Chapters

Introduction Planning Local Area Network Broadband Sharing Troubleshooting Common Problems

Network Trouble-shooting

Testing Ethernet Adapter LAN Functionality Testing Internet Connectivity Slow or Overloaded Network Network Troubleshooting Tools

Baby Step 2: Ping Your ISP's DNS Server

Once we've been able to ping our ISP's gateway, the first "network hop" outside of our own equipment, the next test is to see if we can reach our ISP's DNS servers. We will do this by pinging the IP address of one of those servers. Of course, before we can do that, we need to know what those IP addresses are. If you have fixed/static IP service, as part of your initial sign-up package or email, your ISP should have included the IP addresses of the DNS servers it wants you to use. They will generally give you two (or more) addresses. We need two so that our router can still have DNS services if one of the servers goes down. (Remember, the DNS service is used resolve the names of Internet sites like "www.godiva.com" to their respective IP addresses. Without the DNS service, we won't be able to reach any web sites other than by IP address.) If your ISP didn't supply those IP addresses, check their web site or call their technical support line and ask for them.

If you have dynamic IP address service using your ISP's DHCP server to get your Internet IP address, you may have to do a bit more hunting. You should be able to call your ISP and ask for them, as was mentioned above, or your ISP may have listed them for you when you signed up. Like we did in the last section (to find out your currently assigned IP address), we can use your router's status page to find out your current DNS server IP addresses (if you have ever successfully used the service in the past). The Basic Settings screen of the Netgear WGT624 gives this right below the Internet IP address as demonstrated below.

Using the router's status page to determine your DNS server's IP addresses

The two IP addresses in this example are 151.197.0.38 and 199.45.32.38. Now that we know the IP addresses of our DNS servers, we can proceed with the ping test. Try both IP addresses to see if the ping test passes by reaching the DNS server. An example using the second of my example DNS servers is shown in the following screen capture. If you are successful with your ping test here, skip to Baby Step 3: Ping A Well-Known IP Address. Otherwise, continue on into the following troubleshooting section.

Pinging one of the DNS servers
If you are able to ping your ISP's DNS servers, write down their IP addresses. These address should rarely change, so you can save time by doing do. Also, if these servers are down, you won't be able to browse to your ISP's web site in order to find out what the addresses are. (Nice Catch-22 there.)
Troubleshooting a DNS Server Ping Failure

If the ping test to your gateway address for your ISP passes, but your ping test to your ISP's DNS servers fail, your ISP may be having a problem within their internal network or their DNS servers are down. Interestingly, if the DNS servers are down, we actually still have full connectivity to the Internet, but we've lost the capability to resolve names into their corresponding IP addresses. Without that capability, we won't be able to browse the Internet, fetch email, access game servers, or anything that else we try to access by name. Unfortunately, it also may be true that the DNS servers are fine, but your ISP does not allow pings to their DNS servers. If you suspect that this is the case after following the procedures in this section, try the tests in Test 7: Testing for DNS Functionality. (Note to ISPs: It's perfectly acceptable to reject or drop ping requests originating from the Internet at large, but you should accept ping requests from your own clients. Note to others: I have yet to have an ISP that blocks ping requests from their clients.)

Another possibility is that the IP addresses for the DNS servers have changed, but your ISP didn't inform you. (This is usually only a problem with static IP address accounts as dynamic IP addresses will get the new DNS server IP addresses the next time your router retrieves an IP address from your ISP's DHCP server. If you do start having this problem and you are using dynamic IP addressing with your ISP, try rebooting or power cycling your router to force it to get the new information.) One of my previous ISPs liked to move their DNS services from one IP address to another without informing anyone. They didn't do it often; the IPs changed maybe once or twice a year at most. First, they would move one and some time later they would move the other. Also, if your ISP has been bought out by another ISP or your ISP buys another ISP in the same geographic area, they may decide to consolidate DNS servers and other resources, which may change the IP addresses you need to use.

As a final check, try pinging one or more of the IP addresses in the following list: 198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90, 192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, 192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, & 202.12.27.33. These are the IP addresses of the Internet's root DNS servers (current as of December 12, 2008). These occasionally do change, but only one or two and even then only over a period of years. When you try to browse to an address that your ISP's DNS server doesn't have, it consults a DNS server ranked above it. If that DNS server doesn't know the address, it contacts a DNS server higher up the chain of DNS servers until one of the root servers is reached. These are the addresses of those root servers. They may know the answer directly. They may know which DNS server to contact as the primary DNS server responsible for that domain name. If they don't know the address for a name and can't find a server that does know, the name doesn't exist as far as the Internet is concerned. Not all of these DNS servers allow themselves to be pinged, but most do.

If you try four or five of the IP addresses in that list and none of them respond, the problem is in your ISP's internal network or their connection to the rest of the Internet. You aren't able to reach IP addresses outside of your network, but you can reach the gateway. This is a problem for your ISP to solve, so you need to call their technical support line. If the problem is this big, they're almost certainly going to be already aware of it, but they should be able to give you the scope of the problem and when they think it will be fixed.

On the other hand, if at least one of those root DNS server IP addresses responds to a ping, your ISP's DNS servers are down, they don't respond to ping requests, their addresses have changed an you weren't notified or your ISP is having problems with loosing DNS requests (because of faulty equipment or an overloaded, congested network). The problem may clear up after a short while in the case of congestion, but this is still a problem you should contact your ISP about. Not all of the network problems you'll encounter on the Internet are yours. When you call your ISP's technical support line, verify that the DNS servers are up, and if they are, what their IP addresses are.

Baby Step 3: Ping A Well-Known IP Address

If you are not able to ping your DNS servers (See the previous step.), it's a sure bet that you won't be able to complete this step. However, even if you are able to ping something at the IP address your ISP's DNS servers are supposed to be at, all you really know is that some device at that address responds to a ping. The next test, Test 7: Testing for DNS Functionality, will help us determine if that machine is really a DNS server. For now, let's assume that if we can ping it, it is a DNS server.

The next test is to ping a well-known site like www.google.com or www.ebay.com or your ISP's web server (e.g., www.verizon.com, www.comcast.net). The successful results of such a ping are shown below. If you get a successful ping to one of these sites, but you can't reach a particular site like www.joes-small-insignificant-web-site-is-down.com, your connection is probably just fine. Poor Joe, however, has got a problem with his/her site. If one well-known site doesn't answer the ping, try another. Every site goes down occasionally. They might just be doing routing maintenance or upgrading. If pinging Google and one or two other well-known sites all fail, go to the trouble shooting section below.

Pinging Google.com as a well-known site
Troubleshooting a Well-Known Site Ping Failure

Assuming you've gone through the previous (baby) steps, troubleshooting here means we were able to ping our gateway and beyond that to some device(s) that we believe to be our ISP's DNS server(s). Unfortunately, pinging a system beyond that failed. This might be because our ISP's DNS servers are not working correctly or your ISP's connections beyond its own network are experiencing problems. Now, we'll try to determine which.

If pinging a well-known site like www.google.com returned "Unknown host" then it is likely your ISP's DNS servers are down. This is because sites like Google and Ebay are highly redundant and at least one of their machines should respond. You may again want to try pinging the root DNS servers (using their IP addresses) given in the list in the previous section. If you can reach two or three of them, it's even more likely dealing with a DNS server failure at your ISP. If we cannot reach the root DNS servers either, the ISP's network connection to the rest of the world is in question. It's time to call your ISP's friendly technical support line in either case.

If pinging www.google.com returned "Destination host unreachable" or "Request timed out," the DNS servers are probably working fine, but the ISP is having connection problems to the rest of the Internet. It's still time to call your ISP. If you try this same test for www.joes-small-insignificant-web-site-is-down.com, but get either of these responses, it's most likely Joe's site that is down, not your ISP. Joe's site may also have moved to a new IP address, but your ISP's DNS servers haven't been updated yet. In either case, wait a while and try again. Don't call your ISP about Joe's site being down (unless you are Joe and your ISP is hosting your web site). They don't care about Joe. They don't care if you can't reach Joe. Now, if you can't reach Google, that might spark their interest.

Ping returning 'Request Timed Out' messages
Ping returning 'Destination Host Unreachable' messages