[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 933
  • Last Modified:

SLOW DNS RESOLUTIONS

I have a client with a small (5 old Win98 workstations) network.  They have no server and had an old ISDN connection that seemed to work periodically but have long timeouts.  They upgraded their link to a Birch T1, but are having the same issues, Internet connectivity up and down.  

They recently added antivirus software to their PCs but they seem to scan clean.  I plugged a laptop directly into their gateway and it performs fine.  If I run it through their cabling, it seems slower.  If I plug other network devices back in, it is even slower.  Tracerts show increasingly slower responses and it seems like DNS is timing out.  

We had their cabling vendor come in and test cabling, but they say it is all OK.  I plan to swap their switch, but am looking for other ideas and tests.  Any suggestions?

Thanks,

Steve
0
smeek
Asked:
smeek
  • 5
  • 5
  • 4
  • +2
3 Solutions
 
qwaleteeCommented:
try monitoring traffix.  Perhaps a device is sending out a packet flood (either due to misconfiguration, or from a worm.)
0
 
lrmooreCommented:
Definately could be a switch problem.
Who's DNS are they using? Suggest setting up an internal DNS server that simply forwards all requests to the root servers. This way, all internal clients use the local DNS server and everyone does not have to go out to the internet for every single dns request. The local server will cache a lot of it. This will improve their response times tremendously.
You say that they don't have a server, but you can get a Win98 add-on, most likely freeware...
http://www.totalshareware.com/asp/list_view.asp?catid=374
0
 
chicagoanCommented:
Cabling's ok... is it cat5 or cat3?
put a HUB between the gateway and the switch
get wincap and ethereal on you laptop and see what's going on
what's the switch make / model?

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
smeekAuthor Commented:
Cat 5e, just put in by cabling firm with a 24p unmanaged switch.

I did try Ethereal and WinCap, but my first time with a sniffer and not sure what to look for.  I did catch some obvious stuff (saw some IPX and NetBIOS traffic, so I tracked down clients that had it configured and removed).  Any special sniffing reports or items to look for...
0
 
lrmooreCommented:
duplex mismatches are #1 headache in switched networks.
If it is unmanged switch, it most likely does not keep interface error counts.
If it is unmanaged switch, your sniffer is going to be less than effective unless you can turn one port into a "mirror" port - not likely on an unmanaged switch.
Look for collisions. Collisions are not acceptible on switched networks, but will show up with a duplex mismatch.
Make sure all PC's are set to autodetect speed/duplex, not hard-set to 100/full or anything else
Power-cycle the switch.

If you want to make a dramatic difference, you need a local DNS server. Period.

0
 
chicagoanCommented:
>Make sure all PC's are set to autodetect speed/duplex
IMHO - make sure they're properly detecting speed/duplex - else set them explicitly
0
 
cooleditCommented:
try to look if you have the following systoms in your network many broadcast (could make minor broadcast storms)
how many PC in each broadcast domains.

Could you provide a little more info on your network as how big is your IP-Range pool how much extra subnetting do u have, you must help to see if you can figure out (draw the plan route of the packets how does it traverse through your network)

remeber one of the very good rules in the network topology, switch many route once
0
 
lrmooreCommented:
chicagoan, Not meaning to argue, but perhaps an honest exchange of professional opinions..
>else set them explicitly
Note that this is an unmanged switch. If one end is auto (switch end, not changable), and one end is explicitly set, then you run a very high risk of a duplex mismatch. If you hard-code a NIC to 100/full, and the switch is set to auto, the switch does not see the autonegotiation packet, it could default to half-duplex. This is the default behavior of many switch brands. Especially on the lower end un-managed switches. It is by design so that you can plug a hub into it. Plug and play by the novice. Because a hub was never designed to negotiate, it does not try. If the switch senses that there is no negotiation attempt, it thinks it must be a hub and hubs can only work at half-duplex, therefore I'm going to set that port to half-duplex. That is why either both ends are hard-set, or both ends are auto.
0
 
chicagoanCommented:
Thanks - "Set them" should have been qualified!

we agree that you want the most reliable way of matching speed and duplex

My remark "make sure they're properly detecting speed/duplex" was meant for smeek to examine that issue.
You're right, in the absence of auto-negotiation of whatever is attched to the switch will default to 1/2 duplex, but I have seen many installations that don't auto-detect properly and I think you're better off with 100half on both ends than with a mismatch.
As far as "thinking it's hub", I don't like to anthropomorphize network hardware, it makes it too easy to hold a grudge.
I 'think' the hub issue is more about auto MDI/MDIX detection... but that's another debate - though I will say I don't like hanging hubs off cheap switches not knowing how they'll handle the spanning tree.

0
 
lrmooreCommented:
Touche'
Glad we're on the same team!

At least we are all in agreement that there could be a duplex mismatch that does cause all manner of network performance issues...Replacing the switch would be a wise move at least for testing purposes and an easy way to eliminate one possibility. Get a cheap one, plug it in and if the performance is not improved, put it back in the box and take it back to the store. No cost to test it, and you have just ruled that out as a problem.


0
 
cooleditCommented:
what I tried to see if it was possible to figure out which switch has the root port ?

One switch must be the one with the root port if they can not determine who is the root switch it will start over a new negotiation "period" assuming there are more than one switch of course and that will lame your network. Maybe stupid answers in the fact since you got unmanaged switch but would like to know more of your network setup to give better answers.

Subnet (Supernetting)
How many nodes on each subnet (possible broadcasts) to avoid collisions (maybe consider as stated from Lmoore if you are running a 10MB affected network the possibilities for collisions are 100 % bigger (100MB Network = 0 collisions)
manageable switches are farely cheap today.

0
 
cooleditCommented:
sorry for mistiping lrmoore
0
 
smeekAuthor Commented:
cooledit

Not sure what other data you are looking for...

My first statement was that it was a five PC network.  They have a private IP range (Class C).  They have a single Lexmark network printer.  

Did I miss any info you were looking for?

S
0
 
cooleditCommented:
that Lexmark is that running 10MB NIC
0
 
chicagoanCommented:
sorry to repeat myself... the cabling is it CAT3... CAT5... doorbell wire??
0
 
lrmooreCommented:
chicagoan:
>Cat 5e, just put in by cabling firm

One of those days, huh?
0
 
chicagoanCommented:
sorry - jeez - i had just read the whole post again too... better have another gertiol
0
 
smeekAuthor Commented:
Actually, the business is in Fort Worth, so it is using the 802.8 standard, Ethernet over barbwire...

Thanks for the help, I was able to sniff enough details to track down 2 errant NICs (what luck).  One, I was able to update the driver and get it working properly, it would autonegoiate properly.  The other one is still an issue, so I plan to replace the NIC.  One was saturating other w/s, the other was saturating the router causing it to drop and DHCP to stop working.

Thanks again.

Steve
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 5
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now