DNS problem -- ISP or My System?

Posted on 2003-02-28
Medium Priority
Last Modified: 2010-04-11
20 points here, 300 points at


Please see the post referenced for original post and other posted referenced within it. Summarizing all the posts, I am trying to determine:
(1) WHERE the problem lies
(2) actions required to resolve it

New Problem Description: Originally I believed that domain name to IP address translation problems 30-35% of the time was limited to only secure (https) sites. This is because ONLY https sites were NOT Proxy -- thus, I experienced the problem only for them. However, if I turn off PROXY entirely even for http sites, they (no specific one) will fail about the same 30% of the time.

Failures occur with or wwithout the ATGUARD firewall. However, using ATGUARD, I could capture the traffic types OUTBOUND and INBOUND. When things are successful, UDP "domain" go out to one or more of my DNSs, a UDP returns (most likely with the IP address), then a TCP "http" or "https" goes out and establiches the TCP session. When it fails, I see ONLY the UDPs out and one UDP in. I am unable to look at the packet returning to see its reponse (wish I could), but NO TCP goes out to establish the session and I receive either"Cannot Find Server" with "This Pagee Cannot Be Displayed" if application is IE 6.0 SP1 OR "UNKNOWN HOST" is the application is ping.

I contend that the problem lies with the ISP (DirecWay satellite 2-way system) and it seems that the translation cannot be done within some time period. I have no clue what the process is, thus, I am seeking help on:
-- what the flow is
-- is there some time limit, and if so, where is the time limit that is killing the lookup
-- other potential reasons why the lookup does not work consistently (it can fail seconds after resolving it the time before, or vice versa)

Additional background: have already reinstalled Win98 SE on top of previous copy, have already reinstalled IE 6.0 SP1 and all security patches, have already properly uninstalled DUN and reinstalled to correct any protocol modules.

My bypass is to now use a HOSTS file to get to the sites that are critical to me. Thus, the problem is no longer high priority.

Sounds like a lot for 20 points, but there is another 300 at previous reference too, leaving me a dime for a phone call -- oops that went up didn't it?
Question by:tpanc13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 8046027
I am not sure what else I could add to this, except that one of my clients HAD Directway.  The problem however was setting up a vpn not dns. The vpn did work with directway, they switched for other reasons.

Anyways, it looks like you get ping/replies and https intermittently using the fqdn, and a hosts file always works.  Logic says thats dns.  You also mentioned trying someone elses dns and that didnt work either.  I may have a couple of ideas.  As a test, how about setting up a caching only dns server, and use forwarding first to directway's dns and then try these dns servers.  You could also max the TTL.

Im not familiar with atguard, you cant by chance configure that to dial a modem like MS Proxy Server?  Or could you set up another pc as a router/ICS on the outside of atguard to connect using a dial up account.  What Im getting at is to eliminate directway by dialing a modem to connect, but keep the rest of the network (using atguard)the same.  This should prove where the problem is.  You would have to get a temporary dial up modem account.

Hope that helps

Author Comment

ID: 8048048
I have never played with a server, only host here, so guide me a little. I assume I should set up my machine as a server, configuring ICS? And when configuring it (windows 98) I would have options to define how it should be used for DNS and method of resolution (forwarding first), plus option to set TTL?

Mr. Cheapo threw out the 2nd phone line and ISP, so, yes I would have to get ISP account again. However, I did do testing of this problem when I had a dialup account, and no problems. Don't know if this eliminates my system as the cause, or just different code and paths taken for dialup vs. satellite.

I'll look into how to do the server things you suggested. Thanks.

Accepted Solution

Beerman earned 60 total points
ID: 8048541
I think it would be different code/paths for dialup vs satellite.  If a second ISP is valid as a temporary solution (1 month is about $20US), here is what I would do to verify where the problem is.  Skip the DNS cache and isolate the problem with the ISP
Setup a pc with win98se, or ideally win2k/winxp.  This can be any pc that can handle the above OS, it will also need a modem and nic.  Sign up for another dialup ISP.  If you no anyone that has dialup, make sure they can hit those websites listed, and then sign up for there isp. Otherwise, use a reliable one for your area.
Setup the isp thru DUN, first, try it without the network cable plugged in.  If everything works, set up internet connection sharing on the pc and plug a network cable into the pc and into your firewall wan port, and yes the directway will be unavailable during your test.  Configure the network settings of the firewall wan port as you would another pc using an ics connection.  Connect to the internet using the ics pc, and maintain the connection.  Then go to a pc on the lan side of your firewall, and browse the internet.  In this scenario, directway is not used, your firewall and all settings are the same (except for the wan ip and gateway which wont matter).  The firewall and all the rules, mtu/packets, dns, are all exactly the same  If the problem goes away, it is directway, if the problem stays, I would try the dns servers mentioned in my previous post on all computers and the firewall(if available).  If the problem now goes away, the problem would be a combination of directway and the directway dns.  If the problem stays, it is somewhere on your lan.  Then we would start looking at your firewall and/or your dns.  Good luck, and let me know whats going on/ and if there are any more questions.
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.


Expert Comment

ID: 8048549
BTW, if you need help with ics, try this site.


Thanks to wyliecoyoteuk for that link from a different post

Expert Comment

ID: 9153331
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Author Comment

ID: 9156507
Thanks for the help. The problem was indeed Direcway's servers and PROXY machine. Problems still exist there, but adding a non-Direcway proxy helped get around my critical site problems.

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question