A
Aaron Kelley
I live at a university campus and we are seeing a strange problem.
If the Internet Connection Sharing (ICS) service is running on a Vista
machine, it causes the machine to send out multiple DNS queries when only
one is needed. (Sometimes, as many as 1000 duplicate requests.) Using just
nslookup at the command prompt can cause many duplicate requests to be sent.
We could just turn off ICS, and then the problem goes away. However, the
problem is that lately ICS has been spontaneously changing from "Disabled"
to "Enabled (Automatic)" on some machines. After enough machines have ICS
on, we start to see lags in DNS lookups because of all of the duplicate
requests.
At first, we thought some recent (April) hotfix from Microsoft may have been
causing ICS to turn on, because we started seeing the problem after the
April hotfixes were let out (via the SUS local server). However, after
looking at the system event logs on affected machines, this does not seem to
be the case, as ICS turned on one machine in March and one in Feb. Also,
some machines were found with ICS enabled but without the April set of
hotfixes.
Also interesting is that, on affected machines, the first DNS server is the
IPv6 address of the local machine. DNS requests get passed through the
local machine. So it may be some problem with the local machine acting as a
"IP 6-to-4" tunnel.
So, I have two questions.
1. If anyone has seen this behavior, do you know why ICS spontaneously
enables itself and how to keep this from happening?
2. If anyone has seen this behavior, do you know how to get ICS to run
normally without sending the extra DNS queries?
Thanks for any input.
If the Internet Connection Sharing (ICS) service is running on a Vista
machine, it causes the machine to send out multiple DNS queries when only
one is needed. (Sometimes, as many as 1000 duplicate requests.) Using just
nslookup at the command prompt can cause many duplicate requests to be sent.
We could just turn off ICS, and then the problem goes away. However, the
problem is that lately ICS has been spontaneously changing from "Disabled"
to "Enabled (Automatic)" on some machines. After enough machines have ICS
on, we start to see lags in DNS lookups because of all of the duplicate
requests.
At first, we thought some recent (April) hotfix from Microsoft may have been
causing ICS to turn on, because we started seeing the problem after the
April hotfixes were let out (via the SUS local server). However, after
looking at the system event logs on affected machines, this does not seem to
be the case, as ICS turned on one machine in March and one in Feb. Also,
some machines were found with ICS enabled but without the April set of
hotfixes.
Also interesting is that, on affected machines, the first DNS server is the
IPv6 address of the local machine. DNS requests get passed through the
local machine. So it may be some problem with the local machine acting as a
"IP 6-to-4" tunnel.
So, I have two questions.
1. If anyone has seen this behavior, do you know why ICS spontaneously
enables itself and how to keep this from happening?
2. If anyone has seen this behavior, do you know how to get ICS to run
normally without sending the extra DNS queries?
Thanks for any input.