We are having trouble with our Draytek router, and I thought this would be the best place to ask.
Our current set-up:
- Cisco EPC3925 modem to our connection point
- Draytek Vigor2850 router connected directly to the Cisco modem
- LAN connection through the Draytek router to our local computers, and a VPN set-up for remote access (which is actively being used).
- Some computers have a switch installed between them and the router.
- Local DNS server, routing local websites to our local servers, and all other traffic to Google DNS (8.8.8.8)
We are currently having a problem where our connection dies - We still have internet access according to Windows, but any web browsing, email clients etc cannot resolve to anything apart from our local PCs. We need to restart the router to fix the issue, but this is keeps on happening - anywhere from once a week to once every 5 minutes.
We're wondering if this is bad hardware, software, or maybe a different issue? It cannot be the switch installed, since even the computers who aren't set-up to the switch have the same issue. Connecting to the Cisco modem directly works; internet works fine in that case.
We've also set-up logs to be sent to our e-mail from our router, and we keep having logs like this:
[DOS][Block][fraggle_attack][192.168.5.3:54235->255.255.255.255:8912][UDP][H
Len=20, TLen=29]
Could this be the issue? If so, what could be causing these supposed Fraggle attacks? I can't think of any local PCs that could be causing this, nor do I know of any local PCs that have this IP (all of them are in the 100+ range). Could it be the VPN, or the modem? We also sometimes have this on IP 0.0.0.0 instead of 192.168.5.3.
Edit: We've got a suspicion this is our Intellisense Network Monitor, generating those Draytek DoS blocks.
Any ideas would be appreciated.
A month late, but its apparent that your problem is DNS-related. If you haven't already resolved this issue, you need to find out what your DNS server is (in Windows, ipconfig /all will display them) and you need to see if you can ping and traceroute to that DNS server when your service goes down.
More than likely your Draytek router is handing out a DNS server via DHCP. If you plug directly into your modem, you're picking up whatever DNS server your ISP is transmitting to you. I'm not sure how rebooting the Draytek is resolving the issue (perhaps it's removing an IP conflict that is making the DNS unreachable) but it may not even technically be the fault of the Draytek.
Try changing your DNS server in a PC manually to a public DNS like 8.8.8.8 while everyone is "down" and see if that restores service.