DNS not working for Browsers on LAN

I have a 2 PC LAN. Everything is fine on the server, but on the client, DNS isn’t working. I normally use Firefox but I tried IE for troubleshooting purposes and its diagnostic says the DNS server isn’t responding. When I type an IP address, that seems to work but it looks like a lot of websites don’t like direct IP access. Broadbandreports.com loads when I access it via IP address but its not normal looking.

I tried deleting the network zone and closing and reopening Comodo to reinstall it, but no difference. When I first installed Comodo I didn’t have this problem.

Also, my Bit Torrent client is unable to connect to trackers. Another indication of DNS failure.

Bump

I tried to do some basic troubleshooting by disabling 1 setting at a time until it worked but there really aren’t too many settings that you can do that with.

Hi Heat84,

Can you tell us a bit more about your network setup?
Did you set Secure DNS on the router or on the 2 separate systems?

If for example your local LAN’s router’s IP is 192.168.1.1 can you try the following on a command-box;

nslookup www.google.com 192.168.1.1

And see if that resolves?

No router. 2 NIC’s in the server PC. One goes to the cable modem and the other is connected to the client via a crossover cable(I know everybody and their grandmother has a wireless router these days but this setup works for us).

G:\Users\Joey>nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

I assume 192.168.0.1 is the IP of your Server? and this test is run from PC2?

Can you verify both servers DNS server setups to see if both use Comodo Secure DNS?

I’m not using Secure DNS. Doing an Ipconfig/all on the server shows my ISP’s (Comcast) DNS server. Is Comodo supposed to enable secure DNS automatically when you install it? I didn’t know it existed until you mentioned it. I saw in the help about manually enabling it. I could do that but I don’t see what difference it would make.

I don’t think that’s the issue since it works fine on the server. It was working fine on the client too. I think what happened was when Comodo was learning, it mislearned that allowing DNS to the client was not safe.

I just manually added my ISP’s DNS server in the client’s NIC settings and DNS is now working on the client with Comodo enabled. So it looks like Comdo is blocking DNS relay(or preventing the server from acting as the DNS server) to the client but not actual DNS. BTW, You did deduce that I was using ICS when I said I was using a crossover cable didn’t you? I don’t know if that has anything to do with the problem.

Not that it makes a difference but I fell asleep or something last night while I was editing the post with the NSlook up results. I was closing some tabs in my browser and saw I still had the modify post page open on one of them. I didn’t follow all of the directions when I did the test posted in the other post.

G:\Users\Joey>nslookup  www.google.com 192.168.0.1
Server:  ALAN.mshome.net
Address:  192.168.0.1

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  74.125.47.99
          74.125.47.105
          74.125.47.106
          74.125.47.104
          74.125.47.147
          74.125.47.103
Aliases:  www.google.com


G:\Users\Joey>nslookup  www.google.com 192.168.0.1
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

The first run is with Comodo disabled, the second is with it in safe mode.

So for some reason it blocks DNS queries on your local LAN.

Do you have any BLOCK rules in the network application policy for Windows executable’s?
for svchost.exe or “system” etc?

How is your global rules setup? default or did you add blocking rules, or use stealth ports wizard?

No blocking rules of any kind(that I made). I only added the rules for EMule(my other thread here) and they’re not for blocking anything(and are not working either BTW).

Can you create a configuration export and send me a PM on how to exchange this?
As it’s might contain to much details for the public here…

You can create an export by going to More, Manage My Configurations, select the “Active” configuration and press the “Export” button, and then select a location to save it to.

Configuration export PM’ed.

Hi Heat84,

Sorry it takes some time, I’m very busy lately, I’ll try to import the config today and see if I can figure out what’s going wrong…

There’s no hurry.

Hi,

Can you remove the block rule for svchost.exe

And add global rules for “Local Area Network #2”

And see if that fixes the issue?

[attachment deleted by admin]

Its working now, thanks. But I didn’t follow proper troubleshooting procedure. I forgot to see if the problem still existed before I made the changes. I’ll probably eventually undo them just so I don’t have to wonder.

Why did you redact part of a 192 IP address? Its just an internal network address. It can’t be used to identify anybody. It can possibly identify my EMTA(but I’m sure there’s other devices that use that IP address). A bit paranoid are we?

That’s good news

Why did you redact part of a 192 IP address? Its just an internal network address. It can't be used to identify anybody. It can possibly identify my EMTA(but I'm sure there's other devices that use that IP address). A bit paranoid are we? :D