For several days it has seemed like DNS is failing with no responses (web pages don't load, even ping cannot resolve address). But my surprise was great when i found out that the actual culprit is windows own firewall: 2011-07-02 16:54:30 DROP UDP 8.8.4.4 192.168.0.10 53 50188 104 - - - - - - - RECEIVE 2011-07-02 16:54:31 DROP UDP 8.8.4.4 192.168.0.10 53 54141 74 - - - - - - - RECEIVE Why is this happening? I have tried with several DNS servers: my ISP's DHCP addresses (both automatic and manual), Google DNS (currently selected), OpenDNS. No matter which one i use, the resulting log entries look like above. I have no idea what's causing this except a hunch about my connection's laggyness, could it be that the DNS query somehow times out, and that's why windows firewall doesn't permit it back in? BUT, even that shouldn't theoretically happen because i have created an extra incoming rule permitting ALL remote (any address) port 53 (remote:53, local:any) UDP traffic in! And this is why i am exceptionally puzzled. I have observed dns traffic with NetMon for clues but nothing special has popped out. I am not a DNS or networking pro so i don't know what to be on the lookout for. Edit: only strangeness is that browser seems to be re-querying DNS for stuff that should already be well known like *.facebook.com etc. But this is not just a browser problem but all net is affected. Edit: Just got DNS timeouts on nslookup, timeout was 2 seconds. Increased it to 10 seconds, still nothing didn't happen on the first try, only second try brought results - however there are no dropped packets in firewall log. Does this mean i'm suffering from extremely laggy connection? Is there a way to increase DNS timeout for the whole system? Edit: NetMon shows 3 requests sent, 0 received. Firewall log shows 0 dropped.

So... is it possible to relax DNS timings somewhere? Or what can i do. This only happens with higher network load, however not anywhere near max capacity (only 40-60 MB/s on a GB ethernet). Is the Windows Firewall flakey? I don't think it should never ever do that.

Here it's happening again on a massive scale, and interestingly both my network and workstation are very lightly loaded (cpu <20%, network <1%, no mentionable disk IO): 2011-07-04 15:56:56 DROP UDP 8.8.8.8 192.168.0.10 53 35366 229 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 8.8.4.4 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 8.8.8.8 192.168.0.10 53 35366 229 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 8.8.4.4 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 8.8.8.8 192.168.0.10 53 35366 229 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 8.8.4.4 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 208.67.222.222 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 208.67.222.222 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:56 DROP UDP 208.67.222.222 192.168.0.10 53 35366 245 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.8.8 192.168.0.10 53 44508 321 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.8.8 192.168.0.10 53 44508 321 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.8.8 192.168.0.10 53 44508 321 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 208.67.222.222 192.168.0.10 53 44508 273 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.4.4 192.168.0.10 53 44508 273 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 208.67.222.222 192.168.0.10 53 44508 273 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.4.4 192.168.0.10 53 44508 273 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 208.67.222.222 192.168.0.10 53 44508 273 - - - - - - - RECEIVE 2011-07-04 15:56:59 DROP UDP 8.8.4.4 192.168.0.10 53 44508 273 - - - - - - - RECEIVE This is not all of it, just an example how Windows Firewall can suddenly decide to drop ALL my DNS packets resulting in impossible network use.

Hi, I would like to know if you made any changes before the issue occurring. What is your connection type? Where is your location? Regarding the issue, I suggest you refer to the following methods for testing. 1. Reinstall the network adapter driver from manufacture's site 2. Disable or reset Windows Firewall. 3. Check if any router is used. If so, update firmware and reset it. Also please help me collect the following information for further research. Open CMD with administrator privileges and try the following commands, then paste the result here. nslookup server 8.8.4.4 technet.microsoft.com Best Regards, Niki Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have not made any changes, not run any "optimizer" (learned my lesson about the reality of these a long time ago). Connection is 100 Mb/s cable with effective throughput varying between 3-9 MB/s. Well it is obvious that the firewall cannot drop packets any more if it's disabled, right? Just did "Restore default policy" for Windows Firewall, will continue observing the situation. Reinstalling driver will have to wait there is no possibility for that now this machine is in production use. Router is brand new (less than 3 months old) but don't think it can be router problem, because this did not happen from the start, only for some last 2 weeks, router settings have not been tampered with since they were set up (and just re-checked, there is nothing regarding DNS packets there, just plain vanilla setup). Unfortunately cannot recall anything done in the last 2-3 weeks that would have affected the adapter/connection/dns. > server 8.8.4.4 Default Server: google-public-dns-b.google.com Address: 8.8.4.4 > technet.microsoft.com Server: google-public-dns-b.google.com Address: 8.8.4.4 Non-authoritative answer: Name: technet.microsoft.akadns.net Address: 65.55.11.240 Aliases: technet.microsoft.com So yet this far the source of the problem remains a mystery. Will try to keep this topic posted when more information. What i would like to know if there is possibility to relax DNS query timings for heavily used connections?