DNS client using 50% CPU

torque153

Member
I used to have a X64 HOME PREMIUM, but then I swtched to Vista Business 32, now running with all the updates (which I think are responsible for problems occuring).
I am getting 50% of my CPU engaged in the process SVCHOST that includes the DNS Client. I have shut down all of the processes in this SVCHOST and I determined that indeed DNS CLient is using the CPU. I have tried to uninstall AV, disable WindowsUpdate with no effect.
Open to suggestions.
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
Good troubleshooting. Have rep :)

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?
 

My Computer

The file was created 1/21/2008, with size of 84.5KB

After flushing the DNS:

"Windows IP Configuration
Successfully flushed the DNS Resolver Cache."

nothing changed


Good troubleshooting. Have rep :)

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
The file was created 1/21/2008, with size of 84.5KB

After flushing the DNS:

"Windows IP Configuration
Successfully flushed the DNS Resolver Cache."

nothing changed


Good troubleshooting. Have rep :)

What's the timestamp on your %SystemRoot%\System32\dnsrslvr.dll file?

Does IPCONFIG /FLUSHDNS (from a CMD prompt) make any difference at all?

I'm more interested in the "modified" date on that DLL - that's actually the time when it was compiled. If you search support.microsoft.com on the name of the DLL, its version information, and the modified timestamp, you should be able to work out which update that corresponds to, and whether it's part of SP1 or a post-SP1 hotfix perhaps.

Is it a dual-core processor? (Would mean one core is going flat out, hence the 50% total.)

Does the processor utilisation drop as soon as you stop the DNS Client service, and does it come back immediately when the service is restarted?
 

My Computer

I am not sure I can give you the exact info you need, so I am attaching this dll.

It is T8100 core due CPU and it uses aprox 50% of both cores.

When I kill the process the CPU utilisations drops immediatelly. After some time the SVCHOST containing the DNS Client reappears with its usual 45-57 % CPU utilization.

I'm more interested in the "modified" date on that DLL - that's actually the time when it was compiled. If you search support.microsoft.com on the name of the DLL, its version information, and the modified timestamp, you should be able to work out which update that corresponds to, and whether it's part of SP1 or a post-SP1 hotfix perhaps.

Is it a dual-core processor? (Would mean one core is going flat out, hence the 50% total.)

Does the processor utilisation drop as soon as you stop the DNS Client service, and does it come back immediately when the service is restarted?
 

Attachments

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
I am not sure I can give you the exact info you need, so I am attaching this dll.

It is T8100 core due CPU and it uses aprox 50% of both cores.

When I kill the process the CPU utilisations drops immediatelly. After some time the SVCHOST containing the DNS Client reappears with its usual 45-57 % CPU utilization.

The version of your DLL is (6.0.6001.)18000 - it's from SP1. You might want to try updating it to see whether that makes a difference. KB says this hotfix contains the latest version of DNSRSLVR.DLL (22228):

You cannot perform NetSH commands by using a user account that belongs to the "Network Configuration Operators" security group on a Windows Vista-based computer or on a Windows Server 2008-based computer

Does applying that hotfix make any difference to the processor utilisation levels?
 

My Computer

That hotfix is unavailable to me at the moment, but I don't believe it will solve my problem. The online windows update check says my system is up to date.

btw, I added to your rep for sticking with my problem but your rep number didn't change?
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
That hotfix is unavailable to me at the moment, but I don't believe it will solve my problem. The online windows update check says my system is up to date.

btw, I added to your rep for sticking with my problem but your rep number didn't change?

Why do you say it's unavailable? There should be a download link at the top of that page.

The online WU scanner won't suggest that update because it's not considered "critical" and it's got nothing to do with security. In fact, the KB953835 article has nothing to do with your issue - except that the hotfix contains the latest version of dnsrslvr.dll which is the main part of the DNS Client service. If your issue is caused by a bug which was fixed after SP1, that hotfix may include the new code which will make your issue go away.

Thank you for the rep :)

The rep you gave me did indeed register, but my "rep power" is a different quantity - that's the number of rep points that I give to others by clicking on their scales. (Every registered user has two distinct attributes: their rep, and their rep power.)
 

My Computer

. In fact, the KB953835 article has nothing to do with your issue - except that the hotfix contains the latest version of dnsrslvr.dll

I figured that out..

Anyway I think I am having problems with the download link.

This is what I get on that page:

And if I click the hypertext it brings me to the support:

The KB article has no public hotfixes. Please contact support if you need immediate assistance.
How can we assist you?

and I am not about to contact any ms support.
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
The KB article has no public hotfixes. Please contact support if you need immediate assistance.
How can we assist you?

Ah, I see what you mean. The hotfix download appears mangled somehow at the server end.

How badly do you want to troubleshoot this? I can maybe help you to work out why it's chewing the processor if you're OK to follow some instructions, but it'll get fairly esoteric and there's no guarantee of a practical solution at the end :)
 

My Computer

I ran out of time for today...maybe tomorrow.
I am not familiar with the DNS Client. What will happen if I disable it?
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
This is getting fun. I am working with DNS CLient disabled and today I got a BSOD :-)))

Knowing that it is Vista thus Windows it might not be connected to DNS at all (BSOD are quite common in Vista). This is what WinDbg said about it.
Memory.dmp says its NTKRPAMP.EXE
Mini.dmp says its NETIO.SYS

1. why do these 2 dmp files say differently?
2. netio has to be connected with 'network in and out', can this be rooted back to DNS Client?
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
If you're finding BSoDs to be quite common for you, that might be a separate problem if it started before the DNS Client processor thing.

Otherwise...

1. The dumps don't "say" anything. If the debugger's automated analysis of the full dump and its minidump derivative differs, that would be because of the vast amount of additional info in the full dump.

2. Netio.sys is indeed a driver in the network stack. I doubt a direct link to your DNS issue because BSoDs and high processor utilisation situations stem from fundamentally different problem types.

Your BSoD is likely caused by a filter driver: anti-virus and firewall drivers are common culprits.
 

My Computer

If you're finding BSoDs to be quite common for you, that might be a separate problem if it started before the DNS Client processor thing.

Back when I had the Home Premium 64, BSOD were flurishing. I had 2-3 every week and they were all seemingly unassociated. Then I switched to Business 32 and for some reason I get a lot less BSOD. 1 per two weeks. Interesting enough in the period 2002-2008 I used XP and I didn't experience not ONE BSOD. I though that MS has finally done it right ...but then I installed Vista and it was Windows98 all over again.



1. The dumps don't "say" anything. If the debugger's automated analysis of the full dump and its minidump derivative differs, that would be because of the vast amount of additional info in the full dump.

Your BSoD is likely caused by a filter driver: anti-virus and firewall drivers are common culprits.

I installed new AV just today so that might be the cause.

2. Netio.sys is indeed a driver in the network stack. I doubt a direct link to your DNS issue because BSoDs and high processor utilisation situations stem from fundamentally different problem types.

This is what I wanted to hear, thanks.
 

My Computer

System One

  • CPU
    T8100
    Memory
    4GB
    Graphics card(s)
    9500
Back
Top