dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
47
share rss forum feed


Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse
reply to heinrich66

Re: [Other] DNS errors from The Shining

Why is everyone trying to use ping to troubleshoot DNS? ICMP can be blocked anywhere along the route.

To test if a DNS server is reachable:
telnet <ip-of-nameserver> 53

If you can make a connection, it tells you two things: 1) the name server is reachable on port 53, and 2) the name server is up and DNS is running.

If you cannot make a connection, could be any number of things, including a firewall somewhere is blocking port 53 or your ISP has no route, etc.

P.S. you can try any of the following for free, open recursive name servers:

AT&T: 4.2.2.1 & 4.2.2.2
Google: 8.8.4.4 & 8.8.8.8
Neustar DNS Advantage: 156.154.70.1 & 156.154.71.1
OpenDNS: 208.67.220.220 & 208.67.222.222
Symantec Norton DNS: 198.153.192.1 & 198.153.194.1

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
Reviews:
·VOIPO
said by Wily_One:

ICMP can be blocked anywhere along the route.

Yes. Our world has become sadder. The PING of Death scare has convinced fools to disable ICMP (and break PMTUD in the process). Extra credit for those who allow UDP traceroute though the firewall…

heinrich66

join:2006-09-21
Towanda, PA
reply to Wily_One
Thanks for the replies.

I'll try the telnet suggestion and report back. I should mention again though in case it wasn't clear: the router is currently set up to use the ISP's default DNS. Problem stays the same.

As for pinging outside DNS servers, I am pretty sure that when the connection is 'up', I can ping any of the above (e.g. 4.2.2.1, 8.8.8.8) with no problem.

The main thing is that the problem is intermittent, though much worse on Wifi. On the LAN it may work for hours or give the DNS error when attempting to surf for hours. Wifi is like flipping a coin. You might be able to surf three or four pages until it goes out. On the iPad you have to manually reconnect to the network. On the Win7 laptop (when using Wifi) it doesn't seem to want to connect or work at all.


Da Geek Kid

join:2003-10-11
::1
kudos:1
you could try to telnet but it will again hit the proxy server and you would not know it...


Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse

1 edit
The telnet port test is a better way to check DNS than ping.

The purpose of running the port test is to see if you can connect or not. If not, then the target server is unusable. What the cause is is out of his control.

heinrich, it sounds like your ISP is flakey in general. Other than switching ISPs, quite likely nothing you can do about it from your end but complain to them.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
reply to Wily_One
said by Wily_One:

Why is everyone trying to use ping to troubleshoot DNS? ICMP can be blocked anywhere along the route.

If only there was a TCP-based ping.


Da Geek Kid

join:2003-10-11
::1
kudos:1
not sure if tcping can be any better at any port other than http...


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
said by Da Geek Kid:

not sure if tcping can be any better at any port other than http...

TCP based ping will tell you the response time over most any port. It also isn't normally blocked and/or deprioritized like ICMP often is these days. To unsophisticated routers and gateways, it looks like any other TCP-based traffic and tries to pass it along.


Da Geek Kid

join:2003-10-11
::1
kudos:1
tcpinging the dns proxy server will give you just that; and quite honest not sure if it's worth downloading the app.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to Wily_One
said by Wily_One:

To test if a DNS server is reachable:
telnet <ip-of-nameserver> 53

If you can make a connection, it tells you two things: 1) the name server is reachable on port 53, and 2) the name server is up and DNS is running.

If you cannot make a connection, could be any number of things, including a firewall somewhere is blocking port 53 or your ISP has no route, etc.

i have used telnet for mail servers and normally see text on the screen after a successful connection. i just tried telnet 8.8.8.8 53 and the cmd prompt was black/blank with a flashing cursor. i tried 8.8.8.23 assuming it was invalid and it times out.

success= flashing cursor

fail= connect fail reply in command prompt

is that accurate?

thanks.


Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse

1 recommendation

You must be trying telnet from Windows. The Windows telnet client is wonky, hiding any useful connection details that tells you if you've actually connected or not. But yes, a blinking cursor with no error means a successful connection, which means the port is both open and reachable from your client.

To compare, from a Unix/Linux telnet client I get:
$ telnet 8.8.8.8 53
Trying 8.8.8.8...
Connected to google-public-dns-a.google.com (8.8.8.8).
Escape character is '^]'.
Connection closed by foreign host.
 
$ telnet 4.2.2.1 53
Trying 4.2.2.1...
Connected to a.resolvers.level3.net (4.2.2.1).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
 

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
yup, using windows. i like seeing something, but good to know that nothing, in this case, is good.

i tried firing up putty, but all i get is a quick flash and the command box (putty) disappears.

i tried 8.8.8.8, raw, port 53 and clicked open.

thanks for the reply.