Had the RBK852 now for just over a month, and have an issue I'll open a support ticket for. Wondered though if others have been experiencing anything similar.
Basically and since day 1 after putting this new router in to replace the old one, every machine on the network has complained periodically about being unable to resolve / connect to a host.
The problem has been tracked down to the DNS proxy software in the router that just seems too easily overloaded and returning REFUSED response flags for DNS requests, even to hosts that recently resolved fine, and who resolve fine on the next attempt.
A number of things have been ruled out. It is not, for example, because:
1. The ISP's DNS servers are flaky. Whether I use those or Google's, the result is the same. Also configuring the machines to use those DNS servers directly and bypassing the proxy has no issues.
2. The router is not that busy at the times; there may be (say) a dozen or so DNS requests issued in short period of a second or two sometimes, such as when opening an ad-and-cdn-heavy browser page, but still the volume and packets are relatively small all things considered and occurs even at quiet times of the night when there's probably less than 10Mb/s being pulled in either direction through the router.
3. Not a machine issue; for as long as the DNS results are in the cache (before TTL expires), there are no problems, and there are no problems with DNS resolution when using the servers directly by IP instead of DHCP/proxy.
4. Wireshark confirms absolutely that the problem is a REFUSED ("by policy, etc.") situation to resolve the DNS, not because it can't be done or there are extenuating issues such as network/backbone outages. E.g. a wireshark filter of "dns.flags eq 0x8185" is enough to see that every problem occurring corresponds with this exact single response to the DNS request.
5. Packet analysis of the Wireshark data shows the DNS requests made and the responses received are all correctly formed and the network is not suffering from any issues relating to TCP retransmissions, dropped packets, etc.
6. In that past month the machines have undergone full shutdown and restarts, I've fully reconfigured the network properties, and the router itself has been subject to at least 3 and maybe more firmware updates and full reboots, all seemingly having zero effect.
I haven't ruled out that this might be some odd incompatibility issue between the router and the ISP/modem, but then I can't other than to show that without using the DNS proxy in the router and everything else being the same, the problem doesn't happen even one time.
I suspect, although I'm loathe to do it, that I'll be asked to do a full system reset of the router. I also suspect it'll do zero to address the issue despite having heard on the forums that this has seemingly resolved some other issues before. So as it is very inconveniencing to have to reset it I would rather not given the evidence doesn't suggest there's a good cause for it.
Also note that this router doesn't have Circle and I have never used/activated (and never will use/activate) Armor. I've seen that some non-DNS issues with connecting to sites can occur as a result of these systems blocking access for example, but that doesn't apply to me.
Has anybody else been getting these kinds of issues with the DNS proxy? Any solutions that worked for you besides manually configuring all your devices to use another DNS server than the proxy (and/or setting up a replacement DHCP service to do so more easily)?
I'd rather not introduce additional links into the chain, but as best I can tell we don't really have ways of touching the DNS proxy configuration (e.g. perhaps increase its concurrent request capacity or timeout levels) in order to see if they would help improve things or not.
P.s. This issue and the previous ports one that got fixed in a recent FW release are really the only big issues I have had with the system along with a couple of other minor gripes that were resolvable/bearable; I'm not unhappy with it overall and it has had quite a few good points going for it, but the DNS issue as it stands is not something that can be lived with. I am a heavy user and would estimate that I easily get over 50 occurrences of this issue every day that the DNS proxy is being used. That drives me nuts, especially when my family get on my case about it too!
