to a friend in a neighboring town, and see how it behaves at a different location.

Despite their cooperative attitude, I'd try a new ISP, but they're the only ones who provide DSL to my location out here in the boonies. We don't have cable here at all.

edit... cross off another: Stanford worked fine for a few minutes and then just timed out for the usual 5 or so. One interesting thing is that the duration never seems to go beyond about 5 minutes, as if whatever is attacking the system is itself timing out after a certain interval.
 
The plot thickens. I grabbed my laptop and headed for the house of a friend who uses the same ISP. I didn't bother to hook it up, though, because he said "oh yeah, this happens all the time." So I headed down the road to the ISP/Telco office, where the tech guy had already left for the day, but the people at the desk were having trouble getting on their own email server. I'm supposedly going to get a call tomorrow morning to see what we can do next.

Anyway, it's pretty obviously not anything with my computer or my connection, so I guess I'll just have to hope that someone between Shoreham, VT and Georgia knows what's going on.

If anything does ever get resolved, I'll be sure to post an update.

Cheers...
 
You must log in or register to reply here.

Back
Top Bottom