CGNAT & Running DNS Benchmark

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

S

SCFan

New member
Oct 11, 2025
3
0
Hello. New member here and joined to ask a question since I've not seen the answer covered anywhere on the forums or the DNS Benchmark webpage(s) or via other sources. Apologies in advance for my ignorance on these matters. I'm posting this in case it can help, or at the very least help me and others learn something.

I recently changed ISPs. Went from wireless to fiber. With the prior ISP I had a dynamic IP address and the Benchmark ran great.

The new ISP has me behind CGNAT (10.10.x.x on router's WAN (not 100.x.x.x). "What is my IP" web lookup is 23.147.x.x) and the Benchmark won't work when running straight from the .exe. I get all red circle (no cache) DNS servers / "Nameserver returned invalid replies" and the "Run Benchmark" button is grayed out.

I ran Proton's VPN software (installed on computer, free / slower version) and when connected was able to run the Benchmark after restarting it. The three DNS servers set on the router have the boxes / border around them (1.1.1.3, 1.1.1.1 and 9.9.9.9). I'm guessing the ISPs DNS server also has a box (10.2.x.x. My LAN is all 192.168.x.x). The first 29 entries (sorted by Fastest First) have close to the same cached speeds (0.025 - 0.034). The uncached and dotcom have more variability. The fastest uncached reports 0.049 and fastest dotcom reports 0.033.

If I disconnect the VPN and go back to the already open Benchmark screen and hit Run Benchmark again, it runs but all the red bar cached entries go away and it only reports uncached and dotcom. The fastest response times are 0.04 and 0.011, respectively.

I ran NS lookup (without the VPN connected) and checked the Wireshark record for the DNS query and saw that I did get a regular response from 1.1.1.3 (primary DNS on router). No problems. 10-20 ms response time for those packets.

I have not reached out to my ISP yet to see what, if any, kind of blocking they may be doing. I don't know enough to make an educated guess as to why these symptoms are occurring.

If, without the VPN I get normal DNS responses from 1.1.1.3, I don't understand why the Benchmark won't initially run without the VPN connected and then why the cache entries go away when re-running the Benchmark with the VPN disconnected.

Thoughts? Thanks!
 
Get yourself a list of common DNS servers (from DNS Benchmark or elsewhere) and try doing manual nslookups against them to see if the ISP is blocking all access to some other ISPs DNS. In nslookup you can type server x.x.x.x to switch servers. Then just put in a DNS name to test for a response. (You can also modify the type of query with the type command but that isn't really relevant for these tests.) An example:

Code: 
C:\Users\Paul>nslookup
Default Server:  router.myhome.com
Address:  192.168.9.1

> server 9.9.9.9
Default Server:  dns9.quad9.net
Address:  9.9.9.9

> grc.com
Server:  dns9.quad9.net
Address:  9.9.9.9

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to dns9.quad9.net timed-out

> server 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [8.8.8.8]
Address:  8.8.8.8

> grc.com
Server:  [8.8.8.8]
Address:  8.8.8.8

Non-authoritative answer:
Name:    grc.com
Address:  4.79.142.200

>exit
 
Here are the results from running that:
PS C:\Users\B> nslookup
Default Server: family.cloudflare-dns.com
Address: 1.1.1.3

> server 9.9.9.9
Default Server: dns9.quad9.net
Address: 9.9.9.9

> grc.com
Server: dns9.quad9.net
Address: 9.9.9.9
Name: grc.com
Address: 4.79.142.200

> server 8.8.8.8
Default Server: dns.google
Address: 8.8.8.8

> grc.com
Server: dns.google
Address: 8.8.8.8
Name: grc.com
Address: 4.79.142.200

> exit

---
Side note: I tested the Benchmark when the same computer was connected to a mobile hotspot and the Benchmark ran fine.
 
Last edited:
Does your router have any security features that might be mis-classifying DNS Benchmark's traffic as malicious? From what I know about CGNAT, I doubt it's causing this issue.
 
@ColbyBouma - Regarding CGNAT, thanks for the comment. I just looked at the logs (UCG Ultra) and saw that inbound on port 53 is being blocked from 8.8.8.8... and a few others due to a the signature "ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014". I'll dig into that more. It's not listing all of the DNS servers / addresses, just four of them.

@peterblaise - I'll test that as well just to learn about how the system responds.

Thanks for the various thoughts and comments. I'll post what I figure out about the intrusion prevention issue, etc.
 
You must log in or register to reply here.

Similar threads

T
DNS Benchmark, Which DNS Server is best for me ?
Replies
12
Views
3K
DNS Benchmark
peterblaise
peterblaise
P
  • Contains 1 staff post(s)
DNS Benchmark as a Windows service idea
Replies
1
Views
1K
DNS Benchmark
Steve
Steve
D
  • Contains 1 staff post(s)
DNS Benchmark on Apple Silicon Parallels Win11 ARM no Internet Access?
Replies
4
Views
2K
DNS Benchmark
Steve
Steve
Steve
  • Contains 3 staff post(s)
Beginning work on v2 of the DNS Benchmark
Replies
17
Views
21K
DNS Benchmark
Info
I
BrianDead
  • Contains 1 staff post(s)
DNS queries are not being consistently answered
Replies
7
Views
621
DNS Benchmark
Steve
Steve
Top Bottom
Back