FrameSeer Help: Setting DNS Preferences

Setting Preferences: DNS

The Preferences... command opens the preferences dialog. The following controls in the DNS tab affect how FrameSeer uses the Domain Name System (DNS) to convert IP addresses to domain names:

DNS resolution during capture

This popup menu has three values:

Not allowed: DNS resolution is turned off each time the Start button is clicked and the Domain Names menu command is disabled until the packet-capture is stopped. This is the default setting because it avoids having DNS packets clutter your capture.
Turn off when Start clicked: DNS resolution is turned off each time the Start button is clicked. The Domain Names menu command is available and can be turned on and off while the capture is running.
Turn on when Start clicked: DNS resolution is turned on each time the Start button is clicked. The Domain Names menu command is available and can be turned off and on while the capture is running.

DNS timeout

This area has two controls:

A slider that sets the amount of time that FrameSeer will wait for a reply from the DNS. The allowable range is between 4 and 60 seconds and the default is 15 seconds.
A checkbox that controls how FrameSeer behaves when a DNS timeout occurs. When this checkbox is:

Turned on (checked)

FrameSeer stops processing DNS queries and turns off the Domain Names command in the View menu.

Turned off (unchecked)

FrameSeer continues trying to convert IP addresses to domain names.

Each time FrameSeer asks the DNS to convert an IP address to a domain name, three things can happen:

The DNS can reply with a name that corresponds with the IP address;
The DNS can reply saying that there is no name that corresponds with the IP address. This is quite common. There are no rules that compel anyone to define names for all of the IP addresses under their control;
The DNS does not respond within the timeout.

The last case is unusual. The most common explanations are:

The DNS on your computer is not configured correctly. For example, you may have two DNS hosts defined in your Network Preferences but one has stopped responding. The DNS randomises the distribution of queries so half of your queries will fail after the timeout expires.

Remember:

If your computer obtains its DNS configuration from a DHCP server, it might be the DHCP server that is giving you the wrong information.
Your DNS server is overloaded or misbehaving. This may result in intermittent timeouts.

Remember:

the DNS is a large distributed database so problems might be further away than your ISP’s DNS server.
Network congestion. DNS queries and replies are transported in User Datagram Protocol (UDP) packets. UDP is often said to be “unreliable” because there is no guarantee of delivery. Both queries (FrameSeer to the DNS) and replies (DNS to FrameSeer) can be dropped or lost at numerous points along the way.

It is important for you to understand that DNS timeouts are unusual. They indicate network problems that you should not ignore. Other network applications on your computer will be suffering from the same timeouts but they may be re-issuing queries in a way that hides the problem from you. Do not simply blame FrameSeer when it logs a DNS timeout. It is helping you!

FrameSeer processes DNS queries one after the other. It does this to minimise the load on your network. If a query times-out, FrameSeer normally turns off DNS resolution. It does this to draw your attention to the problem. If you are trying to track down a DNS problem, you may find it helpful to either vary the timeout period and/or to tell FrameSeer to keep trying to resolve queries. That is what the controls in the DNS Timeout area are for.

FrameSeer will only try to resolve an IP address to a domain name once in the same session. Regardless of the type of answer (a domain name, no domain name, or a timeout), that answer is cached. You need to quit and re-launch FrameSeer before it will re-issue a query.