[SOLVED] DNS Server Not Responding 'Everyday'

Aug 21, 2019
11
0
10
Hi, I'm new here!

I wanna ask something about DNS-related issue.

So my daily scenario goes like this:

I go to work, and some PCs (~5-10) are always having issues with their DNS. They always have no internet connection. I fix it every morning by switching from static to DHCP and vice versa. Sometimes it takes a lot of time, sometimes it goes less than 1 minute. But eventually, it will be fixed. I'm really confused and frustrated as I can't seem to understand the problem and a permanent solution. I tried googling the fixes but every post gives the same solution.

Solutions I always do:

Switch Static IP to DHCP and vice versa
Changing the DNS Server Address to 8.8.8.8, 8.8.4.4, and if it doesn't work, I put our default gateway's address.
Running CMD on admin, typing 'netsh int ip reset', 'netsh winsock reset', 'ipconfig /flushdns'
And of course, restarting the PC itself.

Seeking for help, thank you!
 
Solution
You get piece-meal info from Internet, they are in the category of "try this, try that."

This is extremely simple dude, I dunno why anybody have problem with this. Follow this standard if you will:

If you have to change static/dynamic then you have not configured your DHCP server correctly. This should be one time setup and never touched again.

DHCP server config typical: Allocate say IP .1-31 for any statics, and dynamic range .32-254. All your DNS entries should also be DEFINED HERE, the DHCP box.

So when you to an IPCONFIG /ALL in ANY of your PCs, it should say:

IP xx.xx.xx.32-254.
Mask 255.255.255.0
DNS: your DHCP box IP
GATEWAY: you DHCP box IP.

Your DHCP box IP should be the first static IP given .1.

If for some...
You get piece-meal info from Internet, they are in the category of "try this, try that."

This is extremely simple dude, I dunno why anybody have problem with this. Follow this standard if you will:

If you have to change static/dynamic then you have not configured your DHCP server correctly. This should be one time setup and never touched again.

DHCP server config typical: Allocate say IP .1-31 for any statics, and dynamic range .32-254. All your DNS entries should also be DEFINED HERE, the DHCP box.

So when you to an IPCONFIG /ALL in ANY of your PCs, it should say:

IP xx.xx.xx.32-254.
Mask 255.255.255.0
DNS: your DHCP box IP
GATEWAY: you DHCP box IP.

Your DHCP box IP should be the first static IP given .1.

If for some reason you need to change external DNS servers, you do it once at the DHCP box, NEVER on a specific client, unless you have a particular reason to, this is best practice for uniformity.

Yup, what ^he says, multiple routers, multiple NAT devices, running more than one subnet will mess u up. Don't do that.
 
Solution
Aug 21, 2019
11
0
10
Do you have two or more routers on the network? It could be a conflict if both are trying to act as the DHCP server. Same goes if you have a server also acting as the DHCP server in conflict with the router.

We only have 1 router, it's the internet modem from our ISP. Though we have Cisco routers that acts as a switch but it's on different location. I'm not really sure if that affects our main office, which is having the problem
 
Aug 21, 2019
11
0
10
You get piece-meal info from Internet, they are in the category of "try this, try that."

This is extremely simple dude, I dunno why anybody have problem with this. Follow this standard if you will:

If you have to change static/dynamic then you have not configured your DHCP server correctly. This should be one time setup and never touched again.

DHCP server config typical: Allocate say IP .1-31 for any statics, and dynamic range .32-254. All your DNS entries should also be DEFINED HERE, the DHCP box.

So when you to an IPCONFIG /ALL in ANY of your PCs, it should say:

IP xx.xx.xx.32-254.
Mask 255.255.255.0
DNS: your DHCP box IP
GATEWAY: you DHCP box IP.

Your DHCP box IP should be the first static IP given .1.

If for some reason you need to change external DNS servers, you do it once at the DHCP box, NEVER on a specific client, unless you have a particular reason to, this is best practice for uniformity.

Yup, what ^he says, multiple routers, multiple NAT devices, running more than one subnet will mess u up. Don't do that.

Apparently our ISP prohibited us from configuring their router any further so I can't really tell if they configured it correctly. I should contact them for confirmation. Also, everything seems fine, when i 'ipconfig /all', it shows all of that info: IP, Mask, DNS, Gateway, but still occurs error. I try to change DHCP on specific clients because I feel like I have no other options other than enable/disable of the network and the 'netsh int ip reset', 'netsh winsock reset', 'ipconfig /flushdns'

Also, we only have 1 internet modem. Upon doing network scan, no unusual IP is present
 
Are you sure it is actually a dns error. What happens if you leave a constant ping to your router ip run. Do you get loss at the same time you get the DNS error.

That messages is really stupid it just means it can't talk to the DNS server. There is no way to tell if it is because their is some issue with the DNS server or there is a issue with the network in general.
 
There are websites to test dns leak. If you configured 8.8.8.8 and it's not coming back as that then upstream somewhere it's being replaced. This is common for businesses to control DNS for filtering and security. You don't want your ISP replacing it for you.

Your ISP should have no say about your router. that sounds sketchy to me.
 
Aug 21, 2019
11
0
10
Are you sure it is actually a dns error. What happens if you leave a constant ping to your router ip run. Do you get loss at the same time you get the DNS error.

That messages is really stupid it just means it can't talk to the DNS server. There is no way to tell if it is because their is some issue with the DNS server or there is a issue with the network in general.

When a computer has the said issue, the ping would say "destination net is unreachable". If the computer is fixed, no loss or time-outs. To be honest I'm not so sure if it's really DNS because I agree, I suspect many other things as well but I thought it would be a start
 
Aug 21, 2019
11
0
10
There are websites to test dns leak. If you configured 8.8.8.8 and it's not coming back as that then upstream somewhere it's being replaced. This is common for businesses to control DNS for filtering and security. You don't want your ISP replacing it for you.

Your ISP should have no say about your router. that sounds sketchy to me.

I have this tool which was recommended to me by other for DNS leak test (https://www.grc.com/intro.htm ). I don't configure 8.8.8.8 alone, I make sure it has an alternative which is our default gateway x.x.1.1.

I'm sorry but what do you mean by "Your ISP should have no say about your router. that sounds sketchy to me."?
 
Aug 21, 2019
11
0
10
That's the fundamental problem when one doesn't have the practical experience to know what ISP vs customer responsibility, consumer vs business accounts etc.

OP, it maybe time to bring in a consultant unless you want to forgot any vacation forever since you have to intervene everyday.

Unfortunately in my work area, there is only 1 reliable ISP as of now. It sucks but it's all we got.
I agree, it was recommended to me by others as well. I'll look into it, thank you :)
 
You should have a ip address in that message. "destination net is unreachable"

It might be your router IP but it could be a IP in the ISP network.

What that means is device whose IP is in the message is saying it does not have a path to the final destination. It is a little hard to say why exactly it happens. It does mean though that you have good network connectivity between your machine and the IP in that message. You would not have gotten the response if you can not talk to it.

What is strange is all machines should be affected at the same time not some work and others not when you get a message like this. Pretty much it means the device ip in the message has some issue with its routing table.

Still this smells of a duplicate IP address even though that would not cause that message.
 
I have this tool which was recommended to me by other for DNS leak test (https://www.grc.com/intro.htm ). I don't configure 8.8.8.8 alone, I make sure it has an alternative which is our default gateway x.x.1.1.

I'm sorry but what do you mean by "Your ISP should have no say about your router. that sounds sketchy to me."?

For a business the ISP usually just provides the modem. They shouldn't have any control over your edge firewall.