august abolins <
nospam@nospam.net> wrote:
It seems that more and more recently, my XP machine will fail
in resolving websites. Everything will operate quite fine for
a few minutes and then trying access mail (pop/smtp) and using
the browser will fail.
HOWEVER, ping to a specific IP works!
Telegram works.
Networking (via VNC) to another local PC works.
Accessing the local router via wifi works.
But, ping to a named IP fails.
DNS setup on the pc is set to "auto", so it uses the one on my
netwok router. Another networked pc (Win7) is configured the
same way - (auto DNS) - so, that tells me that the router is
not the issue.
But a hard reboot, usually resolves the whole problem. Infact,
more and more often, the XP is unable to entertain an orderly
shutdown - I have to turn it off with the press-n-hold method
of the power button.
Attempting a software shutdown, I would always seems to get:
"nsAppShell ..shutting down. End now?" - what is that?
Otherwise, most of the time the machine continues to cooperate
OK, each and every time I cycle it in and out of Hibernate.
Anyone experience the same thing over time? Any solutions to
get XP to cooperate?
Your endpoints are configured for auto-DNS which means they go to the
router, but the router is not a DNS server and merely passes upstream
the DNS requests to whichever DNS server it is configured. If the
router is configured for auto-DNS, too, then (if it is a combo router
and cable modem) it goes to your ISP's DNS server. The router's DHCP
config it gets from your ISP's DHCP server has it use your ISP's DNS
server. In case you think your ISP is having DNS troubles (and I've experienced that), you could configure your cable modem/router to go to
a different DNS provider. You could try switching the cable
modem/router away from auto-DNS (well, ISP DHCP assigned DNS server) to
a specified DNS server. There are lots of free DNS servers out there,
but some are better than others.
You could GRC's DNS benchmark tool to test a whole bunch of DNS servers,
but there are some you probably don't want to use.
https://www.grc.com/dns/benchmark.htm
Some will "help" with DNS name errors by the user. You misspell a DNS
hostname name, and their DNS server tries to guess where you really
meant to go. Also, because you reach their helper page means the DNS
query was successful as far as your DNS client goes, but that's a lie
since you never did reach the intended target host. Those helper DNS
servers redirect you to their web page.
https://www.grc.com/dns/operation.htm
(look at the meaning of orange-colored servers)
This not only has the DNS server lie to you about success/fail in
getting a true lookup, but can screw up many network tools, too. I'd
suggest to stay away from those.
Some DNS servers have built-in filtering to "protect" you from bad
sites. It's their qualification as to what constitutes a bad site, not
your choice. It's like having them nannying where you go. If you want
that protection, go for it. I don't. Typically they will filter out,
by default, bad sites that got onto their malicious site blacklist. If
you want other categories filtered out, like hate, racist, porn, and so
on, you can create an account, use their client to update your local DNS
config (on your endpoint hosts), their client monitors your account, and
DNS requests from your client go through their DNS server using your
account to determine what additional categories you want filtered out.
OpenDNS has 2 IP addresses for their DNS servers that filter out porn
without requiring an account (208.67.222.123 and 208.67.220.123), or you
create an account and use their DNS updater client to add more
categories.
For example, OpenDNS has IP addresses to their "Family Shield" DNS
servers (208.67.222.123 and 208.67.220.123). If you use those, their
DNS server uses a adult content blacklist to prevent you from getting to
porn sites. If you want other categories also block, you need to create
an account, and use their client on your endpoint hosts to ensure those categories get used in your DNS requests. I prefer no filtering, so I
use their non-filtering DNS servers at 208.67.222.222, and optionally
their secondary server at 208.67.220.220. For any filtering, I'll use
an adblocker (I use uBlock Origin) where I have some control over which
sites get filtered. I can override temporarily or permanently any
blocks in blacklists to which uBO is subscribed, and do it quickly and
easily in my web browser without having to visit the DNS service's web
site to reconfigure my account to change categories, or to add
exclusions (but free accounts only get something like 50 excludes).
With OpenDNS, and an account and using their local DNS updater client,
you could disable all filtering; however, you could just use the IP
addresses to their non-filtering DNS servers. See:
https://support.opendns.com/hc/en-us/articles/227988047-Web-Content-Filtering-and-Security
There are other web filtering DNS providers. Even Cloudflare has its
gateway service, but I've never use it to see what it takes for setup.
Once you determine which DNS server you want to use, you could leave
your endpoint hosts configured for auto-DNS to have your router pass
through the DNS requests (since it is not a DNS server) to wherever it
is configured to connect for a DNS server. Instead of using the DNS
server assigned by the ISP's DHCP server, you specify in your router
which DNS server(s) to use. Or, you can configure your endpoint hosts
to specify which DNS server to use regardless of what the router is
configured to use. I configure my workstations to use the following in
the order shown:
IPv4 properties:
1.1.1.1 (Cloudflare)
208.67.222.222 (OpenDNS)
8.8.8.8 (Google)
10.0.0.1 (my cable modem/router)
I included my router's DNS config (10.0.0.1) which is configured for
auto-DNS setup. From the upstream DHCP server (at my ISP), the router
gets assigned my ISP's current choice for DNS server in my region.
While my ISP's server isn't better (nor much worse) than the other
choices, my router has some caching that helps with whatever my router
gets for my ISP's DNS server. When using GRC's Benchmark tool, add your router's IP address to see how its caching and whatever it is configured
for DNS server compares to the others. I'd suggest adding DNS servers
in the order of performance shown by the GRC DNSbench (and avoid any
with red or orange circles), just add the full green circled ones. From
the graph, you want to use those that are fastest (shortest bars). I
usually give heaviest weighting to the red bars. While DNS servers do
not need to employ caching, almost all do because a cached lookup is
faster than a new lookup (and why I recommend using local DNS caches on
your own host). Although some may have a shorter purple bar (.com
cached lookups), I still give precedence to the red bar length. The
shorter the bar, the better. Although unlikely, it is possible that
I've been the only one to make an inquiry on a particular hostname for
many days or weeks, so the green bar indicates how long for unchached responses, and you want that short, too, although it will not be close
to the cached responses.
I have my endpoints specify which DNS server(s) it will try to use, and
in which order it uses them should one take too long to respond. This eliminates relying on the DNS server the router is configured to use.
If the DNS server to which it is configured is flaky, or the DNS
passthrough of the router becomes flaky, I'm not stuck with using just
that DNS server. DNS config in the workstations lets you specify more
than one DNS server to try. For most consumer-grade routers, you
configure for auto-DNS setup (you get what your ISP's DHCP server
assigns to your router) or you specify a DNS server, but just one. If
that one DHCP-assigned or user-assigned DNS server becomes flaky or
there are networking problems to reach it, you're stuck with just that
one DNS server and how it responds, or not.
There is also the possibility your router is too old. I've not seen one
that lasts well past 7 years. Some brands, like Dlink, start to go
flaky after 3-5 years. None of the consumer-grade routers or modems
have active cooling (they have no fans). It's just convection cooling
through tiny holes in the case. Anything that blocks airflow, like
stacking something atop the router, or placing nearby, means less
cooling. Because of lack of active cooling, they run hotter, and heat
is the bane of reliability. Electronics don't like to get overheated.
On some models, I've taken the case apart, and drill out the holes to
make them larger to improve the rate of air flow. I've seen some folks
just leave off the top of the case, and occasionally blow them off with
a duster can (dust gets inside the closed case through the holes, too,
and dust is a thermal insulator, yet users rarely open to dust out the
inside of their router). You never mentioned which brand and model of
router (or cable modem) you have, or how old it is, and if nothing is
stacked atop or nearby to allow proper convection cooling (which is
still not efficient, and circuity can get damaged over time). Might be
time to look at a replacement for the router. If it is a combo cable modem/router that you lease from your ISP, take it to their store,
report it is flaky, and swap for a new or different one. I've never had
to pay to get a defective cable modem replaced by my ISP at their
physical store.
When you restart Windows, it will have to go through DHCP renegotiation
with your router. The normal order for DHCP to work is the upstream
DHCP server must be ready when a downstream host want to connect to it. However, there are some recovery algorithms in the OS to help the client renegotiate DHCP handshaking. Typically I turn off all my devices,
bring up the cable modem first, wait for it to stabilize, bring up the
next host(s) under the cable modem, like routers, and lastly bring up
the workstations (the leafs or endpoints in the network tree). Have you
tried leaving Windows up while you reboot your router?
Also, no idea what tweaks you might've done in the registry, for network
setup, or what services or apps you configured to auto-load when Windows
starts and after you log into your Windows account. While not a great
tool, msconfig will let you reboot Windows into its safe mode with
networking, or you can use the boot-time menu to pick safe mode with networking. That won't eliminate any tweaks you've done in the registry (yourself, with a tweaker tool, or by an app), but it will eliminate all
those startup programs that automatically load which could be causing interference in networking operation. Test in safe mode w/networking
much longer than it takes for the DNS problem to exhibit itself. If
that's okay, use msconfig to boot normally, but disable all the
auto-load apps under the Startup tab, reboot, and retest.
SysInternals' (now owned by Microsoft) AutoRuns will show almost every
means for a program or service to startup. Besides entries in the
Startup folder, a Windows event, like logging in, could load a program. Programs can also get loaded by Task Scheduler on startup, and Autoruns
will list those, too.
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
No mention if the latest version supports Windows XP. You may have to
find an older version of Autoruns to use on XP. Install it to see it
will install and run under XP. Unlike msconfig that lets you disable
(and later reenable) a startup entry (that it lists), which really just
moves the entry to a holding registry entry to allow moving it back to reenable, AutoRuns has no disable. It's Delete action will remove the
startup entry. If you want it back later, you should save a .reg file
with the entry.
I have no idea what you've done, if anything, with the DNS caching
client in Windows. If you disabled it, every DNS request has to get
passed up to the DNS server, because there is no cache from which to
circumvent the lookup. While DNS requests don't take much time, many
web pages connect to multiple destinations. Every image, every link,
and every resource/asset the web page wants to access will likely
require a DNS lookup. Rare are web pages that use IP addresses to find
those resources. They use hostnames, and those require lookups. With a
web page that has hundreds or thousands of resources, all those DNS
lookups add up to noticable delay. Most web browsers have their own DNS
cache, but not everything that connects to the Internet is a web
browser. You may have other web-centric apps, like UWP apps you install
that are really web browser frontends to a web site. Some folks suggest disabling the Windows DNS client. I don't, but I do suggest changing
the time-to-survive registry entries to zero on fails, and half a day on succeeds. When a DNS lookup fails, and if stored in the DNS cache,
subsequent DNS lookup on that same IP address will also fail until that
entry expires from the cache. However, if a DNS lookup succeeds,
subsequent lookups before the entry expires means the lookup is very
fast because it is local, not having to go upstream through all your
devices, and all hops between you, your ISP, and to the DNS server, and
the return trip for the response, to do the lookups.
There is no need to duplicate DNS caches. For example, Firefox has its
own DNS cache (but not configurable for fail versus expire timeouts).
Since I leave the Windows DNS Client service running, I really don't
need Firefox's DNS cache, so I go to about:config, search on network.dnsCacheExpiration, and set it to zero. Then DNS lookups that
can be completed locally using the Windows DNS Client service (where I
can configure timeouts for fails and expiration).
http://www.helpwithwindows.com/WindowsXP/tune-24.html
MaxCacheTTL is the time for succeeds to stay in the cache, in seconds.
14400 is half a day. MaxNegativeCacheTTL is the time for fails to stay
in the cache. Any subsequent DNS lookups will also fail without ever
touching the DNS server, because the fails are in the local cache. I
set this to zero. Note: These were settings applicable back in Windows
XP. In Win 7 & 10, these settings are not relevant. Obviously none of
these settings are relevant even back in Win XP if the DNS Client
service isn't configured for auto-start and running (run services.msc to check).
When the DNS problem arises, in a command shell with elevated privileges
(admin console), run:
ipconfig /flushdns
That flushes the Windows DNS Client's cache to purge all entries: both
for failed lookups and successful ones. Any further DNS lookups cannot
use the cache, and must go up to the DNS server (to repopulate the local
DNS cache). Actually what I did was:
ipconfig /release *
ipconfig /flushdns
ipconfig /renew
That would unbind all local network adapters, flush the local DNS cache,
and rebind (renew the binding on) all the local network adapters. This
made sure all network adapters were configured per the defined config,
and not in some unusable state.
No idea what network hardware you have for the adapters inside your
computer, or for the router or cable modem/router. I don't remember if
Windows XP support IPv6, and no way to know if your hardware supports
IPv6. If your setup supports only IPv4, the above is sufficient.
However, if the OS and your hardware supports IPv6, add the following
command at the end:
ipconfig /renew6
Back when I was using Windows XP, I think Windows XP (as of SP-1)
supported IPv6, but not my hardware. If "netsh interface ipv6" doesn't
error, and instead returns a list of directives, your OS supports IPv6.
You would still have to check your unidentified hardware (mobo and its
onboard NIC or daughtercard NIC, and routers and modems) to verify they
all support IPv6. Since the OS and all my hardware now supports IPv6, I
would add the "ipconfig /renew6" command to the above list. Many sites
have both IPv4 and IPv6 addresses, but some are starting to just have
IPv6 addresses, because the IPv4 got consumed before the site managed to
get an IPv4 address. You don't mention which sites you visit that have
the DNS lookup problem to determine if maybe they are IPv6-only sites.
You could open a console shell (cmd.exe) to check which address types
they support by running:
nslookup <sitename>
Note that some have an automatic redirect at their nameserver to prepend
the www hostname to their domain, while some don't, so you have to
include www, or whatever is their hostname. For example:
nslookup eternal-september.org
will not return a response, but:
nslookup www.eternal-september.org
will. The www hostname is a default, but not required, nor may it be
the hostname for the site's home page. In the above example, the ES
site responds to connects to both IPv4 (81.169.215.164) and IPv6 (2a01:238:4300:2500:2fd8:fc5:ba0d:e44f) addresses. A host can be
assigned one, or more, IP addresses. Even using no hostname and a
hostname can return multiple IP addresses, as in:
nslookup microsoft.com
nslookup www.microsoft.com
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)
