Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Solved: DNS client lease expires every hour, or 30 minutes. (Router hates Vista clien


(!)

metalmadness's Avatar
metalmadness metalmadness is offline
Member with 40 posts.
THREAD STARTER
 
Join Date: Aug 2009
Location: Manila, Philippines
Experience: God Listens to SLAYER!
30-Aug-2009, 09:10 PM #1
Solved: DNS client lease expires every hour, or 30 minutes. (Router hates Vista clien
So, here's the problem. Most of the time, DNS client leases should last for an entire day (24 hours) and must update by UDP (right? correct me if i'm wrong), or otherwise the WAN connection gets cut. IE: loses connections to your favorite IM client, the Internet, or anything similar. The problem here is the DNS leases go only through for an hour, and then the connection goes kaput. I've tried Static IP addressing, router reset/reboot, but nothing else came up. And it seems that ONLY the wireless clients get these problems, except for a computer running Windows XP, connected through LAN. The router used here is a Linksys wrt300n router, running DD-WRT (after bricking it due to a failed ROM flash with the last official Linksys firmware issued for v1 models).

The nutshell: An XP client gets a DNS client lease lasting for 24 hours. Checked everything, seems to be running fine. The Vista clients get only a 60 minute lease from the router. Ugh.

Any insights here? If anyone here wants to see my DD-WRT settings, I'll post them as soon as somebody replys here. K? :P





C:\>ipconfig /allcompartments /all

Windows IP Configuration


=========================================================================== ===
Network Information for Compartment 1 (ACTIVE)
=========================================================================== ===
Host Name . . . . . . . . . . . . : SYSADMIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-22-69-57-04-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a097:764b:f186:65d3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 30, 2009 8:38:38 PM
Lease Expires . . . . . . . . . . : Sunday, August 30, 2009 9:43:20 PM

Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-1E-68-CD-DD-18
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7DE5B78B-BB61-4D13-B299-4E69F174273F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7DE5B78B-BB61-4D13-B299-4E69F174273F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F4EFF952-1527-47FB-91BE-3F7EBA28B76F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\>
TerryNet's Avatar
Computer Specs
Moderator with 65,320 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
30-Aug-2009, 09:30 PM #2
FWIW the lease is for the entire IP configuration, not just the DNS server.

The router assigns the lease time, so unless there is something special (and unusual to me) in your firmware it's really unexpected for ethernet and wireless connections, or different operating systems, to get different times.

192.168.2.1 is not the default LAN IP for (most) Linksys routers. Is it the default for the DD-WRT? Or you assigned it? Are you sure the wireless PC you showed is connecting to the Linksys router?

Quote:
... after bricking it due to a failed ROM flash ...
"Bricking" usually means making it inoperative. But you managed to get it working again?
hewee's Avatar
Computer Specs
Member with 55,811 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
30-Aug-2009, 11:58 PM #3
Your firewall has to have rights to get out and renew also.

What firewall do you have?

So the firewall will show the modem or router and you got to give it the right.
metalmadness's Avatar
metalmadness metalmadness is offline
Member with 40 posts.
THREAD STARTER
 
Join Date: Aug 2009
Location: Manila, Philippines
Experience: God Listens to SLAYER!
31-Aug-2009, 12:53 AM #4
Quote:
Originally Posted by hewee
Your firewall has to have rights to get out and renew also.

What firewall do you have?

So the firewall will show the modem or router and you got to give it the right.
It's a Linksys WRT300N running on the latest (WIP, #12672) build of DD-WRT. Don't know what you meant by "...firewall will show the modem or router", but I'm quite sure it has both router + firewall functions, since it includes SPI firewall and some advanced routing features the stock Linksys wrt300n v1 firmware didn't offer, including the last 1.03.6 release.

Quote:
Originally Posted by TerryNet
FWIW the lease is for the entire IP configuration, not just the DNS server.

The router assigns the lease time, so unless there is something special (and unusual to me) in your firmware it's really unexpected for ethernet and wireless connections, or different operating systems, to get different times.

192.168.2.1 is not the default LAN IP for (most) Linksys routers. Is it the default for the DD-WRT? Or you assigned it? Are you sure the wireless PC you showed is connecting to the Linksys router?
It's been set to 192.168.2.1 for the past 2 1/2 years until last April 2009 when it stopped connecting to the 'net with the old 0.93.9 firmware. Tried to update it to 1.03.6. So this is the part where things went downhill. I accidentally flashed it with another firmware that was actually coded for the v1.1 wrt300n's, hence the brick. Got it back running with a jtag fix, done by a friend (don't have access to a soldering tool right now).

I can set it to 192.168.0.1, but setting it to the original 192.168.1.1 address (default for the stock Linksys firmware) will not connect to the WAN, even with DHCP disabled and Static IP enforced. Odd enough? Absolutely.

There's even more. Shutting off the XP client (wired to router) somewhat fixed the DNS client lease time, but turning it back on again will cause the router to give out the 60-minute leases to the wireless clients.


C:\>ipconfig /allcompartments /all

Windows IP Configuration


=========================================================================== ===
Network Information for Compartment 1 (ACTIVE)
=========================================================================== ===
Host Name . . . . . . . . . . . . : SYSADMIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-22-69-57-04-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a097:764b:f186:65d3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.122(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . .:Monday, August 31, 2009 12:20:46 AM
Lease Expires . . . . . . . . . .:Tuesday, September 01, 2009 12:20:46 AM

Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Disabled

P.S.: I'm getting sleepy, and I've run out of coffee to brew. Ugh....
TerryNet's Avatar
Computer Specs
Moderator with 65,320 posts.
 
Join Date: Mar 2005
Location: Ottawa, IL
31-Aug-2009, 02:19 PM #5
Quote:
setting it to the original 192.168.1.1 address (default for the stock Linksys firmware) will not connect to the WAN
That could be because your modem is actually a modem/router combo, which also uses the 192.168.1.x subnet.

Other than that, I have no ideas to add to this.
hewee's Avatar
Computer Specs
Member with 55,811 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
01-Sep-2009, 02:13 AM #6
Firewall see's what is hooked up to the computer.
Like firewall will see...
Computer-modem
Computer-router
Computer-router/modem combo

Again what firewall do you have?
Step-by-Step: Configuring ZoneAlarm Firewall
Look under "Firewall Section - Zones Tab"
http://www.dslwebserver.com/main/fr_...configure.html

Online Armor
Interfaces
http://www.tallemu.com/webhelp3/FWStd.html#interfaces
and
Computers List
http://www.tallemu.com/webhelp3/FWStd.html#complist

Your computer - modem or router or combo need to have rights so you need them to be in the trust zone.
That way it can renew your IP address. If it can't renew it gives you a limited one that keeps running out of time.

Also if you ever take the router away or add a router you have to renew your IP address.

http://kb.mit.edu/confluence/pages/v...pageId=3908237
__________________
Donating to TSG helps to keep the site going so please do your part and help.
Keep Your Security Software Current at Calendar of Updates
"Work like you don't need the money. Love like you've never been hurt. Dance like nobody's watching."
metalmadness's Avatar
metalmadness metalmadness is offline
Member with 40 posts.
THREAD STARTER
 
Join Date: Aug 2009
Location: Manila, Philippines
Experience: God Listens to SLAYER!
01-Sep-2009, 03:58 AM #7
Quote:
Originally Posted by TerryNet
Quote:
setting it to the original 192.168.1.1 address (default for the stock Linksys firmware) will not connect to the WAN
That could be because your modem is actually a modem/router combo, which also uses the 192.168.1.x subnet.

Other than that, I have no ideas to add to this.
I know that the WRT300n is a combination modem + router. Done already that with another WRT-series router on a friend (PPoE mode). Tried setting my modem to Bridged mode and let the WRT300N router do the PPoE transaction, but still no good results. However, there's something more.

Quote:
Originally Posted by hewee
Firewall see's what is hooked up to the computer.
Like firewall will see...
Computer-modem
Computer-router
Computer-router/modem combo

Again what firewall do you have?
Step-by-Step: Configuring ZoneAlarm Firewall
Look under "Firewall Section - Zones Tab"
http://www.dslwebserver.com/main/fr_...configure.html

Online Armor
Interfaces
http://www.tallemu.com/webhelp3/FWStd.html#interfaces
and
Computers List
http://www.tallemu.com/webhelp3/FWStd.html#complist

Your computer - modem or router or combo need to have rights so you need them to be in the trust zone.
That way it can renew your IP address. If it can't renew it gives you a limited one that keeps running out of time.

Also if you ever take the router away or add a router you have to renew your IP address.

http://kb.mit.edu/confluence/pages/v...pageId=3908237
Some people at the DD-WRT.com forums told me that firewalls like ZoneAlarm are a bit unfriendly with DD-WRT firmware (emphasis mine). I don't know the exact details, but usually I set the router and modem IP's to whitelist them (back then, when I still have them).

It's been a long time that I've used the last commercially-available software firewall. I used to have Comodo and ZoneAlarm Firewall(s) installed, but after being fed up dealing with the authorization dialog boxes that appear when I connect to a network or install something, I simply removed it. Seems also to have sped up my Internet connection too, at the expense of NOT having a firewall (or even anti-virii/anti-spyware application).

However, things look good for now. Here's the point: Disabling the NetBIOS connection (and its service through the services.msc box), rewriting the Winsock settings with netsh int ip reset resetlog.txt and adding this command (see quote below). apparently solved the short DHCP lease. I'll give out first the ipconfig /allcompartments /all results first.

C:\Users\The Kitty's Box>ipconfig /allcompartments /all

Windows IP Configuration


=========================================================================== ===
Network Information for Compartment 1 (ACTIVE)
=========================================================================== ===
Host Name . . . . . . . . . . . . : SYSADMIN
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-22-69-57-04-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a097:764b:f186:65d3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.122(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 01, 2009 2:56:53 AM
Lease Expires . . . . . . . . . . : Wednesday, September 02, 2009 2:56:53 AM

Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Quote:
nvram set rc_firewall="iptables -I INPUT -p UDP -i vlan1 --dport 68 --sport 67 --source 156.154.70.22 -j logaccept"
nvram set rc_firewall="iptables -I INPUT -p UDP -i vlan1 --dport 68 --sport 67 --source 156.154.71.22 -j logaccept"
nvram commit
The skinny: Lease is expiring causing the connection to drop momentarily until the lease is renewed. It's supposed to be renewed by a UDP request from the client when reaching 50% of the lease time but responses from server are being blocked by the SPI firewall. They are being blocked because the response comes from a different address (wherein I used the DNS Advantage's servers instead of my ISP's) than the request was sent to (hence a loss of connection state and failure to pass the firewall). I can disable the SPI firewall, but that defeats the purpose of having a router with firewalling capabilites in the first place, right? If so, better use a hub.

The solution is to add a rule on the DD-WRT console that will allow the reply from the DHCP servers listed on the quote. :P

Last edited by metalmadness; 01-Sep-2009 at 04:00 AM.. Reason: It's 4:00 in the morning. Sleeeepy...
hewee's Avatar
Computer Specs
Member with 55,811 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
01-Sep-2009, 04:58 PM #8
OK it sounds like you have another DNS program and your firewall is blocking the renewing.
So it is still your firewall doing the blocking and some part of that program does not have the rights so see if you can find it.

With Firewalls if you delete that program then it will ask again.
But there may be components that were not deleted that was never given rights and it will not change them unless you delete the program from the firewall and lower the firewall setting to a learn mode and then that should find and change the other setting that is now keeping you from getting the modem renewed.

Not sure what SPI firewall is.

I got Online Armor Personal Firewall that is great.
I have the paid version that does more but the paid and free version are both top rated.
http://www.matousec.com/projects/pro...ge/results.php
srhoades's Avatar
Member with 2,240 posts.
 
Join Date: May 2003
Experience: Advanced
01-Sep-2009, 05:27 PM #9
Why not just use those DNS servers in the DHCP scope that way your clients will get a DNS address of the router and the router uses your proffered DNS severs?

And I don't know if this will help or not
http://support.microsoft.com/kb/928233

Last edited by srhoades; 01-Sep-2009 at 05:41 PM..
metalmadness's Avatar
metalmadness metalmadness is offline
Member with 40 posts.
THREAD STARTER
 
Join Date: Aug 2009
Location: Manila, Philippines
Experience: God Listens to SLAYER!
02-Sep-2009, 10:39 PM #10
Quote:
Originally Posted by hewee
OK it sounds like you have another DNS program and your firewall is blocking the renewing.
So it is still your firewall doing the blocking and some part of that program does not have the rights so see if you can find it.

With Firewalls if you delete that program then it will ask again.
But there may be components that were not deleted that was never given rights and it will not change them unless you delete the program from the firewall and lower the firewall setting to a learn mode and then that should find and change the other setting that is now keeping you from getting the modem renewed.

Not sure what SPI firewall is.

I got Online Armor Personal Firewall that is great.
I have the paid version that does more but the paid and free version are both top rated.
http://www.matousec.com/projects/pro...ge/results.php
Again, there's NO firewall installed on the client and its associated plugins on my computer. Only the router does the firewalling job. According to Wikipedia (copypasted, emphasis not mine), SPI is defined as "a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected."

Quote:
Originally Posted by srhoades
Why not just use those DNS servers in the DHCP scope that way your clients will get a DNS address of the router and the router uses your proffered DNS severs?

And I don't know if this will help or not
http://support.microsoft.com/kb/928233
Apparently, it does not work as easily on DD-WRT. Using the address of the router won't get them, because DNSMasq handles it a tad different. It's possible to do it on the stock Linksys firmware, though.

I've already used some of those netsh commands. Cited already earlier as the netsh int ip reset resetlog.txt. And on another note, I replaced the earlier nvram settings with nvram iptables -I INPUT -p UDP -i vlan1 --dport 68 --sport 67 -j logaccept. That accurately fits The Skinny I cited in my earlier posts.

Last edited by metalmadness; 02-Sep-2009 at 10:52 PM..
srhoades's Avatar
Member with 2,240 posts.
 
Join Date: May 2003
Experience: Advanced
02-Sep-2009, 11:02 PM #11
How many clients are we talking about here? Are static IP's out of the question or is this just a battle more on principal?
hewee's Avatar
Computer Specs
Member with 55,811 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
03-Sep-2009, 12:49 AM #12
Well I do not know what else to do and it looks like srhoades may know more so hope he gets this fixed for you.
metalmadness's Avatar
metalmadness metalmadness is offline
Member with 40 posts.
THREAD STARTER
 
Join Date: Aug 2009
Location: Manila, Philippines
Experience: God Listens to SLAYER!
06-Sep-2009, 12:55 AM #13
I already got it working again. It now issues 24-hour DHCP leases...Re-flashed the firmware again with the latest build, and done a hard reset DD-WRT style. It meant:

30 seconds pressing the RESET button on the router
15 seconds unplugged
30 seconds pressing the RESET button while plugged in.

It's done!...For now.
:P
hewee's Avatar
Computer Specs
Member with 55,811 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
06-Sep-2009, 05:04 PM #14
Good to hear
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑