WinGate Forums

[lxm]

When we use Wingate6.0.3 recently, a strange thing happened here: it can work normally only for a period of time(half a day),Then our DNS will be invalidated.

We can visit Web Site via IP but most domain name can't visit. Such as: when we type "www.sohu.com" in URL at client, IE display that "Client error: Host name lookup for 'www.sohu.com' failed".

It will be ok when we restart the WinGate Engine.

What's wrong with me? Can you help me? Thanks a lot!

[neil]

How are the clients connecting through WinGate? Via NAT or Proxy? Do the client machines have their DNS setting in TCP/ IP properties pointing out through WinGate? If so could you turn on debug logging in the DNS resolver, and when this problem happens again post the results from that log here please?

Regards

Neil

[adrien]

Hi

It sounds like WinGate is learning of several DNS servers, and switching to one that doesn't work.

WinGate uses the DNS servers that are specified in the OS, so in your adapter settings etc.

If there are some DNS servers in there that WinGate should not use (i.e. another Active Directory Server etc), then you can exclude these from being used by WinGate, by running the WGOptions application from the WinGate folder.

Also it sometimes helps to enter the IP address of an internet-based DNS server into the WinGate DNS resolver configuration in GateKeeper.

Adrien

[lxm]

Yes, We really set several DNS server. Does Wingate circle to use the DNS setting?

But the question still exist when we delete all other DNS server and remain one. Anyway(one or several), it can only works for a period of time normally.

Now we have stop DNS service and start UDP service. It seem looks normally. We are being observed.

I'll send the log file to neil through email.

[lxm]

Sorry, I can't find Neil's email and have to post log file here.

This is DNS Resolver.log:

10/18/04 08:12:47 Request: request [0337d5e8] A lookup "toolbar.google.com."
10/18/04 08:12:47 Error: bounce request [0337d5e8]<1> to try 3 (no specific and cannot select)
10/18/04 08:12:58 Request: request [0337d63c] A lookup "toolbar.google.com."
10/18/04 08:12:58 Error: bounce request [0337d63c]<1> to try 3 (no specific and cannot select)
10/18/04 08:12:58 Request: request [0337d63c] A lookup "toolbar.google.com."
10/18/04 08:12:58 Error: bounce request [0337d63c]<1> to try 3 (no specific and cannot select)
10/18/04 08:12:58 Request: request [0337ccc8] A lookup "toolbar.google.com."
10/18/04 08:12:58 Request: request [0337cc9c] A lookup "toolbar.google.com."
10/18/04 08:13:53 Request: request [03a7d5e8] A lookup "news.sina.com.cn."
10/18/04 08:13:54 Request: request [03a7d5e8] A lookup "image2.sina.com.cn."
10/18/04 08:13:54 Request: request [03b7d5e8] A lookup "image2.sina.com.cn."
10/18/04 08:13:54 Request: request [03c7d5e8] A lookup "image2.sina.com.cn."

[lxm]

The log file is too long so I pick some of it:

10/18/04 08:19:54 Request: request [027df8f0] PTR lookup "59.0.168.192.in-addr.arpa."
10/18/04 08:21:28 DNS Resolver thread stopping
10/18/04 08:21:56 DNS Resolver thread starting
10/18/04 08:22:39 Request: request [0317d5e8] A lookup "news.sina.com.cn."
10/18/04 08:22:40 Request: request [0317d5e8] A lookup "image2.sina.com.cn."
10/18/04 08:22:40 Request: request [0317d5e8] A lookup "image2.sina.com.cn."
...

[neil]

Could you please turn on DEBUG logging for the DNS resolver, and then post a snippet (20 lines or so) of it back here. It's the debug messages that will tell us how the resolver is doing things, rather than just what it is doing.

Regards

Neil

[lxm]

Sorry Neil, Now I know what's you what:

10/19/04 09:55:09 Request: request [0c77d5e8] A lookup "ad1.ettoday.com."
10/19/04 09:55:09 Debug: bounce request [0c77d5e8]<0> to try 1 (nothing useful in cache)
10/19/04 09:55:09 Debug: selected 202.106.46.151 <IP helper> for request [0c77d5e8]<1> (best looking)
10/19/04 09:55:09 Debug: request [0c77d5e8](ID 110) sent to 202.106.46.151 <IP helper> (33 bytes)
10/19/04 09:55:09 Debug: received block [67] (server 202.106.46.151, port 53)
10/19/04 09:55:09 Debug: useful response [0c77d5e8](ID 110) (0.16s)
10/19/04 09:55:11 DNS Resolver thread stopping
10/19/04 09:55:24 DNS Resolver thread starting
10/19/04 09:55:24 Debug: DNS registry entry scan (0 total entries)
10/19/04 09:55:25 Debug: DNS registry entry scan (0 total entries)
10/19/04 09:55:30 Debug: completed "192.168.0.151" (Internal reverse lookup - cache hit)
10/19/04 09:55:30 Debug: completed "192.168.0.145" (Internal reverse lookup - cache hit)
10/19/04 09:55:30 Request: request [0356d5e8] A lookup "webmail.21cn.com."
10/19/04 09:55:30 Debug: bounce request [0356d5e8]<0> to try 1 (nothing useful in cache)
10/19/04 09:55:30 Debug: selected 159.226.2.25 <user input> for request [0356d5e8]<1> (best looking)
10/19/04 09:55:30 Debug: request [0356d5e8](ID 1) sending to 159.226.2.25 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:30 Debug: completed "192.168.0.117" (Internal reverse lookup - cache hit)
10/19/04 09:55:30 Request: request [0376d5e8] A lookup "www.ettoday.com."
10/19/04 09:55:30 Debug: bounce request [0376d5e8]<0> to try 1 (nothing useful in cache)
10/19/04 09:55:30 Debug: selected 159.226.2.25 <user input> for request [0376d5e8]<1> (best looking)
10/19/04 09:55:30 Debug: request [0376d5e8](ID 2) sending to 159.226.2.25 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:30 Request: request [0366d5e8] A lookup "ad1.ettoday.com."
10/19/04 09:55:30 Debug: bounce request [0366d5e8]<0> to try 1 (nothing useful in cache)
10/19/04 09:55:30 Debug: selected 159.226.2.25 <user input> for request [0366d5e8]<1> (best looking)
10/19/04 09:55:30 Debug: request [0366d5e8](ID 3) sending to 159.226.2.25 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:30 Debug: completed "192.168.0.83" (Internal reverse lookup - cache hit)
10/19/04 09:55:31 Debug: request [0356d5e8] "webmail.21cn.com." (no response on try 1)
10/19/04 09:55:31 Debug: multicast request [0356d5e8]<2> (7 good servers)
10/19/04 09:55:31 Debug: request [0356d5e8](ID 4) sending to 159.226.8.6 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0356d5e8](ID 5) sending to 159.229.2.26 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0356d5e8](ID 6) sent to 192.168.0.1 <user input> (34 bytes)
10/19/04 09:55:31 Debug: request [0356d5e8](ID 7) sent to 192.168.0.5 <user input> (34 bytes)
10/19/04 09:55:31 Debug: request [0356d5e8](ID 8) sending to 202.106.196.115 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0356d5e8](ID 9) sending to 210.73.64.1 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0356d5e8](ID 10) sending to 211.94.62.1 <user input> (34 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0366d5e8] "ad1.ettoday.com." (no response on try 1)
10/19/04 09:55:31 Debug: multicast request [0366d5e8]<2> (7 good servers)
10/19/04 09:55:31 Debug: request [0366d5e8](ID 11) sending to 159.226.8.6 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0366d5e8](ID 12) sending to 159.229.2.26 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0366d5e8](ID 13) sent to 192.168.0.1 <user input> (33 bytes)
10/19/04 09:55:31 Debug: request [0366d5e8](ID 14) sent to 192.168.0.5 <user input> (33 bytes)
10/19/04 09:55:31 Debug: request [0366d5e8](ID 15) sending to 202.106.196.115 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0366d5e8](ID 16) sending to 210.73.64.1 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0366d5e8](ID 17) sending to 211.94.62.1 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: completed "192.168.0.37" (Internal reverse lookup - cache hit)
10/19/04 09:55:31 Debug: request [0376d5e8] "www.ettoday.com." (no response on try 1)
10/19/04 09:55:31 Debug: multicast request [0376d5e8]<2> (7 good servers)
10/19/04 09:55:31 Debug: request [0376d5e8](ID 18) sending to 159.226.8.6 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0376d5e8](ID 19) sending to 159.229.2.26 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0376d5e8](ID 20) sent to 192.168.0.1 <user input> (33 bytes)
10/19/04 09:55:31 Debug: request [0376d5e8](ID 21) sent to 192.168.0.5 <user input> (33 bytes)
10/19/04 09:55:31 Debug: request [0376d5e8](ID 22) sending to 202.106.196.115 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0376d5e8](ID 23) sending to 210.73.64.1 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: request [0376d5e8](ID 24) sending to 211.94.62.1 <user input> (33 bytes) - socket error 10065
10/19/04 09:55:31 Debug: received block [0] (server , port 60)
10/19/04 09:55:31 Error: cannot recover DNS message from block (server )
10/19/04 09:55:31 Debug: received block [0] (server , port 60)
10/19/04 09:55:31 Error: cannot recover DNS message from block (server )
10/19/04 09:55:31 Debug: received block [0] (server , port 60)
10/19/04 09:55:31 Error: cannot recover DNS message from block (server )

Best Regards

lxm

[neil]

The socket error 10065 means "A socket operation was attempted to an unreachable host". This indicates that these IP's listed in your DNS resolver log cannot be reached by WinGate's resolver to perform the name lookup requested. Presuming that WinGate would have to go on to the internet to contact these servers, this would suggest that your internet connection is down. What type of internet connection do you have? When WinGate resolver starts to fail with its DNS lookups, does IE on the machine that WinGate still work correctly (connecting directly out rather than through WinGate)?

Also from looking at the log, it seems you have 7 manually entered DNS resolvers, some on the internet, and some on your internal network (192.168.0.*) Are you running a DNS server on your network? If not yo should remove the internal entries from the WinGate resovler. Also in general you shouldn't need to manually enter 7 DNS servers in to WinGate, a couple should be enough, particularly if WinGate will pick up some through TCP/IP properties.

I note that the resolver was working then the WinGate engine was stop and restarted and thats when things started to go wrong. In the Network tab of GateKeeper, have you got your adapters (boths NIC's and dial up) specified correctly for usage? ie the LAN nic marked as Internal, and dial up as External etc?

Regards

Neil

[lxm]

We remove 5 redundant DNS resolvers and delete DNS binding of the adapter. Now our wingate works normally.

Thank you very much.

Best Regards

lxm

[garaytm]

FWIW, that happened to us last night as well.

The big example is that we have two Citrix servers inside on our LAN. Internet access to those is provided through WinGate. Last night, I upgraded 5.2.3 to 6.0.3 of WinGate. Testing a Citrix Client connected through the Internet and it worked fine.

This morning I was greated with "none of our offices can connect". I tested again (same machine as last night) and it wouldn't connect. The TCP Proxy is setup with mapping based on source IP to determine which Citrix Server to route them to and routes them to the hostname and not the IP. I set the IP and they could connect fine.

Started debugging and checked and it was asking our ISP DNS for the internal hostname to IP address and was getting a no such domain. The NICs on this machine are configured with internal DNS for the LAN NIC and the ISP DNS for the Internet NIC. It was not trying the LAN DNS.