DNS Name resolution for "_ldap._tcp.dc._msdcs.fios-router.home" & "wpad" BLOCKED by dnscrypt-proxy! How to fix?

On every reboot of my Win 10 Pro 64-bit PC, I get two Warnings in Event Viewer:

"Name resolution for the name _ldap._tcp.dc._msdcs.fios-router.home. timed out after none of the configured DNS servers responded."
and
"Name resolution for the name wpad timed out after none of the configured DNS servers responded."
Both are Event 1014, DNS Client Events.

The first Warning’s reference to “fios-router.home” must be to my Quantum G1100 modem-router that was supplied by Verizon for my FIOS 1Gbps service. Also, the DNS name resolution is probably needed for proper functioning of the Quantum G1100’s “Active Directory”. See item #4 at this link: -THIS LINK ON MSDN-

But I’m not a tech and don’t know how to start fixing this.

EDIT - More info - and I certainly need your help:
By experimenting, I have determined that these Warnings occur when I have the service dnscrypt-proxy running at startup. It’s a great service that encrypts DNS lookup requests so that nobody - not Verizon and not Google and not man-in-the-middle bad guys – can see where I am trying to go. By the way, I have always set my Simple DNSCrypt to use ONLY cloudflare’s 1.1.1.1 and 1.0.0.1 as its resolvers.

First, there’s a superb article on ars techinca that explains everything about cloudflare’s 1.1.1.1 and dnscrypt-proxy in great detail: How to keep your ISP’s nose out of your browser history with encrypted DNS

Second , you can download and get technical info about Simple DNSCrypt - which helps you install and configure dnscrypt-proxy on a Win machine - from github at github-bitbeans-SimpleDnsCrypt

Third , what should I do to continue using dnscrypt-proxy but let “_ldap._tcp.dc._msdcs.fios-router.home” and “wpad” get the needed DNS/name resolution and so not generate the Warnings I describe above? ◄ This is the important question.

Thanks.

You’re looking for _ldap._tcp.dc._msdcs.fios-router.home and this just isn’t available on whatever the upstream resolver is your dnscrypt-proxy is using. And that’s understandable - the proxy is ecnrypting lookups and making sure they’re resolved by OpenDNS, 1.1.1.1 or whoever and they’re not going to return your local fios-router IP address (RFC 1918 and all that).

Saul - Thanks for fast reply.
I’m only a good amateur user, not a tech. But I understood the dnscrypt-proxy service to cache lots of IP-DNS lookups in my own computer, maybe at 127.0.0.1 or ::1, so that it reaches out only when it has to. In fact, if I do nslookup in a cmd, that’s what I see for local host.
So is there a way to get my local host to do whatever is needed so that these two Warnings get resolved correctly?
And won’t cloudflare’s new 1.1.1.1+Warp have to do the same thing?

I did have a quick look at the dnscrypt-proxy settings when I did my last answer to see if I could find anything but I could not. You could look into configuring WPAD so it uses your router IP address but I’m not a particularly good MS guy so don’t know how you’d do it. Think it’s something to do with a PAC file.

Personally I wouldn’t have thought you’d need a proxy setup so maybe try disabling WPAD. If you still work with that in place there’s no need for your machine to be looking for proxy configs and you should be fine.

Saul - first hint I’ve gotten on a possible workaround.
BUT … what is WPAD, where do I find it, and how do I get it to do what you say (and go back if not helpful)?
By the way, I didn’t know I was using a proxy, although with dnscrypt-proxy and its resolver settings, all my external DNS lookups should be going exclusively to cloudflare’s 1.1.1.1 (or 1.0.0.1), and I know they have a server close to me in New Jersey, so maybe that’s a type of proxy, but then why wouldn’t the default DNS resolvers be proxies?.
But please let me know about WPAD! Thanks,

WPAD is used to find a web proxy (not DNS proxy). Most home users shouldn’t need it which is why you can probably just turn it off to fix your issue

Sorry for dumb Q - but how does one turn it off? Is it a service under the name “wpad”?

I don’t really know, as I said I’m not a Microsoft guy. It’ll probably be a service or registry key but I’m sure Google will have instructions.

Update - just tried nslookup. It says “Domain: fios-router.home” but then says it can’t find that domain.
Here’s a link to a screenshot showing that - gif and pdf: < LINK >
Mean anything?

Sure, means my first answer was right. You can’t lookup fios-router.home on a public DNS service. Just turn off WPAD.

This isn’t really a Cloudflare issue - it’s one you’ll get much more quickly resolved in dnscrypt or Windows/MS forums.

As to the Event 1014 Warning that “Name resolution for the name _ldap._tcp.dc._msdcs.fios-router.home. timed out after none of the configured DNS servers responded.”:

I’ve done some more digging, and maybe what is happening is that my PC’s query to fios-router.home is going to cloudflare 1.1.1.1 (which does not have a DNS lookup for fios-router.home) instead of to my router only. Now, the dnscrypt-proxy service I am using to encrypt my DNS lookups and send them to cloudflare’s new 1.1.1.1 has a Forwarding feature, maybe especially for cases like this. Maybe I need to Forward those queries to my router and NOT to cloudflare 1.1.1.1?

See < THIS PAGE ON GITHUB >

But I would need the precise IP address for where to forward _ldap._tcp.dc._msdcs.fios-router.home . It’s probably 192.168.1.1:something , yes? What would the :something be?

Thanks.

That is correct as per my previous answers.

But I would need the precise IP address for where to forward _ldap._tcp.dc._msdcs.fios-router.home . It’s probably 192.168.1.1:something , yes? What would the :something be?

DNS doesn’t include ports in its responses, only IP addresses so the :something doesn’t matter and isn’t something you can define or that will be returned to clients by a DNS resolver.

If dnscrypt lets you specify a returned IP instead of asking Cloudflare for one then just use your router IP but really, if you don’t use WPAD then just turn it off and save yourself all this messing about.

Saul - thanks again for fast response.

I’ll try forwarding DNS lookup requests for _ldap._tcp.dc._msdcs.fios-router.home to 192.168.1.1, if I can now figure out how to use that Forwarding parameter of dnscrypt-proxy.

However, please note that Forwarding to 192.168.1.1 is not yet the DNS response. It’s only telling dnscrypt-proxy where to send the lookup request in order to get the DNS response back. In other words, it’s telling dnscrypt-proxy who is the DNS resolver (NOT 1.1.1.1) when the lookup request is specifically for _ldap._tcp.dc._msdcs.fios-router.home. So I hope you’re right that a :something isn’t needed.

As to wpad - what is it and how do I turn it off? I looked in Services, but it’s not there as far as I can tell.

In other words, it’s telling dnscrypt-proxy who is the DNS resolver (NOT 1.1.1.1) when the lookup request is specifically for _ldap._tcp.dc._msdcs.fios-router.home .

Ah, OK. That makes sense.

As I’ve said before I’m far from a MS expert but this is the first result on Google for disabling WPAD on Windows:

In a home environment you really don’t need it, it’s just a way for you PC to find out what web proxy to use but at home this is rarely needed (IME). So in your case you’re PC is going off to find out where the WPAD policy is (which is your current error - what IP do I need to get this policy from). As soon as it gets this info it’s going to go out and try to get that policy and presumably fail at that point because you don’t have one (unless your router serves one up for some reason).

Update - trying to follow the wiki link about Forwarding -

(1) I put forwarding-rules.txt into the same folder as dnscrypt-proxy.toml.

(2) I added the line forwarding_rules = "forwarding-rules.txt" (using double-quotes not single quotes) to dnscrypt-proxy.toml right after the line cache_neg_ttl = 60

(3) The only line I put in forwarding-rules.txt is fios-router.home 192.168.1.1

Is that correct?

RESULTS - The above didn’t work, and on reboots I continue to get the Event 1014 Warning "Name resolution for the name _ldap._tcp.dc._msdcs.fios-router.home. timed out after none of the configured DNS servers responded."

What next?

What next?

Disable WPAD.

Saul - I just did that and rebooted twice. Guess what? I’m STILL getting Event 1014
"Name resolution for the name wpad timed out after none of the configured DNS servers responded."
And the other one also:
"Name resolution for the name _ldap._tcp.dc._msdcs.fios-router.home. timed out after none of the configured DNS servers responded."
Doesn’t make any sense to me either.
But thanks for the suggestion and link.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.