DNS client using 50% CPU

torque153 · May 7, 2009

I used to have a X64 HOME PREMIUM, but then I swtched to Vista Business 32, now running with all the updates (which I think are responsible for problems occuring).
I am getting 50% of my CPU engaged in the process SVCHOST that includes the DNS Client. I have shut down all of the processes in this SVCHOST and I determined that indeed DNS CLient is using the CPU. I have tried to uninstall AV, disable WindowsUpdate with no effect.
Open to suggestions.

H2SO4 · May 7, 2009

Good troubleshooting. Have rep

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?

torque153 · May 7, 2009

The file was created 1/21/2008, with size of 84.5KB

After flushing the DNS:

"Windows IP Configuration
Successfully flushed the DNS Resolver Cache."

nothing changed

H2SO4 said:
Good troubleshooting. Have rep

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?

H2SO4 · May 7, 2009

torque153 said:
The file was created 1/21/2008, with size of 84.5KB

After flushing the DNS:

"Windows IP Configuration
Successfully flushed the DNS Resolver Cache."

nothing changed

H2SO4 said:

Good troubleshooting. Have rep

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?

Click to expand...

I'm more interested in the "modified" date on that DLL - that's actually the time when it was compiled. If you search support.microsoft.com on the name of the DLL, its version information, and the modified timestamp, you should be able to work out which update that corresponds to, and whether it's part of SP1 or a post-SP1 hotfix perhaps.

Is it a dual-core processor? (Would mean one core is going flat out, hence the 50% total.)

Does the processor utilisation drop as soon as you stop the DNS Client service, and does it come back immediately when the service is restarted?

torque153 · May 7, 2009

I am not sure I can give you the exact info you need, so I am attaching this dll.

It is T8100 core due CPU and it uses aprox 50% of both cores.

When I kill the process the CPU utilisations drops immediatelly. After some time the SVCHOST containing the DNS Client reappears with its usual 45-57 % CPU utilization.

H2SO4 said:
I'm more interested in the "modified" date on that DLL - that's actually the time when it was compiled. If you search support.microsoft.com on the name of the DLL, its version information, and the modified timestamp, you should be able to work out which update that corresponds to, and whether it's part of SP1 or a post-SP1 hotfix perhaps.

Is it a dual-core processor? (Would mean one core is going flat out, hence the 50% total.)

Does the processor utilisation drop as soon as you stop the DNS Client service, and does it come back immediately when the service is restarted?

H2SO4 · May 7, 2009

torque153 said:
I am not sure I can give you the exact info you need, so I am attaching this dll.

It is T8100 core due CPU and it uses aprox 50% of both cores.

When I kill the process the CPU utilisations drops immediatelly. After some time the SVCHOST containing the DNS Client reappears with its usual 45-57 % CPU utilization.

The version of your DLL is (6.0.6001.)18000 - it's from SP1. You might want to try updating it to see whether that makes a difference. KB says this hotfix contains the latest version of DNSRSLVR.DLL (22228):

You cannot perform NetSH commands by using a user account that belongs to the "Network Configuration Operators" security group on a Windows Vista-based computer or on a Windows Server 2008-based computer

Does applying that hotfix make any difference to the processor utilisation levels?

torque153 · May 7, 2009

That hotfix is unavailable to me at the moment, but I don't believe it will solve my problem. The online windows update check says my system is up to date.

btw, I added to your rep for sticking with my problem but your rep number didn't change?

H2SO4 · May 7, 2009

torque153 said:
That hotfix is unavailable to me at the moment, but I don't believe it will solve my problem. The online windows update check says my system is up to date.

btw, I added to your rep for sticking with my problem but your rep number didn't change?

Why do you say it's unavailable? There should be a download link at the top of that page.

The online WU scanner won't suggest that update because it's not considered "critical" and it's got nothing to do with security. In fact, the KB953835 article has nothing to do with your issue - except that the hotfix contains the latest version of dnsrslvr.dll which is the main part of the DNS Client service. If your issue is caused by a bug which was fixed after SP1, that hotfix may include the new code which will make your issue go away.

Thank you for the rep

The rep you gave me did indeed register, but my "rep power" is a different quantity - that's the number of rep points that I give to others by clicking on their scales. (Every registered user has two distinct attributes: their rep, and their rep power.)

torque153 · May 7, 2009

H2SO4 said:
. In fact, the KB953835 article has nothing to do with your issue - except that the hotfix contains the latest version of dnsrslvr.dll

I figured that out..

Anyway I think I am having problems with the download link.

This is what I get on that page:

Hotfix Download Available
View and request hotfix downloads

And if I click the hypertext it brings me to the support:

The KB article has no public hotfixes. Please contact support if you need immediate assistance.
How can we assist you?

and I am not about to contact any ms support.

H2SO4 · May 7, 2009

torque153 said:
The KB article has no public hotfixes. Please contact support if you need immediate assistance.
How can we assist you?

Click to expand...

Ah, I see what you mean. The hotfix download appears mangled somehow at the server end.

How badly do you want to troubleshoot this? I can maybe help you to work out why it's chewing the processor if you're OK to follow some instructions, but it'll get fairly esoteric and there's no guarantee of a practical solution at the end

torque153 · May 7, 2009

I ran out of time for today...maybe tomorrow.
I am not familiar with the DNS Client. What will happen if I disable it?

H2SO4 · May 7, 2009

The results of name lookups will not be cached so you'll see some performance degradation.

torque153 · May 7, 2009

H2SO4 said:
The results of name lookups will not be cached so you'll see some performance degradation.

I'll try to live with that and see what happens.

Thanks for your help.

torque153 · May 8, 2009

This is getting fun. I am working with DNS CLient disabled and today I got a BSOD :-)))

Knowing that it is Vista thus Windows it might not be connected to DNS at all (BSOD are quite common in Vista). This is what WinDbg said about it.
Memory.dmp says its NTKRPAMP.EXE
Mini.dmp says its NETIO.SYS

1. why do these 2 dmp files say differently?
2. netio has to be connected with 'network in and out', can this be rooted back to DNS Client?

H2SO4 · May 8, 2009

If you're finding BSoDs to be quite common for you, that might be a separate problem if it started before the DNS Client processor thing.

Otherwise...

1. The dumps don't "say" anything. If the debugger's automated analysis of the full dump and its minidump derivative differs, that would be because of the vast amount of additional info in the full dump.

2. Netio.sys is indeed a driver in the network stack. I doubt a direct link to your DNS issue because BSoDs and high processor utilisation situations stem from fundamentally different problem types.

Your BSoD is likely caused by a filter driver: anti-virus and firewall drivers are common culprits.

torque153 · May 8, 2009

H2SO4 said:
If you're finding BSoDs to be quite common for you, that might be a separate problem if it started before the DNS Client processor thing.

Back when I had the Home Premium 64, BSOD were flurishing. I had 2-3 every week and they were all seemingly unassociated. Then I switched to Business 32 and for some reason I get a lot less BSOD. 1 per two weeks. Interesting enough in the period 2002-2008 I used XP and I didn't experience not ONE BSOD. I though that MS has finally done it right ...but then I installed Vista and it was Windows98 all over again.

H2SO4 said:
1. The dumps don't "say" anything. If the debugger's automated analysis of the full dump and its minidump derivative differs, that would be because of the vast amount of additional info in the full dump.

Your BSoD is likely caused by a filter driver: anti-virus and firewall drivers are common culprits.

I installed new AV just today so that might be the cause.

H2SO4 said:
2. Netio.sys is indeed a driver in the network stack. I doubt a direct link to your DNS issue because BSoDs and high processor utilisation situations stem from fundamentally different problem types.

This is what I wanted to hear, thanks.

DNS client using 50% CPU

My Computer

A bit of a numpty

My Computer

My Computer

A bit of a numpty

My Computer

Attachments

My Computer

A bit of a numpty

My Computer

My Computer

A bit of a numpty

My Computer

My Computer

A bit of a numpty

My Computer

My Computer

A bit of a numpty

My Computer

My Computer

My Computer

A bit of a numpty

My Computer

My Computer