Link to home
Start Free TrialLog in
Avatar of slattdog
slattdogFlag for United States of America

asked on

Windows Domain DNS Configuration

We have a single Windows 2003 domain.  The single DC is also the DNS server.  I have been told by multiple people that in such an environment all computers should point to the internal DNS server -- and ONLY the internal DNS server.  The problem is that our Internet access is less than acceptable on the LAN which has me wondering if the DNS configuration on the DNS server itself is perhaps mis-configured?  From the LAN resolution seems sluggish and oftentimes we have to refresh before a page will even load.  Yet I can take a computer from the LAN and plug it straight into one of the ports on the AT&T router (thus bypassing our DNS server and using the AT&T DNS servers directly) and everything works wonderfully.  Nice and fast without any issue.  What should I be looking at internally as the source of this issue?  Thanks in advance.
ASKER CERTIFIED SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

Okay.  I've made the changes per your suggestion.  Let's see how it goes.  Thanks!
Avatar of FemSteenkamp
FemSteenkamp
Flag of South Africa image
yes

pont the DC's DNS to forward everything other than your domain DNS to the DNS of the serviceprovider.

if you dont do this, then the DNS has to do a root DNS lookup for each query and will thus not use teh "cached" result that the ISP will typically have in its own DNS.

SOLUTION
Avatar of bbao
bbao
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

Okay, I have followed the suggestion(s) posted here but so far it hasn't seemed to make any difference.  I still get "hit and miss" issues when browsing.  About every 3rd or 4th time (roughly) I go to a website I get a page not found message.  If I refresh a couple times it goes through.  However, if I manually set the DNS servers on my workstation to point directly to our ISP's DNS (instead of our internal W2003 DNS server) then the problem goes away immediately.
Avatar of bbao
bbao
Flag of Australia image
how is the DNS server itself? the same symptom if the server uses the DNS service running on it?
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Try going into DNS and doing the tests for a simple and recursive query - does it pass both ?

You must not set the DNS servers on workstationd to point directly to the ISP's DNS, if yuou do then the machines will be unable to resolve internal names.

After pointing the forwarder(s) at the ISP servers flush the DNS cache from the DNS console (right click and clear cache), and also clear the client cache (ipconfig /flushDNS).

Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

Never really done much browsing from the server but I gave it a shot.  It didn't notice the exact same issue on the server itself, but I did notice that the lookups (while browsing from the server) took an inordinate amount of time.  (Which I'm guessing may cause clients to time-out?)
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

Simple Query = Pass
Recursive Query = Pass
Avatar of bbao
bbao
Flag of Australia image
> the same symptom if the server uses the DNS service running on it?
> Simple Query = Pass
> Recursive Query = Pass

just double check, the server is using its DNS service, not directly using an external DNS service...?
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

If you mean are the DNS servers (in the TCP/IP config) pointing to itself, yes.
Avatar of bbao
bbao
Flag of Australia image
so it might be a client-side issue. can you simply post the output of IPCONFIG /ALL and ROUTE PRINT command from one of the problem PCs? it might tell us something...
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

As I look at this further... best I can tell the lookups on the server are just taking way too long.  Every time we get a "Page cannot be found" message in the browser of a client workstation, if you wait a while and then refresh, it loads the page correctly.  Which pretty much coincides with the latency displayed while browsing directly from the server.  The server is taking too long to resolve the URLs and thus the clients are timing out.  Once the server does actually find the page, a simple refresh of the browser takes you right through.

Any ideas what might be causing this?
Avatar of slattdog
slattdog
Flag of United States of America image

ASKER

Here are the "ipconfig /all" and "route print" outputs from a client workstation as requested.  (just fyi, don't let the computer name distract you.  "routing" here refers to the routing of our trucks for shipping -- nothing to do with networking.)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\brad.COLORPOINT>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : Routing
        Primary Dns Suffix  . . . . . . . : colorpoint.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : colorpoint.local
                                            colorpoint.biz

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : colorpoint.biz
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
        Physical Address. . . . . . . . . : 00-1E-C9-4C-7B-80
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.77.180
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.77.1
        DHCP Server . . . . . . . . . . . : 192.168.77.7
        DNS Servers . . . . . . . . . . . : 192.168.77.7
        Primary WINS Server . . . . . . . : 192.168.77.7
        Lease Obtained. . . . . . . . . . : Monday, May 10, 2010 17:05:19
        Lease Expires . . . . . . . . . . : Tuesday, May 18, 2010 17:05:19

C:\Documents and Settings\brad.COLORPOINT>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 4c 7b 80 ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac
ket Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.77.1  192.168.77.180       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.77.0    255.255.255.0   192.168.77.180  192.168.77.180       10
   192.168.77.180  255.255.255.255        127.0.0.1       127.0.0.1       10
   192.168.77.255  255.255.255.255   192.168.77.180  192.168.77.180       10
        224.0.0.0        240.0.0.0   192.168.77.180  192.168.77.180       10
  255.255.255.255  255.255.255.255   192.168.77.180  192.168.77.180       1
Default Gateway:      192.168.77.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\brad.COLORPOINT>

Open in new window

SOLUTION
Avatar of bbao
bbao
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CountryMark2
CountryMark2
did anyone find a resolution for this problem?  i'm having same problem with clients and DNS.  Windows server 2008 R2.  Clients are win7.  you can be working all day and every once in a while a website will time out, and if you just hit the refresh button, bam it loads just fine...
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

The vast majority of DNS traffic is UDP based. That means a request can go off, timeout on the client, and the answer can still come in late (on the server).

When this happens, you end up with the first query showing as a timeout, and subsequent queries work fine and return instantly (as Non-Authoritative Answers).

Check / change your forwarders if you use them. If in doubt, try google's on 8.8.8.8 and 8.8.4.4 and see if you still suffer.

Chris
Avatar of CountryMark2
CountryMark2
yep tried those as forwarders, they don't make any difference.
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Then you'll have to check out your network I'm afraid. Perhaps one thing to check is maximum UDP packet size, it's possible you're dropping packets there.

Perhaps for now simply limit what your server can do by running:

dnscmd /Config /EnableEDnsProbes 0

See if you have a better time with that set. If you do, you might look at the firewall and increase the UDP packet size it permits, exactly how will depend on your firewall.

Chris
Avatar of CountryMark2
CountryMark2
if you don't mind, the following is more important discussion than this one...  I think you were commenting on this and may have a solution for me?


Subject:  Sporadic external DNS lookup failure