cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NEED SOME HELP?

We’re here 24/7. 365 days a year.
Ask questions. Find your answers. Connect.

'DNS name resolution failure' Reports in router

Billx
Enlightened One
Private Message TalkTalk
Message 45 of 45

My Router has reported the following, as errors, today,

14.04.2024 13:39:33 Error DNS DNS name resolution failure (revboostprocdnadsprod.azureedge.net)

14.04.2024 14:44:59 Error DNS DNS name resolution failure(revboostprocdnadsprod.azureedge.net)

Within those 2 times, there are 68 other reports of the same error.

Now this, will fill my router log file in no time.

 

I dealt with this topic on 20-06-2023 11:57 PM, in

ROUTER 5464 - 'DNS name resolution failure' error

There was no outcome or resolution.

@KeithFrench suggested that this issue should be given the classification of 'Info' rather the 'Error' within the router software.

I suggested that, that would not solve much, as users still want view all other 'Info', and 'Info' is the least serious of all reports.

 

So, I make a new suggestion, that, as this issue has no relevance and does not cause any harm, the Devices Team remove this issue completely.

How about that?

 

0 Likes
44 REPLIES 44

Message 21 of 45

@KeithFrench 

 

Since my message to you at  ‎24-04-2024 10:36 PM yesterday, the behaviour of DNSQuerySniffer has completely changed.

I don't know what has caused the change. I did have to reinstall it a couple of times, because sometimes it would not do anything, when started.

Again I don't know why. I had to reinstall again this morning.

 

It now seems to operate as it should.  The 'Host Names' do appear for all, but one very odd one. I'll ignore that for now.

Now unlike before, all requested DNS requests get a green pass and get their response.

The odd one, gets its response, but its a negative red response. There are no yellow responses.

The 'Source address' is now always my computer, and the 'Destination address' is now always the router.

 

So, there's really not much to see for you by getting a screen shot.

 

Anyway, since now virtually all the 'Host Names' get positive green passes, the question changes. Why are they being given passes?

The names are all big, big networks. e.g. as I said before, Microsoft, Google and others.

So, that's the situation with DNSQuerySniffer.

 

As regards the router, there's now no flood of 'revboostprocdnadsprod.azureedge.net', none.

But there is still the dreaded '65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e', in less quantity than 'azureedge.net'.

 

I don't know where I can go from here.

 

Thanks very much, @KeithFrench 

Bill

 

 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 22 of 45

Can you send me a screenshot from your DNSQuerySniffer, otherwise this is all guess work. PM me if you would prefer.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Enlightened One
Private Message TalkTalk
Message 23 of 45

Hello @KeithFrench ,

 

You say that in the past you have used Wireshark and that you've also used DNSQuerySniffer, and you also say that DNSQuerySniffer can be used to deal with some of these issues in a simpler way than using Wireshark. Is it possible to please give me, a bit more of a guide on how to go about it? I've looked for some help at NirSoft, but haven't found any.

 

Can you answer why 'Host Names' do not appear for all items?

I've used the 'Find' command, with 'revboostprocdnadsprod.azureedge.net'. But no luck.

I've also looked for '65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e', also not found.

What is the difference between queries going from the computer to the router and queries going from the router to the computer

I notice some entries have both 'Request Times' and 'Response Times', others have only 'Request Times' and others only 'Response Times'

I notice that 'community.talktalk.co.uk' has a high presence, but 0 records are returned for them.

I believe most of the havoc is initiated by Microsoft.

I've been running this, since yesterday.

 

I hope you can help me

Bill

 

0 Likes

Message 24 of 45

@Michelle-TalkTalk 

 

I don't think so.

But it is filling the router log quickly. Soon it will be filled up.

Soon I'll have to do a factory reset. And then after that I'll have to ask for a disabling of 'WIFI optimisation'.

In fact, when I open the router log, I can hardly see anything substantive, for me to get my teeth into.

 

Thanks,

Bill

0 Likes

Message 25 of 45

Hi Bill,

 

Is this causing any issues with your connection such as drop outs?

 

Thanks

 

Michelle

 

0 Likes

Billx
Enlightened One
Private Message TalkTalk
Message 26 of 45

Hi  all,

 

Since 22.04.2024 10:30 AM, less than 2 days ago, the story has continued.

A further 1400 entries, with the following detail:

 

Error DNS DNS name resolution failure (revboostprocdnadsprod.azureedge.net). 

 

Bill

0 Likes

Message 27 of 45

In the router log, On the computer, 'revboostprocdnadsprod.azureedge.net' seems to be recorded in batches of 5 within the same second, every 5 minutes.

In dns_query_sniffer, I didn't spot any regularity.

 

In dns_query_sniffer, under 'Host Name', in just over half of the entries, the names are missing.

Under 'Response Time, a lot of the 'response times' are missing. etc.

 

 Quite a few of the 'Host Names' are related to Microsoft.

A lot of others are related to Google, YouTube

There are other 'Host Names', which I don't recognise, but could be related to Google or Microsoft.

community.talktalk.co.uk is present.

Each entry is marked with a red, yellow, or green indicator, but I can't see the particular significance.

YouTube is appearing, even though I am not currently using it.

On the other hand, only 'revboostprocdnadsprod.azureedge.net' is currently causing havoc in the router log'

 

That's all. Signing off.

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 28 of 45

That of course, is only half the battle, you would now need to find out why this is happening.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Message 29 of 45

Yes, @KeithFrench 

You had advised me last year sometime, and I went to https://www.nirsoft.net/utils/dns_query_sniffer.html 

And I installed, and it is currently installed. However, there were many things I didn't understand within it, so I have hardly used it.

 

I opened it just now. And the culprit does appear on it, on my current device.

But I think I'll have to pass for now

 

Thanks

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 30 of 45

What I have done in the past is to install Wireshark on each device that supports this application, take traces & then go through them to find a particular domain. However, this is a very complex way of doing this. There is an application on the nirsoft website that will do this in a more simpler way:-

 

https://www.nirsoft.net/utils/dns_query_sniffer.html 

 

However, it only runs on Windows.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Message 31 of 45

Any idea how,  a mere user, can trace 'revboostprocdnadsprod.azureedge.net' amongst my devices, when there are thousands of Microsoft processes running on each of my devices?

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 32 of 45

Hi @Billx 

 

The crucial part here is, like it or not, all of these log entries are caused by one or more of your own devices trying to resolve unregistered domains to IP addresses. The fact that they are not resolved, generates an entry in the System Log.

 

As far as a DNS server is concerned you supply it with a true domain name (such as microsoft.com) or a string of garbage (qwertyashimmbbgfgvg), the server must still try and resolve this to an IP address. Domains are not routable, only IP address can be routed to another IP address.

 

As I have said before, in addition to the classification bug, I have requested that the developers supply a means for the user to choose if they want to see unresolved DNS requests or not (I'd be the first to stop them on my Sagemcom).

 

Therefore I don't think there is anything to be gained by you keep updating this thread in the manner that you are doing. I answered this thread ages ago now & that should have been that. So far I have spent ages replying to you on two of your threads this morning which is taking up a lot of my time and please be aware, that as a customer, I am not paid for this work I do at all.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Enlightened One
Private Message TalkTalk
Message 33 of 45

Hi  all,

 

Since 20.04.2024 16:17:12, less than 2 days ago, the story has continued.

With 80 pages x 20 entries per page, the router log has been filled nearly entirely or say 98% with the following entry:

Error DNS DNS name resolution failure (revboostprocdnadsprod.azureedge.net). That's 1600 attempts.

'revboostprocdnadsprod.azureedge.net' is the same culprit, I reported before.

 

Bill

 

0 Likes

Message 34 of 45

You can't resolve '65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e' into IP address. It could not be a domain name, unless all the techies have gone berserk. No, I don't think so. My few devices are overprotected already.

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 35 of 45

Hi @Billx 

 

This is possibly a time when the log is useful. One of your devices has submitted a DNS query for the domain:-

 

65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e

 

The DNS server in the router has not been able to resolve this to an IP address & has written this fact to the log.

 

You are right, it is very strange looking. I would think less about AI and more about malware being present on one of your devices. If I was you, I would do a full system malware scan on each of your devices.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Enlightened One
Private Message TalkTalk
Message 36 of 45

Hi All,

 

Now I've got an interesting one.

My Router reported the following, as errors

15.04.2024 12:51:04 Error DNSDNS name resolution failure (65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e)

This has been repeated 12 times until 15.04.2024 12:57:54.

 

Now regarding investigating this, I don't even know if this is a website.

I think there's a little bit too much AI going on.

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 37 of 45

I totally agree it is very difficult to tie down.

 

As I have said before, I have already put this forward as a suggestion (it is not a bug). I it gets implemented or not, is up to TalkTalk to decide.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Billx
Enlightened One
Private Message TalkTalk
Message 38 of 45

Hi All,

 

My Router reported the following, as errors, yesterday evening and night,

14.04.2024 14:50:01 Error DNS DNS name resolution failure (revboostprocdnadsprod.azureedge.net)

15.04.2024 01:09:26 Error DNS DNS name resolution failure(revboostprocdnadsprod.azureedge.net)

Within those 2 times, there were 670 other entries with the same error.

It nearly filled my whole log file.

I did a factory reset later.

 

Obviously, this is caused by by some Microsoft software, in one of my few devices,

But there is no way I could investigate this, as there are thousands and thousands of processes and applications that Microsoft is running.

 

Bill

 

0 Likes

Message 39 of 45

@KeithFrench 

As I said, I have looked at all these names, mentioned in the 'DNS name resolution failure' entries in the log, and I can't tie them to anything I am doing. If these companies write their software the way they do, its not any of my problem. It's up to those companies to do less AI, and deal with it. It would take me 300 years to investigate this myself.

 

Bill

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 40 of 45

Of course, you do have to consider one thing here. The DNS queries that fail are due to one or more of a user's devices visiting websites, which in turn pull in content from other sites & these may have invalid URLs in them. However, to display the whole still requires that device to make numerous DNS queries & it is that device that is the cause of all of these logs.

 

The other thing that you have to bear in mind, I can report bugs to TalkTalk and can offer suggestions, but it is down to TalkTalk if they want to implement them.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes