My DNS server can resolve names->ip but clients still cannot surf

Hi there,

I've been working on my java DNS server. I've reached the basic stage where my server can entertain DNS messages from client resolvers, and resolve their requests by passing it the message to higher level DNS servers (such as my ISP's DNS server).

However there is a problem. I'm testing on a home network with 2 PCs, one is the DNS client (resolver), and the other is the DNS server., The Client resolver may resolve domain names to IP addresses through the DNS server, but even with the received IP address it still cannot surf to that website. MY Internet explorer just tells me its 'Opening page http://www.yahoo.com" and never loads. I can't even ping them even when i have their IP addresses. See screenshots.

Below are some screenshots from MSDOS i took, while trying to ping 2 websites from my client resolver.


Some additional Information on the screenshots:

1) I'm using the org.xbill.DNS package if that means anything

2) My DNS server does not modify the packets it receives. It only displays them and FORWARDS them from my client resolver(192.168.0.3) to my ISP DNS server as a "query"- OR - from my ISP DNS server (response) back to my client resolver. I assume that it will still work, since the message format does not change.

3) "SimpleResolver" is a class supplied by the org.xbill.DNS package. I assume that the relationship between:
My Client REsolver (192.168.0.3) and DNS Server (192.168.0.1)
is comparable to the relationship between
My DNS server (192.168.0.1) and my ISP DNS server.
Therefore my DNS server acts as a 'resolver' by itself when forwarding the query packets to the ISP DNS and wait for a response.

4) Right after my DNS server receives a response, it prints the response, and sends the exact same response message to the client resolver (192.168.0.3). This is not explicitly shown on the screenshot.

Observations:

1) My client resolver (192.168.0.3) can resolve domainname->IP address, as shown in the screenshots, but still cannot PING them. They cannot even surf the net.

2) Pinging the same website from the client for the 2nd consecutive time does not print any events on the DNS server. I assume that since the client resolver has already received the IP address and cached it?.., it automatically bypasses the DNS server.

Biggest Problem:
Can resolve but, Cannot ping. Cannot surf.

Any idea?

FYI, the standard abbreviations for the 4 sections in DNS QUERY packets are qr, an, ns, and ar in order respectively. "ad" is actually the abbreviation of the additional section for DNS UPDATE packets.

I don't know why you can't ping or browse the web, but I don't think it's the dns server's fault. If you tried pinging the IP all by itself I'm sure you'd get the same response. So what I would do is check your gateway IP and make sure it points to your router, or ISP's gateway. Another place to look is your routing table to make sure that the gateway gets used. Another thing that could go wrong is a bad or missing connection to the internet from that computer.

And yes, the operating system does some caching and so won't query the DNS server every time.

Thanks SilentRage

It is the DNS API that i am using that prints the 4 sections as such. I guess i'll have to change it myself to use standard abbreviations.

Anyway, i am still trying to pin point the source of the problem. Here is what i checked:

1) My DNS server (192.168.0.1) points to my ISP's gateway at 219.95.56.19.
My Client resolver (192.168.0.3), points to my DNS server as its default gateway. As far as my newbie brain can tell, i can't find anything wrong with it.
I've attached screenshots.

2) From whatever knowledge i have, i gather that a routing table has to do with a router? As far as my home network is concerned there is no obvious router. Unless you were refering to someting software based within Windows?

3) Bad or missing connection to the internet from that computer? Well everything works fine until i stop SVCHost and run my DNS server.

4) I had made a mistake in a previous thread where i said i cancelled a service called posadissrv.exe to enable my DNS to listen on port 53.

I actually had to cancel the SVCHOST.EXE process (pid 1028). The thing is, there are a number of SVCHOST instances using process id 1028, which probably have other responsbilities. Stopping one of them means stopping all those with pid 1028 , which i fear might also cause other 'things' to stop functioning, such as normal surfing of the web. I can't seem to find the responsibilities of the other instances, therefore i'm not sure if this could be the reason.

5) My client resolver is actually a laptop. But i guess that couldn't be the reason right?

I'm very grateful for your help, Thank you very much for your help SilentRage, your online pseudonym shall appear in my documentation, or your name if you prefer. =)

Well I've done some research and it appears that svchost is the replacement for our old buddy "rundll32" found on Windows ME and possibly Win98. Basically its purpose is to run services that are ran from DLL files instead of EXEs. Each svchost process may host multiple services, so it's generally a bad idea to knock 'em out. I still don't get why it breaks your internet however.

So let's do a test. Get your internet working again, then terminate the process. Do not start your DNS server or put a local address in your resolver DNS server list. Does your internet work at that point?

That was quick!

Okay,

Resolver: 192.168.0.3
DNS Server: 192.168.0.1

SilentRage, you said "do not put a local address in my resolvers DNS servers list"

I assume that u mean 'do not put '192.168.0.3 (resolver ip)' under my resolver's DNS server list. I originally had that ip (its own ip) listed down there to make the resolver itself its alternative DNS server. So i took it away.

Therefore, on the resolver, i have only 192.168.0.1 as the only DNS server without any alternative DNS servers.

I did not run my DNS server on both of the following tests:

Test 1.

1) Connected to internet
2) Terminated SVCHost pid 1028
3) Cannot browse web on both DNS server PC and Resolver PC.

Funny Observations:
-Tried to disconnect from internet but no response. Internet connection symbol remained in system tray. Internet connection properties would not even display. Tried to dial a new connection but window will not display (shows on screen fo 1ms and disappears, haha).
- ipconfig/all displayed my "PPP adapter Streamyx" interface (which supposedly means that i'm online), but had different values before and after i terminated SVCHost.
See Screenshot A(i) and A(ii).

Had to restart my computer here.

Test 2.

1) This time, terminated SVCHost pid 1028 first.
2) Connected to the internet successfully.
3) ipconfig/all shows normal values which are identical to Screenshot A(i).
4) DNS Server PC can browse the web (is this unusual?)
Resolver PC cannot browse the web.


Funny Observations:
The internet connection icon on my system tray is missing! Well, its not there. I don't know where it is, but my DNS server IS connected to the net and i can surf.
Resolver PC still cannot surf the net. I guess this is normal as no DNS server software has been activated on 192.168.0.1.

my goodness. Well, at least we confirmed that it is terminating that particular svchost instance that is causing your connectivity problems. Wacked out that it would wipe out your IP address and subnet mask. By attempting to connect to the internet AFTER you terminated the process, windows might've started back up the service to connect to the internet.

All this just tells me that we're going to have to free up port 53 the right way. I want you to restore everything to what you had before you posted this topic. Do not terminate svchost.

Go here:

Control Panel -> Administrative Tools -> Services

In that service list I want you to tell me the name of every entry that has anything to do with DNS.

Well,
haha

This is tough, since i'm not sure what every service does, i'll just go by the service description. Some of the service descriptions have been taken off from
http://members.internettrash.com/me...n/xptweak3.html

The only services which are described to have anything to do with DNS:

1) DHCP Client : Manages network configuration by registering and updating IP addresses and DNS names

2) DNS Client: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

3) Remote Access Auto Connection Manager: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
This is also imperative for internet usage. As I have stated before, since I and most others don't connect to the internet every session, this may be set to Manual. If you have issues, set it to Automatic. Default: Manual

I've attached a full snapshot of all my service for the heck of it.
Thanks...

p.s: I just realized that the process id for SVCHost varies everytime i restart. haha. .

hrm, well, I couldn't figure out which process it is by looking at that. We'll have to go by a different approach. I want you to open regedit and go to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

Then I want you to export that key to a .reg file and attach it for me. It's a list of all the DLL services svchost loads up.

btw, what windows version are you using?

This is a great adventure and learning xperience for me hehe..

Here it is. I've renamed it to .txt coz the forum doesn't allow uploads having a .reg extension. Just rename it to .reg. =)

..
btw i'm using Windows XP Professional Version 2002 SP1.

heh heh, you wouldn't believe some of the crazy things I do to slap a computer into obedience.

Now it's time for you to download another one of my favorite monitoring tools. If you liked TCPView, buddy, you'll bow to this. Unfortunately, it seems everybody thinks bigger is better, so you'll have to get the latest version cause I don't think I saved a installation file for mine. But here's a direct link:

TaskInfo2003 v5.0.0.9
http://download.com.com/redir?pid=1...4-10213395.html

This is a process monitor on steroids. And we're going to use one of the many interesting features it has. I want you to install that, execute it, and select the svchost.exe process that is listening on port 53. Since yes, the pid does change, you may have to look it up in TCPView again. After you select the correct svchost process, I want you to tell me what you see for the CMD field. The CMD tells you the commandline that the program was executed with. This way you can see the commandline arguments that was passed to the program. By knowing what was passed to svchost, we can know which service entry in this .reg file is associated with that process.

Wow

Took me quite a while to swallow the interface haha...

This time it was running on PID 1028 again, (port 53)
The CMD line is:

C:\WINDOWS\System32\svchost.exe -k netsvcs

..i presume netsvcs stands for net services.

The other two SVCHost processes (just as an observation):

C:\WINDOWS\System32\svchost.exe -k rpcss (PID 964)

C:\WINDOWS\System32\svchost.exe -k LocalService (PID 1144)

Here's 2 screenshots from taskinfo2003 depicting the
General properties and Connections properties (lower right window in taskinfo screenshot)

of the Generic Host Process (SVCHost) with PID 1028



----

Remembering that the resolver has problems browsing the web....I have a doubt, Surfing to a webpage uses port 80 for http right?

None of the SVCHost services shown in TCPView show usage of port 80. In fact port 80 is nowhere to be seen, not even 'http' can be seen. I'm wondering if port 80 is even involved in this.

Do this at the commandline:

netstat -an | find ":53"

paste for me the response.

Here it is.. thanks for all your effort,,


C:\Documents and Settings\aDvo>netstat -an | find ":53"
UDP 192.168.0.1:53 *:*

C:\Documents and Settings\aDvo>