We’re here 24/7. 365 days a year.
Ask questions. Find your answers. Connect.
14-04-2024 03:50 PM - edited 14-04-2024 03:51 PM
My Router has reported the following, as errors, today,
14.04.2024 13:39:33 Error DNS DNS name resolution failure (revboostprocdnadsprod.azureedge.net)
14.04.2024 14:44:59 Error DNS DNS name resolution failure(revboostprocdnadsprod.azureedge.net)
Within those 2 times, there are 68 other reports of the same error.
Now this, will fill my router log file in no time.
I dealt with this topic on 20-06-2023 11:57 PM, in
ROUTER 5464 - 'DNS name resolution failure' error
There was no outcome or resolution.
@KeithFrench suggested that this issue should be given the classification of 'Info' rather the 'Error' within the router software.
I suggested that, that would not solve much, as users still want view all other 'Info', and 'Info' is the least serious of all reports.
So, I make a new suggestion, that, as this issue has no relevance and does not cause any harm, the Devices Team remove this issue completely.
How about that?
on 28-04-2024 05:58 PM
OK. Got it, Keith
on 28-04-2024 03:10 PM
One final point I would like to clarify (the time yesterday did not permit this) between DNSQuerySniffer & Wireshark.
DNSQuerySniffer is an app that interprets the information sent back from a DNS server into a user-friendly text string & uses different graphics to present a pleasing user-friendly experience. By its name, it only deals with DNS.
Wireshark on the other hand is a protocol analyser that decodes every data frame (don't let the word "data" confuse you, as a data frame can just as easily contain a VoIP conversation) that the NIC detects on the device it is installed on. So this handles any & all data frames that are used in the world of IP networking. One of the many differences is that it does not interpret anything at all, it decodes the exact communication between two endpoints, at different locations along the router. So it is not using a user-friendly text string to interpret what the DNS server (in this case) is sending, but it decodes down to the exact bit level, exactly what the server has sent. This means that within the DNS Response header of that UDP segment, the flag "Reply code" has its binary set to 0011 which equates to "No such Name". It is this, that DNS QuerySniffer is interpreting as "DNS name resolution failure".
The problem with an app the like of DNSQuerySniffer is, if I so wanted to, I could write an application to do this myself. Instead of using a useful interpretation of "No such name", if I wanted to, I could change this to "Fred", "Harry" or "Manchester", meaning that my app would then be totally misleading!
Why do I prefer Wireshark - it deals with facts & I have used it for nearly 25 years now, plus I have written & presented four or five training courses for my employer on how to use Wireshark, so that I know extensively how to use it. However, you still need an extensive knowledge of IP networking to understand what it is telling you.
I would therefore recommend anyone else just using apps like DNSQuerySniffer.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 27-04-2024 04:11 PM
OK
on 27-04-2024 04:03 PM
I explained that to you a long time ago as well. I have to keep repeating it, because you keep going over the same thing. Please bear in mind that as a customer, I do not write firmware for anything, you will have to wait for the next firmware release later this year.
I basically said identifying this in Windows is very difficult and that I choose to use Wireshark for this & most other IP networking issues.. I mentioned DNS QuerySniffer was the only other application that I have seen, but stated that I have never used it. Perhaps it is time for you to search the internet for an application that meets your needs.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 27-04-2024 03:48 PM
You say these errors 'were caused by domains being requested from your devices'. I have accepted that, a long time ago. But you keep repeating it. There is no need to keep repeating it. The question has been how we can identify something that's happening in Windows and link it with what's happening in the router.
Bill
on 27-04-2024 03:27 PM
I already understand all aspects of DNS and in the past have written blogs on this subject, I am not trying to learn from this at all.
Wireshark is not meant to help you, if you just want a simple app to show you these errors, that is not its function. You asked me if Wireshark could display DNS problems and I said it could display anything within an IP packet. The fact that is a full blown protocol analyser & not a simple app is not meant to help you at all. I was just illustrating that it could show these errors. You have supplied these domains in your last reply too late & I do not have the time to revisit this.
Way back at the beginning of this thread, I told you that this was a mixture of a bug with the way that these DNS entries in the system log were classified along with the recommendations that I had made to TalkTalk to optionally display them in the log at all. I do not understand why does this thread needs to continue beyond that point at all. However, because you kept saying about you were seeing these errors, I did point out that they were caused by domains being requested from your devices, so I tried to help you with that.
Please read my signature, I am just a customer & all you are doing is taking up my time, for which I do not get paid.
I think it is time for this thread to end, while the current firmware version is V174, it is serving no point whatsoever.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
27-04-2024 03:09 PM - edited 27-04-2024 03:09 PM
How does this help you and me understand what is happening in the routers that we both are using, showing very odd results re 'Error DNS DNS name resolution failure'?
A domain in the router which is inexplicable is 'gameplay.intel.com'.
Another one is 'csc3-2004-crl.verisign.com'.
Another one is '65d51797a924132454a596a1816c5e5b7c54f5387da45fb61a990384c97362e'. I know it does not look like a domain, but the router thinks so.
Can you demonstrate something that will link any of these, to what you might get in Wireshark?
Bill
on 27-04-2024 02:55 PM
I said that Wireshark is for people having an advanced knowledge of IP networking. This may or may not be you, I have no idea. I did ask you for a domain that was displaying what you wanted further classification on, but you did not tell me any. So I just quickly ran this on my PC.
My screenshot is displaying all packets within the trace I took that get a response of "No such name", which is the correct response for a DNS name resolution failure. It is not an app whose purpose is to display purely DNS errors with nice graphics etc, it is a protocol analyser.
What more do you want?
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 27-04-2024 02:00 PM
I don't know what you are trying to demonstrate.
I can see, somewhere amongst the sea of information, the domain 'wpad.lan', which I previously referred, when using DNSQuerySniffer, and the domain 'wpad.lan' was the only domain showing in DNSQuerySniffer as having a negative result, i.e. 'Name Error'.
Also, on the other side in the router, 'wpad.lan' was not shown as being an 'Error DNS DNS name resolution failure'. So nothing was achieved.
So what did your test achieve? I don't know.
Did you test a Host Name with an 'Error DNS DNS name resolution failure' that appears in your router, in Wireshark?
Bill
on 26-04-2024 03:37 PM
Here are a few failed queries in Wireshark:-
I warned you that this is a very advanced tool.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 26-04-2024 02:48 PM
What domain do you see this on?
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 26-04-2024 01:43 PM
I'll see if I can replicate something like that, but it will take a while.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
on 26-04-2024 01:41 PM
Yes, but were you able identify the cause of 'Error DNS DNS name resolution failure' in the router, by using Wireshark, allowing you to block a particular IP address?
on 26-04-2024 01:16 PM
To be fair to DNSQuerySniffer, it is probably old now & perhaps unreliable on later versions of Windows, but that is a pure guess on my part. As I said, I have never used it.
Wireshark will tell you everything, because it examines each IP packet in very great detail, right down to the bit level. It is a very advanced application requiring someone with an advanced understanding of not only IP packets, but also the OSI 7 layer model. If that is not you, then this is not a suitable application for you to use.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
26-04-2024 12:04 PM - edited 26-04-2024 12:49 PM
This program, DNSQuerySniffer, is bonkers.
What I want as a user, is who used that particular Port Number or Query ID in my computer.
Giving me a couple of numbers, has given me nothing.
Was Wireshark able to do this for you? If not, what was it able to provide you with, to enable you to identify which application was issuing the DNS requests causing 'Error DNS DNS name resolution failure' in the router? Where you able to identify any of them. And where you able to block any of them?
That's a lot of questions, I know.
EDIT 12:44 PM : There is no query for Host Name : stripecdn.map.fastly.net
In fact, I don't think there's any further queries for any other CNAMES given in the initial queries of other Host Names.
Thanks
Bill
on 26-04-2024 09:30 AM
Where a CNAME (Canonical Name) is returned as an answer, it is an alias for the name specified. So in this case:-
Host Name : m.stripe.network CNAME: stripecdn.map.fastly.net
Now you will need to find another query for:-
Host Name : stripecdn.map.fastly.net A: x.x.x.x (whatever the IP address is.
However, the response for m.stripe.network has an A record pointing to 151.101.60.176 as well as specifying the CNAME one.
I have never used this application in anger, as Wireshark, whilst far more complex to use, tells me everything.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
25-04-2024 04:58 PM - edited 25-04-2024 05:23 PM
As I said,
It seems DNSQuerySniffer is working normally now.
I don't think much comment can be made.
Here's 2 entries, which went through the DNS, as indcated by a green mark:
==================================================
Host Name : m.stripe.network
Port Number : 52340
Query ID : 0E25
Request Type : A
Request Time : 25/04/2024 15:38:33.264
Response Time : 25/04/2024 15:38:33.264
Duration : 0.000 ms
Response Code : Ok
Records Count : 2
A : 151.101.60.176
CNAME : stripecdn.map.fastly.net
Source Address : 192.168.1.11
Destination Address: 192.168.1.1
==================================================
==================================================
Host Name : m.stripe.network
Port Number : 53417
Query ID : FF44
Request Type :
Request Time : 25/04/2024 15:38:33.264
Response Time : 25/04/2024 15:38:33.264
Duration : 0.000 ms
Response Code : Ok
Records Count : 2
A :
CNAME : stripecdn.map.fastly.net
Source Address : 192.168.1.11
Destination Address: 192.168.1.1
==================================================
And as I also said before,
I don't know where I can go from here.
Out of a total 2105 DNS requests, nearly 100% were disposed of and obtained their response and were marked green, so there won't be any connection with the router's Error DNS Failure entries.
There were only about 40 entries in DNSQuerySniffer with the 'Host Name' 'wpad.lan' that were refused a response by the router.
Here's all the details of 1 of those 40 entries, given by DNSQuerySniffer. These 40 entries were marked red.
=================================================
Host Name : wpad.lan
Port Number : 57647
Query ID : BF30
Request Type : A
Request Time : 25/04/2024 16:23:07.383
Response Time : 25/04/2024 16:23:07.447
Duration : 63.925 ms
Response Code : Name Error
Records Count : 0
A :
CNAME :
Source Address : 192.168.1.11
Destination Address: 192.168.1.1
==================================================
EDIT: 5:17 PM : When you had previously used DNSQuerySniffer, were you able to match the entries shown as blocked and red in DNSQuerySniffer, with the entries in your router shown as 'Error DNS DNS name resolution failure'?
Thanks
Bill
on 25-04-2024 03:33 PM
Give me a domain entry @Billx that you would like me to comment on.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?
25-04-2024 03:12 PM - edited 25-04-2024 03:14 PM
Not a problem, Keith
Here's 2 screenshots. The first is the screenshot of the left side of the DNSQuerySniffer window. The second is the screenshot of the right side of the DNSQuerySniffer window. Obvious its not the whole list, just a part of the vertical window.
It seems DNSQuerySniffer is working normally now.
Thanks
Bill
on 25-04-2024 02:54 PM
It is very difficult to respond to your questions when you talk about something that you have seen in this app, but will not share a screenshot of it.
Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they?