cancel
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
YetAnotherAcc
Respected Contributor
Respected Contributor

Re: Ongoing internet dropouts HFC NBN


@Huddo3087 wrote:

DNS name resolution failure (srv.giraffic.com)

DNS name resolution failure (www.staging.shopback.ph)

DNS name resolution failure (app.musemuse.cn)

DNS name resolution failure (live.musical.ly)

They are constant.

What the?  are they ?


They are a strange bunch of domains. If you don't know what any of those domains are (i.e. you have never visited them), then I have a sinking feeling that you may have a compromised computer/device.

If you are getting those regularly ever minute as you say, it should be easy to detect which device is trying to use those domains. Start off by disconnecting all the devices from the internet/wifi, and the re-connect them one-by-one. As as you reconnect each device, monitor the log for those DNS errors for say 5 minutes, and if you don't get those errors try the next device, and repeat until you have identified all devices that are causing those errors.

Huddo3087
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

@YetAnotherAcc
thanks for the tip. I shall investigate..
0 Kudos
Reply
Huddo3087
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

Well Optus called me seeking an update re my drop outs.

They did say that the NBNCo said it's not their issue, more an Optus's problem.

Optus asked me to isolate the optus modem overnight, by passing the Optus modem and connecting my NBN modem direct to my PC.  So of course no LAN or WIFI, but internet ok.

From 6 pm last night until 2 pm today.

Optus did followup call at 3 pm and advised me there were stil drop outs during the 20 hr period.

I have re connected my Optus modem as asked.

Optus tech says its and NBN issue due to the overnight connection by pass..  Escalated back to NBN.

Apparently I may receive a call tomorrow.

Will I be watching a tennis match between Optus & NBN ?

IF so the score is 15 all at this stage in the First set.

It's nothing major, but I'm curious now as to how they each react.

10 months now on NBN not an issue until past month.

 

For info

 

0 Kudos
Reply
frankus333
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

G'day Huddo3087

If your experience will be anything like mine, it will take a couple of sets to finish this game; Good Luck. It looks like my dropouts have finally been resolved to a faulty connector on the splitter outside on the main cable up on the pole. This was something I suggested to service staff back at the end of April, as the faults began after NBN techs disconnected it to test for another fault earlier in April, at about the time my service began dropping out. However, nobody seemed interested in checking this out, until a real NBN tech (not a contractor) finally turned up and replaced every connector and device from the pole splitter to my inside wall plate.

I think my concerns about DNS problems were an unhelpful distraction that prevented me from pushing this concern about the outside cable connector; hence the nearly two months delay in getting a resolution of my dropouts.

I was surprised to see that Optus recommended what I understand to be a very dangerous trial, connecting your computer directly to the NBN modem, and for such a long time. It would have been safer to substitute the suspect Optus router with another router, or a switch, to give you at least some protection of a firewall and NAT. I hope your computer is up to date with its OS patching, has a good software firewall and antivirus, and has not been invaded by any nasties.

Did you follow up on YetAnotherAccount's suggestion for determining what those unrecognised DNS errors were coming from. Have you had an increase in such errors since reconnecting your Optus router (which may suggest an increase in malware)? Hopefully not.

My experience has been that the DNS errors can be eliminated by bypassing the Optus DNS servers, by setting alternate DNS servers at each device network connection. However, I wouldn't do that until you are reasonably confident of where the DNS errors are coming from. That is, the poorer quality Optus DNS servers responsible for those errors may actually help to pinpoint any actual malware that may have gotten onto your systems.

Although I was initially unable to recognise many of the errors in my logs, they mostly ultimately traced back to services on devices that made sense to me or other network users. For example, a couple of the addresses you listed seem to relate to music services that you or another network user may have accessed. If so, they might be legitimate. If I was in your position, I would want to reassure myself that most of the DNS errors are able to be accounted for, before I hid them with better DNS server addresses.

As YetAnotherAccount noted, each time you access the router logs, it is best to set the "Severity" level to "Debug or Higher" to display all that the logs capture.

jawsjaws
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

I agree 2-3 dropouts is NOT "normal". I am not a techo but I know a fob off when I see one.  When anyone says "that is normal" I know that means they couldn't be bothered investigating or fixing a problem.

 

That statement should immediately set off alarm bells

 

good luck.....

0 Kudos
Reply
Huddo3087
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

Thanks mate.  Yes I agree,.  Well at this stage I have been told 'My service has been restored"  what ever that means.   48 hrs without a drop out.  Something has happened !!!

 

0 Kudos
Reply
frankus333
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

Thanks jawsjaws:

My 2-3 per day dropouts have ceased as from the blitz by the last (3rd) NBN tech on 27th of May, over a week and a half ago now. The only thing he replaced that the previous NBN techs didn't was the connector on the pole splitter, so I am guessing that was the problem all along as noted above.

This has been an interesting learning experience for me along the way; particularly regarding the complexity of the interactions of different factors involved, and the ease with which I could be distracted from the real problem by other problems (the DNS resolution failure noted above; the apparent attempts by the router to find a non-existent 3G/LTE backup).

I have been able to eliminate all the DNS errors in my 5366 router logs by using CloudFlare and Google DNS servers set up on each device, and on the second router used by my son for his network.

Huddo3087:

Sounds like your dropouts have been sorted more quickly than mine - good to hear.

Did you get to the bottom of those DNS errors you were seeing in your logs? Does your computer seem to have survived the direct connection to the internet without collecting extra malware?

Huddo3087
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

@frankus333 

Mate yes, mine has been pretty stable for around 5 days now.  

Glad yours is up and running well too mate.

Nah the DNS errors are ongoing but seem not to be bothering me.

Malwarebytes running. All seems ok for now.

When Optus called back to advise me my service should be restored back to normal.  I agreed but had to ask if there was an issues causing it?

He said something in the area was causing drop outs also to other customers and the NBN team have since fixed the problem.

I hope he was being truthful.  I does seem to be heaps better ( touch wood ) so something has been done.

Fingers crossed.

 

 

0 Kudos
Reply
YetAnotherAcc
Respected Contributor
Respected Contributor

Re: Ongoing internet dropouts HFC NBN


@Huddo3087 wrote:

Nah the DNS errors are ongoing but seem not to be bothering me.

Malwarebytes running. All seems ok for now.


While you may not notice any problems, and Malwarebytes is not finding anything I still think that you may be infected with malware.

The one domain that really stands out for me is staging.shopback.ph because its a staging server (i.e. a server where you prepare stuff to test before it goes live into production). Those are usually only run on internal servers, or only for selected test users on public servers. So unless you're actively using shopback.ph I can think of no valid reason for you computer to be wanting to contact that domain.

0 Kudos
Reply
Huddo3087
Contributor
Contributor

Re: Ongoing internet dropouts HFC NBN

@YetAnotherAcc 

Thanks mate.  Any suggestions eg software that would pick it up or known registry keys or directory paths ?

tia

0 Kudos
Reply
Top Contributors