DNS issues over MAN

[escaladieu]

I live in a rural location & internet is provided by a wireless network. I have a transceiver mounted on my house which connects to the local church tower & thence to a water tower & then a wired network. The network is operated by a sole trader who does his best to keep it working.
I'm having problems with name resolution with this network. A lot of DNS requests fail. To try and get round this I have set my adapter to use google DNS & OPEN DNS, this is better but requests still fail. The only way I can get reliable DNS resolution is to connect a VPN to some location (the UK works well, I'm in France) then the resolution is reliable.
I put wireshark on the network to see what was happening. With the adapter set to automatic DNS server address I frequently get "request refused" & "not authoritative for this domain" responses but not always. With the adapter set to google or open dns I occasionally get the same symptom.
Clents are W10 & IOS. I get the same issues on IOS as I do on W10.
I'm not an IP expert but I do have experience of writing software for network interfaces so I'm not a total noob.
I was hoping that a knowledgeable person could suggest some other diagnostics to try so I can help my network provider fix the issue ( he needs help) I'm puzzled as to why the DNS works some of the time but not all the time and as to why setting my adapter dns to google does not wholly fix the issue. The fact that a VPN connection to the UK works properly suggests that there may be an issue with the Internet infrastructure in my region (Its quite remote) ANy help appreciated. Thanks in advance

 

[XavierMace]

How much packet loss do you have on your connection? Setting the DNS to use Google's won't help if your connection can't get to Google 90% of the time.

 

[John Connor]

Do a tracert on the DNS IPs. Try Smokeping. Clear your DNS cache. Other than that talk to your ISP. Especaily if Smokeping shows a lot of dropped packets. Note that you will need to allow pings for Smokeping to work. Win 10 though... I find it to be crap. Just my humble opinion.

I also wonder if the router is dropping DNS? Check its settings.

 

[John Connor]

his best to keep it working.

That could be the issue. What's his hardware look like?

 

[escaladieu]

How much packet loss do you have on your connection? Setting the DNS to use Google's won't help if your connection can't get to Google 90% of the time.

Its a wide area WLAN so some, the issue is not really that I can't connect to google's DNS but that the DNS requests are mostly resolved, but often return " request refused" of "not authorative" - I could understand if the resolver always did this or did not do this at all, but the fact that it does it some of the time makes me think that there's a mis configuration. Also the fact that the DNS resolution works properly over a VPN seems to indicate a local misconfig, to me at least. I suppose that if there were packet loss downstream of my access point this might explain it - but then I'd expect no response at all rather than "not authorative" for example, but the fact that it works via VPN kind of rules this out, unless of course the VPN error recovery is solving the issue.

 

[John Connor]

If the VPN handles fine then you have a local issue.

 

[escaladieu]

Its CISCO that's all I know. Thanks for the response

 

[escaladieu]

If the VPN handles fine then you have a local issue.

Yes, that was my feeling as well. What I want to do is to help him fix it
Thanks for the response

 

[Gryz]

When you use a VPN, the driver creates a new "virtual" network interface. That interface looks to Windows as if it is a regular network interface. I think it has its own settings, just like other interface.

If I were you, I'd compare the settings on the virtual network interface with the settings of your regular ethernet interface. Is there something different ? I bet the DNS servers are different. When you change the DNS server on your ethernet interface, does that also apply to your VPN interface ? If the DNS server setting is system-wide (in stead of interface-wide) do the VPN settings (temporarily) overwrite the settings in your ethernet interface ?

So you used WireShark to look at the DNS replies. But did you look at the requests too ? Are they different maybe ? Does your PC add domain-names to the requests ? Nobody uses this anymore, but there is a feature in DNS called "dns search path". Suppose you work in a company called gryzemuis.com. Suppose you set your dns search path to "gryzemuis.com". Then if you type "server1" as a hostname, your machine will search for "server1.gryzemuis.com.". If you search for "rtr1.lab" then you will search for "rtr1.lab.gryzemuis.com.". Etc. This means that if you type in google.com, your machine will first search for "google.com.gryzemuis.com." and then later for "google.com.". (Note, the usage of . at the end of domainnames. Nobody does that anymore. But a dot at the end is like a slash at the start of filenames. Absolute root).

It's unlikely, but this is something that could make half your DNS requests fail. Guess there might be more tricky things like this. Anyway, I'd start comparing the full settings of your 2 network interfaces (virtual vpn and ethernet). Hope this helps.