I have been having intermittent Internet slowness for some time. It has been really challenging to me, and I have tried so many things. I replaced the modem, tried 3 routers, replaced a smart switch with a dumb one just in case it was a bottleneck, tried messing with QOS, etc. I am on the verge of adding a second IP and a dual wan router to see if that can help, but I am confused. When the Internet is slow, my Modem and Router pages are also slow. That made me think that there is some internal problem.
Today as soon as more than 15 users or so went on, things went south again. I tried using wireshark to see if I could figure anything out. I saw DNS Server Failed messages all over the DNS servers' wireshark trace. I tried nslookup from my local machine. Timed out. Tried from server, timed out. Tried nslookup google.com 208.67.222.222, instant reply. Suddenly I am thinking, this isn't an Internet problem at all. I just don't have internal DNS. Looked carefully at the Nslookup. It is pulling the IPv6 address of the server and failing. Then I tried nslookup google.com 192.168.1.6. That failed too. I disabled IPv6 (the protocol in network on the adapters) on the servers, and nslookup started working again, as did the Internet. However, I hear that is not a good practice.
What am I doing wrong? What should I do?
Thanks so much if you can help.
Note added next day below:
When many devices were on today, the Internet died again. I contacted ATT, and was told things seem fine from them to the modem. Wireshark isn't picking up anything that looks wrong to me. I found a mangaged switch to put between our Proxy and the rest of the lan and recorded all traffic to and from the proxy for a while. DNS requests were mostly working, although some timed out, but I think just because the Internet was terrible. Rebooting the proxy server seemed to fix things today. So, the last thing that seemed to fix things, turning off IPv6, may not have really done anything at all. DNS was just timing out, and happened to stop timing out at the same time I disabled it?
Best Answer
It might be that some device on your network is pretending to be an IPv6 gateway without actually having a working IPv6 uplink. For example: Broken routers and systems with internet connection sharing sometimes do this.
You can check the routing table and neighbour discovery table on your server to see where it tries to send IPv6 traffic. In wireshark you might see ICMPv6 messages if type RA or Router Advertisement. The source MAC address might tell you which system is causing this.
For a more structural solution: some switches have a feature called RA-Guard to block unwanted RA messages. Otherwise tools like NDPmon can detect and counter them.