server not found, try again repeatedly

sounds like you can't resolve names via DNS. If the error occurs open a shell (cmd.exe) and execute nslookup

or something similar and see if you receive a result which is one or more IP adresses for google. If you get an error check what error it is, I assume most like connection refused (depending on the nameserver your're using) or connection timeout/no response. If so somethingmight block outgoing UDP port 53 packets.

Is there anything you can log blocked/allowed traffic?

Of course, what Du you expect if your browser/program doesn't know to what server it should connect.

cheers

Burkhard Ott wrote in news:j14ukv$9pv$1 @news.albasani.net:

Is there anything specific to look for?

I have a similar but nowhere near as bad problem as the OP.

I ran wireshark (I'm NOT an expert at packet sniffing) and whenever I experience this, I appear to not be getting any reply from the DNS servers, so the browser or whatever just times out. Occasionally though I receive a "DNS server error" message.

It happens enough to me to be a minor annoyance, but not enough to cause me to finally "do something" about it. For me one, maybe two retry clicks and I get through. Although, if there is a fix, I wouldn't mind knowing.

I figure my requests are just getting lost in the ether.

For me it only happens a few times per day. The one thing I notice is it happens more to my usenet connection than web.

Brian

Sorry, I don't know the software. But it sounds like it is caused by any filter which blocks DNS traffic.

The DNS error might just the browsers explananation of a timeout. Depending on your network setup, if you can check the packet flow between your computer and your router or whatever is between, you should be able to the dns requests, if not the dns request doesn't leave your computer.

Most of these Desktop filter are snakeoil anyway and actually (in theorie) increase the risk on your computer, you can use the built-in windows firewall in that case. No need for any additional software which uses basically the same filter mechanisms.

Ususally no packte gets lost, maybe the ttl is 0 und the packet dies but it reached at some point a couple of hops.

If the problem happens you can also try (during that time) to reach just another one (maybe opendns or something similar via nslookup), if you have the same problem, deaktivate the filter.

cheers

Burkhard Ott wrote in news:j1eenn$54p$1 @news.albasani.net:

Uhmmm.... Wireshark does exactly that. It's a 'packet sniffer'. I was monitoring the traffic to/from the computer.

The "DNS server error" comes from the DNS server. It has nothing to do with my browser. Although, it might come from my routers too. I'll have to check again to verify the originating IP address.

I don't use the Windows firewall because it only controls inbound traffic. It does nothing for outbound, and experience has taught me that such is mandatory for my security.

Perhaps my use of the phrase "getting lost" should be taken in a general sense, meaning my get requests go out but somewhere along the way some server just fails to respond. I did not mean to literally say the packet just disappears.

I am very doubtful that the software firewall is to blame, as I've been using it for many years on previous ISP's and previous system builds. This problem only began with my current ISP. The only changes other than that are the addition of a local router for my home network, which would be easy to bypass for testing.

I will log some more traffic and see what happens. Some days I have zero problems, others it's several times per day. So it might be a while before I post back.

Brian

Well, that didn't take long.

The error message very definately comes from the DNS servers.

Flag 0x8102 (Standard query response, Server failure)

Brian

You need to do that between your computer and your router to see if the requests leave your machine. Running it on the same machine doesn't make sense in that case, what you are able to see there is that a packet is send to your network card if then a filter is active to prevent the packet leaving your machine, ireshark can't see that.

check it with nslookup or a similar tool and check during that time various DNS, perhaps the DNS you're using as your default runs unstable, so if you check during the time where the issue is present a different one and it answers, you've found the problem. If do the same between router and internet connection.

Sounds strange, since I'm not working with windows anyway I can't really say if thats the case. At least windows XP SP3 on a virtual machine filters both directions, otherwise the whole thing wouldn't make sense anyway.

Can you see (sniffer) the packet leaving from the router to the internet? If so try another one.

I've seen so many of those 'Desktop Firewalls' which were not working like they should and on the other hand it's jusst software running in userspace which makes it easy for a potential attacker to switch it off.

Perhaps the ISP has problems with their DNS, so go ahead and check another one, it doesn't need to be necessarily opendns. I don't know how experienced you're, in the case the issue is present you can just query the root DNS to receive the soa hints for a specific tld, it is very unlikely that they don't respond.

It sounds like a problem on your ISP's site, but before you blame him it's worth to find it out first, then I would open a ticket for their investigation since you're paying the full price for the full service :).

cheers

Can you post the DNS from your ISP please, maybe I can query it from the outside as well, many ISP's have no restrictions some have.

Can you also post the lines you cought with wireshark?

If the issue is present please try the following (preferably via nslookup in the console).

query for google.com the following servers:

208.67.222.222 208.67.220.220

e.g. nslookup google.com 208.67.222.222

cheers

Burkhard Ott wrote in news:j1h482$b65$2 @news.albasani.net:

66.51.205.100 66.218.44.5 (see note below)

I was going to post such yesterday, but the width caused multiple line-wraps and made it barely readable. But wouldn't show much anyway, just formatted columns of: packet no, time, source IP, destination IP, protocol, and a verbal description.

The flag I extracted from the data packet itself.

I just switched to these Open DNS servers. We'll see what happens. So far things are running smoothly and actually seem a little 'peppier'.

*I should note these are not the DNS servers of the ISP I'm logged into. They are of my backup dial-up ISP. I did that because I wasn't liking the ISP returning their own error webpage when I mistyped a URL. But I see OpenDNS does the same thing - a webpage with a bunch of advertisements.

Brian

It's just to find out if your router/computer/device blocks something or does it happen behind your stuff, in that case you can open a very detailed ticket at your ISP. (the sysop who has to work on that will say thank you :)

It's half and half, in that case you're right (opendns). Many 'webmaster/ dnsadmins' set an wildcard entry in their authoritative zone, in that case you can't blame the DNS provider. A solution would ne to set up your own dns. I've justed used opendns here to make sure you can reach at least one dns.

Another thing which comes to my mind is it may happen if your IP changes, assuming you have a dynamic IP address assigned to your endpoint. Some routers have trouble with with the connection managment via NAT. e.g. it has an established connection and the NAT happened, the router saves the state of the connection, then the external address changes but the router translates the packets still to the old external address. In that case it would explain why it doesn't take so long until your connection recovers. Just an idea, I have seen issues like that a couple of times in the past.

cheers