DNS time out request on Split DNS (Windows 10)

Got a problem with Viscosity or need help? Ask here!

NickM

Posts: 2
Joined: Sat Jan 06, 2018 10:44 am

Post by NickM » Sat Jan 06, 2018 10:56 am
Hello!

I've been having a weird issue with one of my users who is currently configured with Split DNS mode enabled.

When connected to the VPN connection we are unable to resolve any DNS request. This happens only when we are connected to the Wifi device.

I have tried disabling IPV6 from the network adapter however I am still able to ping ::1

When I attempt to do a nslookup I get the following results
Code: Select all
nslookup google.com 127.0.0.1
Server:  Viscosity
Address:  127.0.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to Viscosity timed-out
Code: Select all
nslookup google.com ::1
Server:  Viscosity
Address:  ::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to Viscosity timed-out

Logs:
Code: Select all
Jan 05 4:45:48 PM: Reconnecting connection as it is now reachable
Jan 05 4:45:48 PM: State changed to Connecting
Jan 05 4:45:48 PM: Viscosity Windows 1.7.4 (1526)
Jan 05 4:45:48 PM: Running on Microsoft Windows 10 Pro
Jan 05 4:45:48 PM: Running on .NET Framework Version 4.7.02556.461308
Jan 05 4:45:48 PM: Bringing up interface...
Jan 05 4:45:52 PM: Checking reachability status of connection...
Jan 05 4:45:52 PM: Connection is reachable. Starting connection attempt.
Jan 05 4:45:53 PM: OpenVPN 2.4.3 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 21 2017
Jan 05 4:45:53 PM: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Jan 05 4:45:55 PM: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jan 05 4:45:55 PM: TCP/UDP: Preserving recently used remote address: [AF_INET].:Redacted:.:1194
Jan 05 4:45:55 PM: UDPv4 link local (bound): [AF_INET][undef]:0
Jan 05 4:45:55 PM: UDPv4 link remote: [AF_INET].:Redacted:.:1194
Jan 05 4:45:55 PM: State changed to Authenticating
Jan 05 4:45:55 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 05 4:45:56 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET].:Redacted:.:1194
Jan 05 4:45:57 PM: State changed to Connecting
Jan 05 4:45:57 PM: open_tun
Jan 05 4:45:57 PM: TAP-WIN32 device [.:Redacted:.] opened: \\.\Global\{5413826C-F496-4E54-94DF-F6CD2F8338FE}.tap
Jan 05 4:45:57 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.4.10/255.255.255.252 on interface {5413826C-F496-4E54-94DF-F6CD2F8338FE} [DHCP-serv: 10.10.4.9, lease-time: 31536000]
Jan 05 4:45:57 PM: Successful ARP Flush on interface [8] {5413826C-F496-4E54-94DF-F6CD2F8338FE}
Jan 05 4:45:57 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 05 4:46:02 PM: Initialization Sequence Completed
Jan 05 4:46:02 PM: DNS set to Split, report follows:
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 192.168.1.1:53; Lookup Type - Any; Domains - None

Jan 05 4:46:02 PM: State changed to Connected
Jan 05 5:39:00 PM: State changed to Disconnecting
Jan 05 5:39:02 PM: State changed to Disconnected
Jan 05 5:41:10 PM: State changed to Connecting
Jan 05 5:41:10 PM: Viscosity Windows 1.7.4 (1526)
Jan 05 5:41:10 PM: Running on Microsoft Windows 10 Pro
Jan 05 5:41:10 PM: Running on .NET Framework Version 4.7.02556.461308
Jan 05 5:41:10 PM: Bringing up interface...
Jan 05 5:41:11 PM: Checking reachability status of connection...
Jan 05 5:41:11 PM: Connection is reachable. Starting connection attempt.
Jan 05 5:41:11 PM: OpenVPN 2.4.3 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 21 2017
Jan 05 5:41:11 PM: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Jan 05 5:41:12 PM: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jan 05 5:41:12 PM: TCP/UDP: Preserving recently used remote address: [AF_INET].:Redacted:.:1194
Jan 05 5:41:12 PM: UDP link local (bound): [AF_INET][undef]:0
Jan 05 5:41:12 PM: UDP link remote: [AF_INET].:Redacted:.:1194
Jan 05 5:41:12 PM: State changed to Authenticating
Jan 05 5:41:12 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 05 5:41:17 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET].:Redacted:.:1194
Jan 05 5:41:18 PM: State changed to Connecting
Jan 05 5:41:18 PM: open_tun
Jan 05 5:41:18 PM: TAP-WIN32 device [.:Redacted:.] opened: \\.\Global\{5413826C-F496-4E54-94DF-F6CD2F8338FE}.tap
Jan 05 5:41:18 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.4.10/255.255.255.252 on interface {5413826C-F496-4E54-94DF-F6CD2F8338FE} [DHCP-serv: 10.10.4.9, lease-time: 31536000]
Jan 05 5:41:18 PM: Successful ARP Flush on interface [8] {5413826C-F496-4E54-94DF-F6CD2F8338FE}
Jan 05 5:41:18 PM: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 05 5:41:23 PM: Initialization Sequence Completed
Jan 05 5:41:23 PM: DNS set to Split, report follows:
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 10.10.3.2:53; Lookup Type - Split; Domains - .:Redacted:.
Server - 192.168.1.1:53; Lookup Type - Any; Domains - None

Jan 05 5:41:23 PM: State changed to Connected

This is an issue that has started recently (was working fine for quite some time). This computer is running Windows 10.

If I use Full DNS instead of Split DNS, this issue gets resolved.

Are there any recommendations or fixes that can be made to resolve this issue?

Eric

User avatar
Posts: 907
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Jan 08, 2018 11:30 am
Hi NickM,

As a first test, could you please try querying the DNS servers directly, e.g.

nslookup www.google.com 10.10.3.2
nslookup www.google.com 192.168.1.1

This will test if there are any routing problems.

The next step is to check there are no firewalls or AV software blocking ViscosityService.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

NickM

Posts: 2
Joined: Sat Jan 06, 2018 10:44 am

Post by NickM » Mon Jan 08, 2018 12:20 pm
Hey Eric,

When I do a nslookup to 10.10.3.2 it resolves properly however when i nslookup to 192.168.1.1 it times outs.

After further examining this issue it appears that there is also a 192.168.1.0/24 network on the VPN connection that they are connecting to (both 10.10.3.0/24 and 192.168.0/24) where one of them is the same as his local network.

I will go ahead and reip on of these networks and see if the issues still happens afterwards.

Thank you for your help and reply!
3 posts Page 1 of 1