Page 1 of 1

DNS time out request on Split DNS (Windows 10)

Posted: Sat Jan 06, 2018 10:56 am
by NickM
Hello!

I've been having a weird issue with one of my users who is currently configured with Split DNS mode enabled.

When connected to the VPN connection we are unable to resolve any DNS request. This happens only when we are connected to the Wifi device.

I have tried disabling IPV6 from the network adapter however I am still able to ping ::1

When I attempt to do a nslookup I get the following results

Code: Select all

nslookup google.com 127.0.0.1
Server:  Viscosity
Address:  127.0.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to Viscosity timed-out


Code: Select all

nslookup google.com ::1
Server:  Viscosity
Address:  ::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to Viscosity timed-out



Logs:

Code: Select all

Jan 05 4:45:48 PM: Reconnecting connection as it is now reachable
Jan 05 4:45:48 PM: State changed to Connecting
Jan 05 4:45:48 PM: Viscosity Windows 1.7.4 (1526)
Jan 05 4:45:48 PM: Running on Microsoft Windows 10 Pro
Jan 05 4:45:48 PM: Running on .NET Framework Version 4.7.02556.461308
Jan 05 4:45:48 PM: Bringing up interface...
Jan 05 4:45:52 PM: Checking reachability status of connection...
Jan 05 4:45:52 PM: Connection is reachable. Starting connection attempt.
Jan 05 4:45:53 PM: OpenVPN 2.4.3 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 21 2017
Jan 05 4:45:53 PM: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Jan 05 4:45:55 PM: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jan 05 4:45:55 PM: TCP/UDP: Preserving recently used remote address: [AF_INET].:Redacted:.:1194
Jan 05 4:45:55 PM: UDPv4 link local (bound): [AF_INET][undef]:0
Jan 05 4:45:55 PM: UDPv4 link remote: [AF_INET].:Redacted:.:1194
Jan 05 4:45:55 PM: State changed to Authenticating
Jan 05 4:45:55 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 05 4:45:56 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET].:Redacted:.:1194
Jan 05 4:45:57 PM: State changed to Connecting
Jan 05 4:45:57 PM: open_tun
Jan 05 4:45:57 PM: TAP-WIN32 device [.:Redacted:.] opened: \\.\Global\{5413826C-F496-4E54-94DF-F6CD2F8338FE}.tap
Jan 05 4:45:57 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.4.10/255.255.255.252 on interface {5413826C-F496-4E54-94DF-F6CD2F8338FE} [DHCP-serv: 10.10.4.9, lease-time: 31536000]
Jan 05 4:45:57 PM: Successful ARP Flush on interface [8] {5413826C-F496-4E54-94DF-F6CD2F8338FE}
Jan 05 4:45:57 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 05 4:46:02 PM: Initialization Sequence Completed
Jan 05 4:46:02 PM: DNS set to Split, report follows:
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 192.168.1.1:53; Lookup Type - Any; Domains - None

Jan 05 4:46:02 PM: State changed to Connected
Jan 05 5:39:00 PM: State changed to Disconnecting
Jan 05 5:39:02 PM: State changed to Disconnected
Jan 05 5:41:10 PM: State changed to Connecting
Jan 05 5:41:10 PM: Viscosity Windows 1.7.4 (1526)
Jan 05 5:41:10 PM: Running on Microsoft Windows 10 Pro
Jan 05 5:41:10 PM: Running on .NET Framework Version 4.7.02556.461308
Jan 05 5:41:10 PM: Bringing up interface...
Jan 05 5:41:11 PM: Checking reachability status of connection...
Jan 05 5:41:11 PM: Connection is reachable. Starting connection attempt.
Jan 05 5:41:11 PM: OpenVPN 2.4.3 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 21 2017
Jan 05 5:41:11 PM: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Jan 05 5:41:12 PM: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jan 05 5:41:12 PM: TCP/UDP: Preserving recently used remote address: [AF_INET].:Redacted:.:1194
Jan 05 5:41:12 PM: UDP link local (bound): [AF_INET][undef]:0
Jan 05 5:41:12 PM: UDP link remote: [AF_INET].:Redacted:.:1194
Jan 05 5:41:12 PM: State changed to Authenticating
Jan 05 5:41:12 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 05 5:41:17 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET].:Redacted:.:1194
Jan 05 5:41:18 PM: State changed to Connecting
Jan 05 5:41:18 PM: open_tun
Jan 05 5:41:18 PM: TAP-WIN32 device [.:Redacted:.] opened: \\.\Global\{5413826C-F496-4E54-94DF-F6CD2F8338FE}.tap
Jan 05 5:41:18 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.4.10/255.255.255.252 on interface {5413826C-F496-4E54-94DF-F6CD2F8338FE} [DHCP-serv: 10.10.4.9, lease-time: 31536000]
Jan 05 5:41:18 PM: Successful ARP Flush on interface [8] {5413826C-F496-4E54-94DF-F6CD2F8338FE}
Jan 05 5:41:18 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 05 5:41:23 PM: Initialization Sequence Completed
Jan 05 5:41:23 PM: DNS set to Split, report follows:
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 192.168.1.1:53; Lookup Type - Any; Domains - None

Jan 05 5:41:23 PM: State changed to Connected



This is an issue that has started recently (was working fine for quite some time). This computer is running Windows 10.

If I use Full DNS instead of Split DNS, this issue gets resolved.

Are there any recommendations or fixes that can be made to resolve this issue?

Re: DNS time out request on Split DNS (Windows 10)

Posted: Mon Jan 08, 2018 11:30 am
by Eric
Hi NickM,

As a first test, could you please try querying the DNS servers directly, e.g.

nslookup www.google.com 10.10.3.2
nslookup www.google.com 192.168.1.1

This will test if there are any routing problems.

The next step is to check there are no firewalls or AV software blocking ViscosityService.

Regards,
Eric

Re: DNS time out request on Split DNS (Windows 10)

Posted: Mon Jan 08, 2018 12:20 pm
by NickM
Hey Eric,

When I do a nslookup to 10.10.3.2 it resolves properly however when i nslookup to 192.168.1.1 it times outs.

After further examining this issue it appears that there is also a 192.168.1.0/24 network on the VPN connection that they are connecting to (both 10.10.3.0/24 and 192.168.0/24) where one of them is the same as his local network.

I will go ahead and reip on of these networks and see if the issues still happens afterwards.

Thank you for your help and reply!