Win 7 x64 SP1, Comodo 5.x.x.1355
Just what are these DNS resolution time-outs? I have received them ever since I installed WIN 7 but they have been esculating in the last month. I have a honeypot set up on my router to trap all unsolicted requests but those requests should never leave the router. These events appear to be outbound sourced?
[attachment deleted by admin]
What DNS servers are you using? Searching Google with query 202.208.121.5 dns does not yield any hits.
Can you open the command prompt and run ipconfig /all from there? What does it show for DNS servers?
The error you’re seeing in the event logs is actually quite common, especially for Windows 7 users, although it’s not exclusive to the OS.
The error is actually telling you that, for whatever reason, the DNS server failed to respond with an answer within the specified time. The parameter that defines this is:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ DNSQueryTimeouts
Which on Windows 7 is not present by default, but the inherent value defined by the key may be changed by adding it to the location defined above. the default value is a mult-istring:
“1 2 4 8 0”
This means wait one second for a response, if none is received try again at 2 seconds up to a total of 15 seconds.
That said, you will also find a number of more esoteric solutions, such as disabling ‘Task offload’ or ‘Large Send Offload’ on the network adapter or via netsh:
netsh int ip set global taskoffload=disabled
Another common DNS timeout message is for www.msftncsi.com or 131.107.255.255. This is use by the Network Location Awareness service/Network Connectivity Status Indicator, ( Appendix H: Network Connectivity Status Indicator and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 | Microsoft Learn ), which is used to detect the presence of network to which you attach. If these failures are common in your logs, you could disable this lookup by changing the value at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing
to 0 (zero)
Or, by using gpedit.msc (depends on your version of Windows)
Run gpedit.msc and navigate to:
Computer Configuration/Administrative Templates/System/Internet Communications/Management/Internet Communications/Settings
And look for - Turn off Windows Network Connectivity Status Indicator Active Tests
Change the setting as appropriate. It’s also possible to change the server used for the tests.
Essentially, there’s no easy answer for these errors. You could try changing your DNS provider, you could set DNS on the network adapter manually as opposed to having it supplied by your router, or make the changes outlined above (there are others).
The address shown in your image is for a PTR (pointer) record or to put it another way, a reverse lookup, so:
202.208.121.65-in-addr.arpa, when seen as a forward lookup, becomes 65.121.208.202, which is an AKAMAI block.
What DNS servers are you using? Searching Google with query 202.208.121.5 dns does not yield any hits.
As Ragaghast descibed, these appear to be reversed DNS addresses.
Thanks, Ragahast for the detailed explaination.
My DNS server is on my router and is refreshed from AT&T DNS servers i.e old Bellsouth servers.
I have been having periodic sputters and occassional disconnects in IE and I am beginning to beleive this activity is the cause.
BTW - approx. half these log events are for my reversed router gateway address.
Also you can also receive these events for failed DNS name resolution. Example attached.
[attachment deleted by admin]
I have been having periodic sputters and occassional disconnects in IE and I am beginning to beleive this activity is the cause.
Think I found a reason for part of this. I had set up Avast’s web shield to terminate connection versus ask when if finds anything bad.