Faulty firewalls and damaged DNS

Mark Gibbs has sorted out both his misbehaving firewall and his DNS lookup problems. Next, leaping tall buildings in a single bound!

Well, my tribulations with the Netgear eight-port Gigabit ProSafe VPN Firewall (model FVS318G) I discussed in the last installment of Gearhead appear to have been caused by faulty hardware.

To recap: I purchased one of these devices for my network and during the first few days of use my FVS318G randomly turned into a brick with pretty flashing lights that made it look like it was working when, in fact, it was not.

Several readers reported problems with the same or related Netgear hardware but nothing that quite matched my experiences. The nice chaps at Netgear offered to troubleshoot the problem but I was unwilling to keep a device that was problematic. So after I returned my unit Netgear sent me an identical unit to test.

I should really say "almost identical" because unlike the first unit, the new one had two major differences: First, it has a serial port hanging out of its case for command-line debugging and, second, it hasn't shown the slightest inclination to stop performing its appointed duties.

So, now it appears that the problem may have been faulty hardware. Once again, I find myself wondering what the average user would do when faced with an uncooperative device. It appears that useful diagnostics in this situation are rarer than hen's teeth.

Talking of odd and highly aggravating problems, I mentioned some time ago in Backspin the problems I was having with DNS lookups. At one time I thought it was due to Chrome's caching, but after I "fixed" that I realized Firefox was experiencing much the same kind of issues.

Over the last couple of weeks I tried all sorts of fixes (I did stop short of sacrificing chickens and praying to St. Jude, the patron saint of lost causes) but, try as I might, the DNS failures just got worse.

A friend with similar problems had tried using Google's DNS servers (8.8.8.8 and 8.8.4.4) with, so he claimed, success, but when I changed my 2Wire DSL modem's configuration to use those servers instead of the default ones specified by the AT&T DHCP server, nothing changed.

Then I had an ah-ha moment. I was letting the DSL modem act as a DHCP server for my network and, rather than telling my machines to use either the AT&T DHCP-assigned DNS servers or the ones that I specified, the DSL modem was telling all callers to its own DNS proxy. In other words, if the DSL modem was 10.0.0.1 then any machine that got its configuration from there was told to use 10.0.0.1 for DNS lookups, so if anything were amiss with the DSL modem's DNS proxy service, then every machine would experience problems. This was, indeed, the case.

To work around the problem all I had to do was tell my machines to dynamically get their IP addresses from the DSL modem DHCP services but use the Google DNS servers I specified for domain lookups. Voilà! Problem solved!

So, it appears that the 2Wire DSL modem is slowly and deviously collapsing. First the Wi-Fi started acting flaky then the DNS proxy misbehaved and, guess what, there was not one test in the DSL modem that could help. Again, how does a non-technical person or a technical person who has better things to do sort this stuff out?

Once I get the modem changed out, my network should be fine. Until the next thing breaks. Next week, we'll look at a promising disk imaging utility and a couple of very interesting books.

Gibbs has given up on the hen's teeth in Ventura, Calif. Your magic solutions to gearhead@gibbs.com.

Learn more about this topic

Netgear targets SMBs with new Prosafe Gigabit VPN Firewall

Firewalls and more tethering

Troubleshoot your DNS

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies