Unknown MAC Address on My WiFi

Originally Posted by OVERKILL
Originally Posted by samven
It may be that your wireless router is always searching for nearby connections but they wont be allowed access without the password. You should be able to block that MAC and see if any of your devices loose connection. Also make sure your router is not broadcasting. It makes it more difficult if you bring in a new device but it stops outsiders from seeing your network.


No, it doesn't. Hiding the SSID is at best, inconvenient, it does not make your network more secure.


Can confirm. Dishwasher blasts out a WiFi signal that isn't broadcasting its SSID, picking that up was easier than installing Linux
lol.gif


[Linked Image]
 
Originally Posted by OVERKILL
Originally Posted by ZeeOSix
The modem does have a MAC address on the label located on the bottom of the modem, but it never shows up in the modem's user interface as an active MAC address or in the Device Table. The modem also never shows up in a DOS 'ipconfig /all' command Don't know if it should - ?.

No, if you do an arp -a you'll see the list of IP's and mac's your computer sees, ipconfig is only useful for seeing the hardware addresses (mac) of the adapters in your system.


Doing a 'arp -a' command doesn't show the MAC (physical) address I'm looking for. It shows the 'Physical Address' (MAC) of the modem and all the currently active device's MAC and IP addresses as 'dynamic'. Then there are also some "static' IP and Physical (MAC) addresses.

The look-up of the first 3 number pairs in the unknown MAC shows it's traces back to the "Wistron Neweb Corporation", so I would think it's some kind of device.

In my neighborhood I can see probably 12~15 wireless networks, so there are probably all kinds of wireless signals from all kinds of devices being sent around here.

Is it possible that something jumped on my WiFi network when I used the WPS button on the modem to connect some of my devices to my WiFi network?
 
Originally Posted by ZeeOSix
OK, so I blocked the unknown MAC address to see if any of my devices show any issues. Funny thing is that there is no IP address associated with that MAC address. Is that normal, or another clue to what's going on?

[Linked Image]



So I tried to remove the MAC address that I banned, but when I hit the "Remove" button I get the following message: Invalid Session Key, please try again.

Why can't I remove it from being 'Access Denied' ? Do I need to build an Allow list and put it there to undo the Access Denied setting? Seems strange that the "Remove" button doesn't work. I have no idea what a "Session Key" is.
 
Originally Posted by OVERKILL
... if you do an arp -a you'll see the list of IP's and mac's your computer sees, ipconfig is only useful for seeing the hardware addresses (mac) of the adapters in your system.


OVERKILL - So I did the 'arp -a' DOS command and the results showed the IP and MAC address for my modem/router and also for some, but not all of my wireless devices. All of them seen in 'arp -a' showed as "dynamic" type. All of my devices were turned on and operating for this test.

'arp -a' also did not show my Cat5 Ethernet card. The Ethernet card does however show up in a 'ipconfig /all' command.

The three wireless devices that do not show up in 'arp -a' do however show up in the Device Table in my modem when I'm in looking at everything there.

What gives?
 
Originally Posted by ZeeOSix
Originally Posted by ZeeOSix
OK, so I blocked the unknown MAC address to see if any of my devices show any issues. Funny thing is that there is no IP address associated with that MAC address. Is that normal, or another clue to what's going on?

[Linked Image]



So I tried to remove the MAC address that I banned, but when I hit the "Remove" button I get the following message: Invalid Session Key, please try again.

Why can't I remove it from being 'Access Denied' ? Do I need to build an Allow list and put it there to undo the Access Denied setting? Seems strange that the "Remove" button doesn't work. I have no idea what a "Session Key" is.




Nope, that's pretty weird. Maybe reboot the device and see if you can remove it then?
 
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
Originally Posted by ZeeOSix
The modem does have a MAC address on the label located on the bottom of the modem, but it never shows up in the modem's user interface as an active MAC address or in the Device Table. The modem also never shows up in a DOS 'ipconfig /all' command Don't know if it should - ?.

No, if you do an arp -a you'll see the list of IP's and mac's your computer sees, ipconfig is only useful for seeing the hardware addresses (mac) of the adapters in your system.


Doing a 'arp -a' command doesn't show the MAC (physical) address I'm looking for. It shows the 'Physical Address' (MAC) of the modem and all the currently active device's MAC and IP addresses as 'dynamic'. Then there are also some "static' IP and Physical (MAC) addresses.

The look-up of the first 3 number pairs in the unknown MAC shows it's traces back to the "Wistron Neweb Corporation", so I would think it's some kind of device.

In my neighborhood I can see probably 12~15 wireless networks, so there are probably all kinds of wireless signals from all kinds of devices being sent around here.

Is it possible that something jumped on my WiFi network when I used the WPS button on the modem to connect some of my devices to my WiFi network?

Originally Posted by ZeeOSix
Originally Posted by OVERKILL
... if you do an arp -a you'll see the list of IP's and mac's your computer sees, ipconfig is only useful for seeing the hardware addresses (mac) of the adapters in your system.


OVERKILL - So I did the 'arp -a' DOS command and the results showed the IP and MAC address for my modem/router and also for some, but not all of my wireless devices. All of them seen in 'arp -a' showed as "dynamic" type. All of my devices were turned on and operating for this test.

'arp -a' also did not show my Cat5 Ethernet card. The Ethernet card does however show up in a 'ipconfig /all' command.

The three wireless devices that do not show up in 'arp -a' do however show up in the Device Table in my modem when I'm in looking at everything there.

What gives?


arp -a shows all active devices that your computer learns about (via communication) on your LAN. These are dynamic entries, because it has learned them. Static arp entries are also possible, for example you can tie a specific mac to a specific IP, but the utility of that is beyond the scope of this discussion.

Sometimes pinging the broadcast address (your subnet with 255 on the end) will help your computer discover low activity clients that it might not have learned about yet.

Also, since the MAC's that will show up in the arp table are only those which are currently active, if you had a computer with both a wireless card and a traditional NIC in it but the NIC wasn't connected to the LAN, you won't see that MAC in the arp table.

I still question whether the device you are concerned about was ever connected to the LAN or it is simply a device upstream of your router that was a non-routed hop between it and the next routed hop.
 
Originally Posted by Skippy722
Can confirm. Dishwasher blasts out a WiFi signal that isn't broadcasting its SSID, picking that up was easier than installing Linux
lol.gif


[Linked Image]


Well, that's an unfortunate trunkation.
 
Originally Posted by OVERKILL
arp -a shows all active devices that your computer learns about (via communication) on your LAN. These are dynamic entries, because it has learned them. Static arp entries are also possible, for example you can tie a specific mac to a specific IP, but the utility of that is beyond the scope of this discussion.

Sometimes pinging the broadcast address (your subnet with 255 on the end) will help your computer discover low activity clients that it might not have learned about yet.


All of my devices have been used on my WiFi LAN for quite a long time. One of the three that didn't show up in the arp table is my cell phone, which I've used in WiFi mode to my modem for years. Guess I don't understand why checking for MACs and IPs by different ways gives different answers. I'll admit I'm not a network expert, but I'm learning here thanks to your inputs OVERKILL - thanks.

Originally Posted by OVERKILL
Also, since the MAC's that will show up in the arp table are only those which are currently active, if you had a computer with both a wireless card and a traditional NIC in it but the NIC wasn't connected to the LAN, you won't see that MAC in the arp table.


Re: part in red. I made sure all of my WiFi devices were on and working when I did the 'arp -a' command, and also when looking in the modem's Device Table.

The computer I'm checking arp on is Cat5 hardwired to the modem and the computer's WiFi is turned off. But doing arp on it shows all but 3 of my WiFi devices in the arp table. Whereas, if I look in the Device Table in the modem I can account for all of my WiFi devices, and it also shows the Ethernet card in the computer.

Originally Posted by OVERKILL
I still question whether the device you are concerned about was ever connected to the LAN or it is simply a device upstream of your router that was a non-routed hop between it and the next routed hop.


Well, I put it on the MAC ban list, and everything still seems to be working OK so far. If it is what you think it might be, what would be the ramifications of not allowing that MAC on the modem/router?
 
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
arp -a shows all active devices that your computer learns about (via communication) on your LAN. These are dynamic entries, because it has learned them. Static arp entries are also possible, for example you can tie a specific mac to a specific IP, but the utility of that is beyond the scope of this discussion.

Sometimes pinging the broadcast address (your subnet with 255 on the end) will help your computer discover low activity clients that it might not have learned about yet.


All of my devices have been used on my WiFi LAN for quite a long time. One of the three that didn't show up in the arp table is my cell phone, which I've used in WiFi mode to my modem for years. Guess I don't understand why checking for MACs and IPs by different ways gives different answers. I'll admit I'm not a network expert, but I'm learning here thanks to your inputs OVERKILL - thanks.


You are quite welcome.

Originally Posted by ZeeOSix
Originally Posted by OVERKILL
Also, since the MAC's that will show up in the arp table are only those which are currently active, if you had a computer with both a wireless card and a traditional NIC in it but the NIC wasn't connected to the LAN, you won't see that MAC in the arp table.


Re: part in red. I made sure all of my WiFi devices were on and working when I did the 'arp -a' command, and also when looking in the modem's Device Table.


By active, I don't mean connected, but rather by moving enough interesting traffic (typically making broadcasts and the like) that your computer becomes aware of their presence. Your phone likely isn't doing that, hence your computer doesn't see it. Pinging the broadcast address may cause it to show up though.

Originally Posted by ZeeOSix
The computer I'm checking arp on is Cat5 hardwired to the modem and the computer's WiFi is turned off. But doing arp on it shows all but 3 of my WiFi devices in the arp table. Whereas, if I look in the Device Table in the modem I can account for all of my WiFi devices, and it also shows the Ethernet card in the computer.

Ahhh, OK, well the arp table doesn't include the MAC for the device it's connected to, because you can see that using IPconfig, it's showing you the addresses of the devices your computer is aware of on the LAN. The router/modem of course is showing you the MAC's of everything it is aware of.

Originally Posted by ZeeOSix
Originally Posted by OVERKILL
I still question whether the device you are concerned about was ever connected to the LAN or it is simply a device upstream of your router that was a non-routed hop between it and the next routed hop.


Well, I put it on the MAC ban list, and everything still seems to be working OK so far. If it is what you think it might be, what would be the ramifications of not allowing that MAC on the modem/router?


Not necessarily. That block list may not apply to devices on the WAN-facing interface, since they are on the red side of the firewall. Depends on how the device is programmed.
 
Originally Posted by Quattro Pete
Originally Posted by Skippy722
Can confirm. Dishwasher blasts out a WiFi signal that isn't broadcasting its SSID, picking that up was easier than installing Linux
lol.gif


[Linked Image]


Well, that's an unfortunate trunkation.


That's hilarious!
Originally Posted by Skippy722
Originally Posted by OVERKILL
Originally Posted by samven
It may be that your wireless router is always searching for nearby connections but they wont be allowed access without the password. You should be able to block that MAC and see if any of your devices loose connection. Also make sure your router is not broadcasting. It makes it more difficult if you bring in a new device but it stops outsiders from seeing your network.


No, it doesn't. Hiding the SSID is at best, inconvenient, it does not make your network more secure.


Can confirm. Dishwasher blasts out a WiFi signal that isn't broadcasting its SSID, picking that up was easier than installing Linux
lol.gif



Yup, hiding the SSID is at best an inconvenience for the guy/gal running the network, it's not a security benefit
lol.gif
 
Originally Posted by OVERKILL
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
I still question whether the device you are concerned about was ever connected to the LAN or it is simply a device upstream of your router that was a non-routed hop between it and the next routed hop.

Well, I put it on the MAC ban list, and everything still seems to be working OK so far. If it is what you think it might be, what would be the ramifications of not allowing that MAC on the modem/router?

Not necessarily. That block list may not apply to devices on the WAN-facing interface, since they are on the red side of the firewall. Depends on how the device is programmed.


So I just ran the modem's built-in self diagnostics test, and it reported that DNS #1 and DNS #2 ... "Failed".

That self diagnostic test was done after doing two modem "Reboots" to see if that fixed the MAC ban list Remove button (which it didn't ... more below about that).

Now I'm wondering if banning the MAC address I did has something to do with that? Everything seems to still be working OK at this point.
21.gif


Also, I did some Google searching and found where someone had the same problem removing a banned MAC using the "Remove" button on basically the same modem/router. It's apparently a glitch with the modem, and the only way to get it removed is to "reset the wireless settings to the default settings" - but no having to do a full blown factory reset on the modem, which would be a royal mess with all the custom settings I've done to it.
 
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
I still question whether the device you are concerned about was ever connected to the LAN or it is simply a device upstream of your router that was a non-routed hop between it and the next routed hop.

Well, I put it on the MAC ban list, and everything still seems to be working OK so far. If it is what you think it might be, what would be the ramifications of not allowing that MAC on the modem/router?

Not necessarily. That block list may not apply to devices on the WAN-facing interface, since they are on the red side of the firewall. Depends on how the device is programmed.


So I just ran the modem's built-in self diagnostics test, and it reported that DNS #1 and DNS #2 ... "Failed".

That self diagnostic test was done after doing two modem "Reboots" to see if that fixed the MAC ban list Remove button (which it didn't ... more below about that).

Now I'm wondering if banning the MAC address I did has something to do with that? Everything seems to still be working OK at this point.
21.gif


Also, I did some Google searching and found where someone had the same problem removing a banned MAC using the "Remove" button on basically the same modem/router. It's apparently a glitch with the modem, and the only way to get it removed is to "reset the wireless settings to the default settings" - but no having to do a full blown factory reset on the modem, which would be a royal mess with all the custom settings I've done to it.


Zee, I really think that you would benefit from setting up something more robust. You are obviously intelligent and keen on learning, I don't mind helping you, but this is like trying to teach somebody to shoot 1,000 yards with an SKS. I can teach you the fundamentals, but if you don't have capable gear, you are going to get frustrated. Do you have any old computers kicking around?
 
Originally Posted by OVERKILL
Zee, I really think that you would benefit from setting up something more robust. You are obviously intelligent and keen on learning, I don't mind helping you, but this is like trying to teach somebody to shoot 1,000 yards with an SKS. I can teach you the fundamentals, but if you don't have capable gear, you are going to get frustrated. Do you have any old computers kicking around?


LoL, that's a good analogy ... but I could probably shoot an SKS at 1,000 yards better than I can trouble shoot LANs.
grin2.gif


I was about ready to leave all my modem settings are they are now, with the banned MAC address and all, but now the modem's self diagnostic test shows these two DNS fails. I re-ran the modem's built-in self diagnostics test 4 or 5 times, and DSN #1 passed about 50% of the time, but DSN #2 always showed "Failed". So I'm wondering if it's because I banned that unknown MAC address, or if it's something on my IP's side.

What's your take on the DSN failures reported by the diagnostics?

I have an old Windows XP machine, which I just happened to fire up for the first time in 4 years to see if it would still work. It just needed a new CMOS battery, which I replaced and it seems to work well. It doesn't have any WiFi capability though. It does have an Ethernet card so it can be connected to the internet with a Cat5 cable.
 
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
Zee, I really think that you would benefit from setting up something more robust. You are obviously intelligent and keen on learning, I don't mind helping you, but this is like trying to teach somebody to shoot 1,000 yards with an SKS. I can teach you the fundamentals, but if you don't have capable gear, you are going to get frustrated. Do you have any old computers kicking around?


LoL, that's a good analogy ... but I could probably shoot an SKS at 1,000 yards better than I can trouble shoot LANs.
grin2.gif


I was about ready to leave all my modem settings are they are now, with the banned MAC address and all, but now the modem's self diagnostic test shows these two DNS fails. I re-ran the modem's built-in self diagnostics test 4 or 5 times, and DSN #1 passed about 50% of the time, but DSN #2 always showed "Failed". So I'm wondering if it's because I banned that unknown MAC address, or if it's something on my IP's side.

What's your take on the DSN failures reported by the diagnostics?

I have an old Windows XP machine, which I just happened to fire up for the first time in 4 years to see if it would still work. It just needed a new CMOS battery, which I replaced and it seems to work well. It doesn't have any WiFi capability though. It does have an Ethernet card so it can be connected to the internet with a Cat5 cable.


What are the DNS servers that it is trying to query? Are they hard-coded or can you change them to like OpenDNS for the sake of troubleshooting? I'd expect if this was related to your block issue that it would block everything, not just DNS queries. It sounds like it might be hard reset time on that steaming pile, lol
grin.gif


As to your WinXP box, do you have a 2nd NIC you could put in it? I'm basically trying to gauge whether you could set this thing up as a PFSense box to give you some real firewall capabilities, of course that would still leave the issue of your wireless being integrated into your modem/router combo, which wouldn't be helpful if you were to put it in bridge mode.
 
Originally Posted by OVERKILL
What are the DNS servers that it is trying to query? Are they hard-coded or can you change them to like OpenDNS for the sake of troubleshooting? I'd expect if this was related to your block issue that it would block everything, not just DNS queries. It sounds like it might be hard reset time on that steaming pile, lol
grin.gif


As to your WinXP box, do you have a 2nd NIC you could put in it? I'm basically trying to gauge whether you could set this thing up as a PFSense box to give you some real firewall capabilities, of course that would still leave the issue of your wireless being integrated into your modem/router combo, which wouldn't be helpful if you were to put it in bridge mode.


Last thing I want to do is a hard factory reset on the modem. It would be a royal pain to record all the settings and then go back in after a reset and recreate all my setup tweaks. Not to mention there would be a lot of initial setup just like it was a new modem that was never setup before. There is a "Save Configuration" function on the modem, so maybe I could save the current settings that way and reload them after a hard factory reset (?). It's turning into a science project, lol.

I'll have to look tomorrow on what the DSN settings are in the modem, but I think they are preset to my IP's servers (https://www.centurylink.com/home/help/internet/dns.html). I also recall I had set some static IP addresses in Windows someplace (for the Ethernet card? - don't recall off hand) when I was fighting with what I thought was network card issues, but it was actually Bitdefender Free anti-virus that was causing issues. You helped me on that issue too, which was very helpful ... you're the network master.
grin.gif


Maybe the network setting in Windows aren't matching what's set in the modem ... ? Not sure how the two interact with each other.
 
Originally Posted by ZeeOSix
Originally Posted by OVERKILL
What are the DNS servers that it is trying to query? Are they hard-coded or can you change them to like OpenDNS for the sake of troubleshooting? I'd expect if this was related to your block issue that it would block everything, not just DNS queries. It sounds like it might be hard reset time on that steaming pile, lol
grin.gif


As to your WinXP box, do you have a 2nd NIC you could put in it? I'm basically trying to gauge whether you could set this thing up as a PFSense box to give you some real firewall capabilities, of course that would still leave the issue of your wireless being integrated into your modem/router combo, which wouldn't be helpful if you were to put it in bridge mode.


Last thing I want to do is a hard factory reset on the modem. It would be a royal pain to record all the settings and then go back in after a reset and recreate all my setup tweaks. Not to mention there would be a lot of initial setup just like it was a new modem that was never setup before. There is a "Save Configuration" function on the modem, so maybe I could save the current settings that way and reload them after a hard factory reset (?). It's turning into a science project, lol.

I'll have to look tomorrow on what the DSN settings are in the modem, but I think they are preset to my IP's servers (https://www.centurylink.com/home/help/internet/dns.html). I also recall I had set some static IP addresses in Windows someplace (for the Ethernet card? - don't recall off hand) when I was fighting with what I thought was network card issues, but it was actually Bitdefender Free anti-virus that was causing issues. You helped me on that issue too, which was very helpful ... you're the network master.
grin.gif


Maybe the network setting in Windows aren't matching what's set in the modem ... ? Not sure how the two interact with each other.


As long as the computer is on the same subnet, it won't matter what the DNS servers are in the modem versus the clients. I typically use OpenDNS, 208.67.222.222 and 208.67.220.220 which is now owned by Cisco.

Yes, if you can save all your settings then re-import them, that might get rid of the zombie block entry? This is why I hate consumer gear
lol.gif
 
A few updates on what I've tried and found, covering two subjects: 1) The subject unknown MAC Address, and 2) The primary and secondary DNS addresses in the modem settings show "Failed" after a modem self diagnostics test.

As mentioned above, I found out (after searching the 'net) that the only way to removed the unknown MAC address from my "Denied" list was to restore the WiFi settings in the modem (a modem "bug"). There was a "Restore" button to do that, so I restored only the WiFi settings to default, which put the unknown MAC back on the approved list.

While at that point, I ran the modem's self diagnostics about 10 times, and the DNS #1 and DNS #2 tests still showed "Failed" 9 out of 10 times. I think one time I saw DNS #1 pass and DNS # 2 pass. So having the unknown MAC address in the MAC Authentication "Denied" list wasn't the cause of the DNS diagnostic fails.

So the final resolution on the unknown MAC address is that I put it back on the "Denied" list and will leave it there since I don't know what it is, and it doesn't seem to affect anything that I can see if it's denied access.

------------------

On to the modem's diagnostics test DNS fails. On my modem it shows the CenturyLink DNS Addresses it uses as:

DNS #1 (primanry address): 205.171.3.25
DNS #2 (secondary address): 205.171.2.25

I did a "Traceroute" test from the modem on the DNSs. DNS #1 showed 4 "Hops" with data for each Hop, and seemed to finish pretty fast. DNS #2 showed 30 "Hops", with data for only the first 3 Hops, and just "N/A" entries for the remaining 27 Hops. It took a long time for the DNS #2 Traceroute to finish.

I also pinged both of those addresses in a DOS window and they both timed out, so not sure if a ping test to a DNS tells if anything is wrong. Results: DNS #1 was hit and miss, and DNS #2 always "timed out". Are these CenturyLink DNS severs flaky?

[Linked Image]


[Linked Image]


Not sure if I can change the DNS addresses to something else besides these two CenturyLink's servers. I looked around for info on my specific modem and it sounds like it might not allow changing these default DNS server addresses.

Note - the Ethernet NIC in my computer is set to "Obtain DNS server address automatically". I'm confused on if the modem or the Ethernet NIC is controlling what DNS is used? The NIC goes into the modem with an Ethernet cable, is the DNS controlled by the NIC just for the computer, and the DNS in the modem is used only for the devices using it vis WiFi?

My internet seems to work fine and has the advertised speed, so not sure if the DNS diagnostic test "Fails" are actually impacting anything. I don't like seeing "Failed" when diagnostic tests are ran, and want to find out why it's showing "Failed".
 
I tried pinging them, these are my results. Please excuse the cell phone instead of screen shot pics...

As for changing the DNS, I'm not sure for other providers but you should have an option for getting them from automatically from your ISP or setting them manually in the router, everything on the modem is locked down for xfinity.

I changed mine because the default xfinity ones would cause issues occasionally. I switched to cloud flare.

[Linked Image]

[Linked Image]

[Linked Image]
 
Originally Posted by ZeeOSix
Not sure if I can change the DNS addresses to something else besides these two CenturyLink's servers. I looked around for info on my specific modem and it sounds like it might not allow changing these default DNS server addresses.

It'll be under the WAN link setup, whether you want it to obtain the DNS servers automatically via DHCP, or whether you want to assign them manually (if permitted). This is for the modem.

Originally Posted by ZeeOSix
Note - the Ethernet NIC in my computer is set to "Obtain DNS server address automatically". I'm confused on if the modem or the Ethernet NIC is controlling what DNS is used? The NIC goes into the modem with an Ethernet cable, is the DNS controlled by the NIC just for the computer, and the DNS in the modem is used only for the devices using it vis WiFi?

There are two different settings for DNS that you are kind of conflating here:
1. The DNS servers used by your modem itself when it gets an IP address from your ISP
2. The DNS servers assigned to DHCP clients on your LAN

These can be entirely separate. The default config typically uses the DNS servers provided by the ISP and either acts as a DNS proxy where the modem acts as the DNS server for the LAN, OR, it will pass on the DNS server addresses it received to the clients. You can check how DNS for clients is configured in the LAN DHCP settings usually.

Originally Posted by ZeeOSix
My internet seems to work fine and has the advertised speed, so not sure if the DNS diagnostic test "Fails" are actually impacting anything. I don't like seeing "Failed" when diagnostic tests are ran, and want to find out why it's showing "Failed".

As I noted earlier, IF you can change them to the OpenDNS servers, I'd do that. My results are the same as yours and Skippy's, your secondary DNS server doesn't appear to respond to ICMP traffic (ping).
 
Originally Posted by OVERKILL
Originally Posted by ZeeOSix
Note - the Ethernet NIC in my computer is set to "Obtain DNS server address automatically". I'm confused on if the modem or the Ethernet NIC is controlling what DNS is used? The NIC goes into the modem with an Ethernet cable, is the DNS controlled by the NIC just for the computer, and the DNS in the modem is used only for the devices using it vis WiFi?

There are two different settings for DNS that you are kind of conflating here:
1. The DNS servers used by your modem itself when it gets an IP address from your ISP
2. The DNS servers assigned to DHCP clients on your LAN

These can be entirely separate. The default config typically uses the DNS servers provided by the ISP and either acts as a DNS proxy where the modem acts as the DNS server for the LAN, OR, it will pass on the DNS server addresses it received to the clients. You can check how DNS for clients is configured in the LAN DHCP settings usually.


Yes, I am confused on how the DNS settings on two pieces of hardware in the network (NIC in computer and the Modem/Router) behave, and which one controls what.

Originally Posted by OVERKILL
Originally Posted by ZeeOSix
My internet seems to work fine and has the advertised speed, so not sure if the DNS diagnostic test "Fails" are actually impacting anything. I don't like seeing "Failed" when diagnostic tests are ran, and want to find out why it's showing "Failed".

As I noted earlier, IF you can change them to the OpenDNS servers, I'd do that. My results are the same as yours and Skippy's, your secondary DNS server doesn't appear to respond to ICMP traffic (ping).

I did some searching last night and found a couple of threads on the OpenDNS chat board on how to setup my modem/router to use OpenDNS. I haven't tired it yet, as I'm wondering if it would actually give me any better performance or other benefits. My internet seems to work just fine at this point without any obvious indications that it has performance problems, except maybe something related to the DNS "Failed" diagnostics test (see below for my theory on that). I even ran the DOS command that was given in the OpenDNS chat board thread to see if my IP redirects my DNS queries. Output says I can use OpenDNS.

[Linked Image]


I think the modem self diagnostic test "fails" for my DNS #1 (205.171.3.25) and DNS #2 (205.171.2.25) is because the self diagnostic test probably sees ping time outs, just like we do when pinging it in DOS. Like mentioned earlier, DNS #1 would pass sometimes and DNS #2 fail all the time in the self diagnostic test, pretty much mirroring what myself, you and Skippy722 see when pinging those DNSs in DOS. Maybe CenturyLink has issues with their servers and will see that and get then working right - ?.

I might give it a week and do some more diagnostic and ping tests to see if DNS #1 and DNS #2 ping out better than they do now. If those DNSs have ping issues, how come I don't see any obvious indication of their bad performance on my end?
 
Back
Top