DNS problems with V6

Running Win7 Pro x64.

I am away from home, and I’m using a mobile modem for my internet access. Uninstalled CIS 5.12 and installed V6, opting to NOT use SecureDNS, after which I get DNS resolution problems, although the connection is OK - nothing is accessible, not even CIS AV update.

I think there is some evidence that the relevant connection’s settings were changed during the V6 install, but strangely, reinstalling the modem’s software, which resets the connection settings to what they should be, does not fix the problem, whereas uninstalling CIS V6 does.

Any suggestions would be appreciated.

Thanks.

Hmmm, am I really the only one with this problem?

I can tell you that installing V6 makes quite a few changes to the TCP entries in the Registry, but I haven’t been able to manually change them to anything that works, and that includes values obtained from the working V5 state.

I suppose its’ easy to think that the problem does not occur when using LAN or WLAN, so there may not be many users affected by this, but it definitely looks like a bug, since uninstalling V6 cures the situation every time. For what it’s worth, merely terminating all CIS tasks is not enough, which makes sense, given that the problem is due to the changes in the TCP configuration.

Do the measures provide in No network connection after using Stealth Ports Wizard (DHCP Broken) bring a solution?

DHCP is enabled, except for one time when I had to enable it via a Registry change. Nothing is being logged anywhere by CIS, but I do get Event 1014 in Event Viewer.

This is the IPCONFIG with V5:

Mobile Broadband adapter Mobile Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Vodafone Mobile Broadband Network Adapter
(Huawei)
Physical Address. . . . . . . . . : 00-1E-10-1F-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.43.22.93(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.43.22.92
DHCP Server . . . . . . . . . . . : 10.43.22.92
DNS Servers . . . . . . . . . . . : 80.87.78.4
80.87.78.11
NetBIOS over Tcpip. . . . . . . . : Enabled

And this is V6:

Mobile Broadband adapter Mobile Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Vodafone Mobile Broadband Network Adapter
(Huawei)
Physical Address. . . . . . . . . : 00-1E-10-1F-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.43.19.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.43.19.113
DNS Servers . . . . . . . . . . . : 80.87.78.4
80.87.78.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Please note the absence of DHCP Server in the V6 info. Also, the Subnet Mask is different. I’ve tried to make “logical” changes/additions to the Registry, but was unable to make it work.

Thanks for your effort.

Please try the following. Make the rule in Global Rules as described in step 3 of the tutorial and let us know if that fixed it.

Tried that, but still the same problem.javascript:void(0);

The javascript:void(0); message would seem to suggest a problem with javascript being blocked, perhaps it’s disabled in the browser or maybe you have something like NoScript…

The ipconfig posted shows your DNS servers as those belonging to Vodafone-Ghana. You can test this by opening a command prompt and typing:

nslookup - Enter

you should see something like:

C:>nslookup
Server: vfghdns02.vodafone.com.gh
Address: 80.87.78.4

Type quit to exit.

The “javascript:void(0);” message is a result of my trying to add an emoticon, and quite possibly due to the fact that I do run NoScript (though I intended to have it disabled it at the time, but never mind).

It’s quite time consuming for me to install CIS V6 and then restore my system to its previous state every time I need to try something, so I have not tried NSLOOKUP on a V6 installation, but here’s what I get from several attempts on my working CIS V5 system:

C:\Users\Bill>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 80.87.78.4

nslookup
Server: UnKnown
Address: 80.87.78.4

DNS request timed out.
timeout was 2 seconds.
*** UnKnown can’t find nslookup: Non-existent domain

nslookup
Server: UnKnown
Address: 80.87.78.4

*** UnKnown can’t find nslookup: Non-existent domain

nslookup
Server: UnKnown
Address: 80.87.78.4

DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

And yes, I am in Ghana at the moment, so the Vodafone Ghana info you provide is correct.

Thanks for your input.

Have you allowed nslookup through the firewall? Might be a good idea to post your Application firewall rules for v5/v6…

Had this been an issue, would I not see some firewall events logged? There aren’t any.

My rules are all defaults.

If you have default settings for the firewall, nslookup would probably have been allowed, without invoking any alerts or logging any events, as it’s a ‘safe’ application. The reason I suggested the block is simply because the errors are indicative of this kind of problem and it’s the easiest thing to check.

Just to make suer we’re looking at the same data, you’re performing these tests with CIS version 5 installed?

Here’s a couple of things to do. Please report the details.

From an Administrative command prompt:

1. Run an ipconfig /all - post the full output
2. run the following:

nslookup

set d2
80.87.78.4

Report the full output

3. run the following command:

netsh int tcp show global

Report the full output.

4. run services.msc and report the status of the DHCP and DNS client services.

It would also help to see details of your CIS settings/rules. If you want, you can export the configuration file and attach it to a post as a zip file.

The following is all from Win7 Pro x64, with CIS V5 installed, and all is working well. Please advise if there is any benefit in rerunning the commands with V6 installed. Please note that V6 IPCONFIG for the relevant adapter is already provided in a previous post (Reply #3).

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Asus-N53SN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Mobile Broadband adapter Mobile Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Vodafone Mobile Broadband Network Adapter
(Huawei)
Physical Address. . . . . . . . . : 00-1E-10-1F-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.43.41.133(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.43.41.132
DHCP Server . . . . . . . . . . . : 10.43.41.132
DNS Servers . . . . . . . . . . . : 80.87.78.4
80.87.78.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 26-2F-68-DF-51-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9002WB-1NG Wireless Ne
twork Adapter
Physical Address. . . . . . . . . : 74-2F-68-DF-51-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 74-2F-68-E2-BD-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-04-A6-40-16-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ECA3A4DD-D3E6-47F3-BEC4-644AB0CD16D3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>nslookup
Default Server: vfghdns02.vodafone.com.gh
Address: 80.87.78.4

set d2
80.87.78.4
Server: vfghdns02.vodafone.com.gh
Address: 80.87.78.4

SendRequest(), len 41
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    4.78.87.80.in-addr.arpa, type = PTR, class = IN

Got answer (210 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 3, additional = 3

QUESTIONS:
    4.78.87.80.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  4.78.87.80.in-addr.arpa
    type = PTR, class = IN, dlen = 27
    name = vfghdns02.vodafone.com.gh
    ttl = 2888 (48 mins 8 secs)
AUTHORITY RECORDS:
->  78.87.80.in-addr.arpa
    type = NS, class = IN, dlen = 15
    nameserver = mantse.gh.com
    ttl = 2888 (48 mins 8 secs)
->  78.87.80.in-addr.arpa
    type = NS, class = IN, dlen = 20
    nameserver = snshq901.ghanatel.com.gh
    ttl = 2888 (48 mins 8 secs)
->  78.87.80.in-addr.arpa
    type = NS, class = IN, dlen = 11
    nameserver = snshq902.ghanatel.com.gh
    ttl = 2888 (48 mins 8 secs)
ADDITIONAL RECORDS:
->  mantse.gh.com
    type = A, class = IN, dlen = 4
    internet address = 193.194.185.2
    ttl = 8721 (2 hours 25 mins 21 secs)
->  snshq901.ghanatel.com.gh
    type = A, class = IN, dlen = 4
    internet address = 80.87.64.2
    ttl = 86154 (23 hours 55 mins 54 secs)
->  snshq902.ghanatel.com.gh
    type = A, class = IN, dlen = 4
    internet address = 80.87.64.3
    ttl = 1531 (25 mins 31 secs)

Name: vfghdns02.vodafone.com.gh
Address: 80.87.78.4

netsh int tcp show global
Unrecognized command: netsh int tcp show global
quit

C:\Windows\system32>netsh int tcp show global
Querying active state…

TCP Global Parameters

Receive-Side Scaling State : enabled
Chimney Offload State : enabled
NetDMA State : enabled
Direct Cache Acess (DCA) : enabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : ctcp
ECN Capability : disabled
RFC 1323 Timestamps : disabled

DHCP and DNS Client services both STARTED.

V5 config file is attached.

[attachment deleted by admin]

As you say, everything looks to be functioning correctly so, It’s really only necessary to post the details if you have problems when you reinstall v6.

OK, same commands as preiously requested, but this time after V6 install. V6 was installed on top of V5 without any installation issues. Please note that I have the same DNS problems even if I first uninstall V5.

Relevant connection is active.

Regardless of what we manage here, if anything, thanks for your efforts.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Asus-N53SN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Mobile Broadband adapter Mobile Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Vodafone Mobile Broadband Network Adapter
(Huawei)
Physical Address. . . . . . . . . : 00-1E-10-1F-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.43.14.38(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.43.14.39
DNS Servers . . . . . . . . . . . : 80.87.78.4
80.87.78.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 26-2F-68-DF-51-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9002WB-1NG Wireless Ne
twork Adapter
Physical Address. . . . . . . . . : 74-2F-68-DF-51-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 74-2F-68-E2-BD-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 54-04-A6-40-16-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ECA3A4DD-D3E6-47F3-BEC4-644AB0CD16D3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 80.87.78.4

set d2
80.87.78.4
Server: UnKnown
Address: 80.87.78.4

SendRequest(), len 41
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
    4.78.87.80.in-addr.arpa, type = PTR, class = IN

DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to UnKnown timed-out

quit

C:\Windows\system32>netsh int tcp show global
Querying active state…

TCP Global Parameters

Receive-Side Scaling State : enabled
Chimney Offload State : enabled
NetDMA State : enabled
Direct Cache Acess (DCA) : enabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : ctcp
ECN Capability : disabled
RFC 1323 Timestamps : disabled

DHCP and DNS Client services both STARTED.

V6 config file is attached.

[attachment deleted by admin]

Unfortunately, the configuration file didn’t lead anywhere. The PC on which it was loaded had no issues. As an interim solution, you could try loading some third-party DNS servers manually, see where that takes you but we’ll have to find out why you’re receiving a different set of network data when you load version 6, as it’s almost certainly this at the root of the problem.

If you want to try some third-party DNS servers, select a couple from the list:

Comodo - 8.26.56.26 and 156.154.70.22.
OpenDNS - 208.67.222.222 and 208.67.220.220
Google - 8.8.8.8 and 8.8.4.4

There are others. Just add these via Network and Sharing Centre\Change Adapter Settings

[attachment deleted by admin]

I tried using OpenDNS servers, even though I had already tried them previously, with no change.

As I indicated previously, I’ve been looking at the Registry, to see if I could identify some changes that appear relevant. And whereas earlier installs of V6 resulted in several changes to the TCPIP Registry entry, my last attempt resulted in only one field being changed from its V5 value. Strange. And no, changing the V6 value to the V5 value did not help.

I suppose when I get back home and start using my LAN connection again, I may not have a problem with V6, but I’d be afraid that next time I have to use my Vodafone adapter I’ll be ■■■■■■■, as by then it wouldn’t be easy to revert to V5.

I don’t suppose you have access to a different modem with which to test?

I may, but not immediately.

Meanwhile, I’ve discovered that if I deselect the COMODO Internet Security Firewall Driver in the connection’s properties, the problem disappears, without even having to disconnect/reconnect. I assume that by doing this, I effectively disable the Firewall, so does this information provide a clue to a more appropriate solution? Also (and I plead ignorance of the subject here), under Firewall Tasks > Manage Networks, no networks are showing. Is this the way it should be? There’s a little red ‘X’ on the connection in the image. Please keep inmind that I’m running with default settings, and there are nothing logged under Firewall Events.

Doing this effectively takes CIS out of the loop as it’s the main driver for the application.

...so does this information provide a clue to a more appropriate solution?

Unfortunately not. It’s still a mystery why, when using version 6, you appear to be getting a completely different network configuration from your ISP and I’m pretty sure it’s this that’s causing the problem.

Also (and I plead ignorance of the subject here), under Firewall Tasks > Manage Networks, no networks are showing. Is this the way it should be? There's a little red 'X' on the connection in the image. Please keep inmind that I'm running with default settings, and there are nothing logged under Firewall Events.

I did notice this on the configurations you uploaded earlier. Basically, when you install CIS, it’s supposed to detect any attached networks and present you with a dialogue (see image) that allows you to decide the kind of Network you’re connecting to. Once selected, it creates a Network ‘Zone’ and in the case of ‘Home’ and ‘Work’, will create both Application and Global rules that facilitate things like file/printer sharing.

That said, the lack of a zone in your configurations, shouldn’t really affect the network configuration, as this is the province of svchost (DHCP) and not the ‘System’ process to which the zone rules are applied.

I’m almost certain, if the network configuration (IP address/Mask etc.), were from the same subnet as that received when using version 5, the problem would go away. Although that does leave a question mark about why the third-party dns servers also failed.

[attachment deleted by admin]

Your last statement may be answered by my observation that whatever changes I make to the TCPIP parameters in the Registry (including DNS servers), are undone when I connect. Must be the adapter’s software, I guess. And I suppose this agrees with the first quote above, in the sense that the adapter’s software is responsible for generating the non-functioning parameters.

Still, it’s strange if we look at it as follows:

• I uninstall completely CIS and adapter/software
• Reboot a zillion times
• Install modem: everything works
• Install CIS V6: problem, as described (works if I deselect the connection’s CIS Firewall Driver)
• Uninstall CIS: everything works

Do we conclude that the modem’s software looks at something and modifies TCPIP options accordingly? I have no idea…

For now, I have two options: stay with CISA V5, or disable the CIS Firewall Driver and use the Windows Firewall while I’m on the adapter.

By the way, is this an indication that the problem is not really a DNS server problem?

(CIS Firewall not selected):

C:\Windows\system32>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=1120ms TTL=43
Reply from 8.8.8.8: bytes=32 time=453ms TTL=43
Reply from 8.8.8.8: bytes=32 time=613ms TTL=43
Reply from 8.8.8.8: bytes=32 time=427ms TTL=43

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 427ms, Maximum = 1120ms, Average = 653ms

(CIS Firewall selected):

C:\Windows\system32>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Windows\system32>

I’ll be happy to heed any advise you may come up with, but even if you’re at a dead end as well, thanks for all your efforts.