Weird DNS ISSUE

[gwilly7]

We have a small business network of about 30 work stations. I had a tp-link TL-ER6020 and all had been working great for a few years but it started dropping our site to site vpn connections overnight so I decided to upgrade to a new vpn router. I first bought the cisco RV-320 and it worked ok for a week or so then stations started losing internet connections. Windows diagnostics said your computer seems to be configured correctly but the device or resource (DNS server) is not responding. Rebooting the workstation or the rv-320 would fix this. I opened a ticket with cisco, but they suggested that I just return the router. I did this and purchased the zywall 110 instead but seem to have the same problem as the cisco router. I have however found that if I leave the workstations on and turn off both the comcast modem and the zywall and turn them on at the same time that all computers get internet connection but if i reboot a computer it again looses connection. Most computers are statically addressed using google dns servers. Computers connecting via dhcp appear to have the same problems though. If I fall back to the TP Link router I have no DNS problems. It seems very odd that both the zywall and cisco product produced the same issues but the tplink router did not. Comcast is our ISP and we have a block of statis ip addresses. All three routers are configured exactly the same. Very basic settings, just the wan connection and 4 site to site vpn tunnels. No special firewall configurations. Does anybody have any ideas on what I can do to fix this.

 

[System Error Message]

Unless you want to spend more than $1K you should avoid cisco. the cisco rv series has the same design and flaws as consumer routers and lack the performance of configurable routers. I would suggest a mikrotik routerboard with PPC CPUs at least or TILE CPUs if you want VPN. That leaves the RB850gx2,RB1100AHx2, CCR series to choose from. RouterOS doesnt suffer from the unreliabilities you experience but they require skill and knowledge to set up. If you are setting up VPN from 4 sites and use routerboards/routerOS you can use some of mikrotik's proprietary protocols such as packet compression to reduce bandwidth usage. with RouterOS you can set some DNS settings and also capture DNS requests via the firewall to get around the problem if it happens. Both the PPC and TILE CPUs are much faster at VPN than the commonly used MIPS or ARM A9 CPUs floating around in routers.

if you have 4 VPN sites you can benefit greatly from a TILE based routerboard since the lowest has 9 cores, 4 of which you would be using for VPN. Each TILE core does 300Mb/s of PPTP VPN and both PPC and TILE CPUs have hardware encryption where IPSEC and SSL performance is concerned. Each PPC core does 500Mb/s of VPN.

 

[gwilly7]

Found my problem. Had the wrong subnet mask on my static ip. All is good now. So far the zywall 110 runs very well.

Sent from my SM-G920V using Tapatalk