[coghlan]

Does Rogers discard nslookup requests? While I can ping google.ca, if I nslookup google.ca it always times out.

An ipconfig /all shows my local router as the DNS server (192.168.0.1). Is there some upstream handshaking that I need to enable on the router to get nslookup working?

This is causing a problem with my Kidswatch parental control software. Web pages are taking about 90 seconds to load on limited accounts, and it seems to be related to name resolution in DNS.

 

[coghlan]

Hmmm, that's interesting. Of course, regardless of the utility (nslookup, dig etc.) they are all sending RFC 1035 queries.

What does ipconfig and your router (if you have one) indicate for the DNS server? My PC points to the router (192.168.0.1) and the router has a 69.* (or 64.*, can't remember).

At least in your neck of the woods, the Rogers name server replies to nslookup. That helps with my troubleshooting.

 

[coghlan]

With an 8 second timeout, the lookup eventually succeeds (really slow though). I believe this slow response is at the root of problems I have with Kidswatch parental control software web filtering (page loads take 2 minutes for non-administrators). Their sofware designers told me that the new version (7) has a new filtering model which relies more heavily on DNS, so I suspect that either Rogers or my DIR-655 is at the root of the problem. Probably Rogers.

 

[coghlan]

If you can ping google.ca, then your DNS must be working. Windows NSlookup times out after 2 seconds, which often isn't long enough for recursive queries. What happens if you run:

nslookup -timeout=8 google.ca

You could also try

nslookup -debug google.ca

Which might tell you more than you wanted to know.

-Mike

I'll try that on my home PC tonight. On the computer I'm using right now I see the domain prefix being appended to the queried domain, requiring 5 recursive queries until a hit is obtained. If I add a "." to the end of the domain name, only one query is needed.

My ethernet adapter has a connection-specific DNS suffix. I couldn't see where this originates from and it is apparently totally useless, generating a whole bunch of failed DNS requests every time until it gets completely stripped off. This may be compounding the problem I'm experiencing with Kidswatch.

 

[coghlan]

Another thing to try is to set your PC's DNS server to go directly to Rogers' server instead of to your router since the router's DNS proxy may be the bottleneck. You could also try using a different DNS server such as Google instead of Rogers. Details are here:

http://code.google.com/speed/public-dns/docs/using.html

I configured the net adapter to use the Rogers DNS server, rather than the DIR-655. Runs like a bat outta hell now. This has cleared up the Kidswatch problem in which web filtering was causing a delay of 1-2 minutes to load a single web page.

I also configured the net adapter to have just "." in the primary DNS prefix list (i.e. treat all addresses as fully-qualified).

So, what gives with the DIR-655? Guess I should contact D-Link.

 

[coghlan]

I don't know if this is an nslookup-specific thing, but nslookup always does a reverse lookup on the DNS server address (192.168.0.1) and that is what seems to cause most of the delay when the DIR-655 isn't bypassed. When I configure the net adapter to use the IP of the Rogers DNS server, the reverse lookup of that address succeeds immediately, but the query of 192.168.0.1 gets hung up somewhere.

 

[coghlan]

I turned off DNS relay, which results in the DHCP-advertised DNS server being the actual Roger DNS server. This is probably best for most home networks.

If the reverse lookup is just an nslookup thing, then, when relay is enabled, I guess there is a query for 192.168.0.1.inaddr-arpa which I guess Rogers tosses?

That said, if only nslookup is doing a reverse lookup, I'm not sure why this would affect name resolution performed by Kidswatch.