limited access or no access to web DNS??
VERY VERY strange one here. One ISP Time Warner Telecom. Two T-1 Lines. Out of their data port they hand off to me. I have a Zyxel Zywall 2 router in place. I setup so that the public x.x.x.2 goes to the 2000 server and the public x.x.x.3 goes to the 2003 server. These two different servers server two different networks with two different companies. Both servers are running exchange and DNS. The public x.x.x.4 address resolves to the workstations on the internet. From the router output to a switch and then to the servers and workstations
With that said we have problems with any yahoo website. Finance.yahoo.com , travel.yahoo.com, movies.yahoo.com and sports.yahoo.com. Any of those are just so slow it takes five minutes to finally load and then it doesn't load pictures. What is very strange is that before about 9:00 AM it is smoking fast without problems and then it goes to nothing. Sometimes it is fast but there isn't any consistent pattern except that it is slow and frustrating.
Time Warner tells me we have a DNS problem. Both 2000 and 2003 DNS servers forward to their DNS servers. All clients point to their correct servers for DNS. Cnn.com or msn.com or msnbc.com are smoking fast.
I have heard about EDNS and I dumped that. Still having a ton of problems. Do you think it could be throughput with the router? Thanks,
Brad
With that said we have problems with any yahoo website. Finance.yahoo.com , travel.yahoo.com, movies.yahoo.com and sports.yahoo.com. Any of those are just so slow it takes five minutes to finally load and then it doesn't load pictures. What is very strange is that before about 9:00 AM it is smoking fast without problems and then it goes to nothing. Sometimes it is fast but there isn't any consistent pattern except that it is slow and frustrating.
Time Warner tells me we have a DNS problem. Both 2000 and 2003 DNS servers forward to their DNS servers. All clients point to their correct servers for DNS. Cnn.com or msn.com or msnbc.com are smoking fast.
I have heard about EDNS and I dumped that. Still having a ton of problems. Do you think it could be throughput with the router? Thanks,
Brad
ASKER
ISP is line provider. Time Warner Telecom does both.
Server 1 is WIN 2000 , AD, DNS, Points to itself
Server 2 is WIN 2003, AD, DNS, Points to itself
Clients for server 1 point to server 1 primary and nobody secondary
Clients for server 2 point to server 2 Primary and nobody secondary
When I setup the clients directly in line with the ISP DNS still doesn't go out. I tried to get to finance.yahoo.com and could not get out. I then went and pinged finance.yahoo.com and got the IP. I put the IP in the browser and still could not get out.
Thanks for the comment. Can you think of anything else. Could there be something in the router that would stop requests from going through.
Brad
Server 1 is WIN 2000 , AD, DNS, Points to itself
Server 2 is WIN 2003, AD, DNS, Points to itself
Clients for server 1 point to server 1 primary and nobody secondary
Clients for server 2 point to server 2 Primary and nobody secondary
When I setup the clients directly in line with the ISP DNS still doesn't go out. I tried to get to finance.yahoo.com and could not get out. I then went and pinged finance.yahoo.com and got the IP. I put the IP in the browser and still could not get out.
Thanks for the comment. Can you think of anything else. Could there be something in the router that would stop requests from going through.
Brad
can you post results of nslookup (for yahoo.com) and tracert yahoo.com?
Sounds very frustrating...
You say everything works fine at 9 in the morning and before? I would say that dns is setup and working properly as dns doesn't decide what times to work and not work.
I am going to assume you are using private IP addresses on the inside of your network for all nodes (pelase correct me if this is a false staement).
Are you running bgp? Has the isp verified the line all the way back to the co, or just the local loops?
Have you verified there is not a machine, or multiple machines that have spyware/virus problems that get turned on about the time everything stops working?
You say everything works fine at 9 in the morning and before? I would say that dns is setup and working properly as dns doesn't decide what times to work and not work.
I am going to assume you are using private IP addresses on the inside of your network for all nodes (pelase correct me if this is a false staement).
Are you running bgp? Has the isp verified the line all the way back to the co, or just the local loops?
Have you verified there is not a machine, or multiple machines that have spyware/virus problems that get turned on about the time everything stops working?
Hmm.. sounds suspiciously like a provider issue to me.. but I would question you about the timing, and if this is when a certain system on your LAN is powered up? First thing I would do is put a sniffer on the wire and watch the traffic. If your T1 is an ethernet connection to the DSU/CSU, that is where I would place it. I use Ethereal, and you can dnload it for free.
If there is nothing suspicious there, then I would point to Time Warner. There are some tests that can be run, provided by a Cisco Support site you might want to try...
http://cosi-nms.sourceforge.net/
You might also run some diagnostics on your DNS server, but it just does not sound like the problem is on your side of the fence here.. Netdiag, DNSLint, and DCDiag are the ones I like...
FE
If there is nothing suspicious there, then I would point to Time Warner. There are some tests that can be run, provided by a Cisco Support site you might want to try...
http://cosi-nms.sourceforge.net/
You might also run some diagnostics on your DNS server, but it just does not sound like the problem is on your side of the fence here.. Netdiag, DNSLint, and DCDiag are the ones I like...
FE
ASKER
I haven't thought of the workstation issues. Yes I can check computer by computer to see if this is a cause of the problem. That is an excellent thought. As for BGP I know that I am not but I will have to see for Time Warner. When you say sniffer yes I know what a sniffer is but I haven't ever used one. Would I just put a machine between the versapack ethernet connection and the router. I think this is what ou said.
Yes we are running NAT.
Is there an efficient way to rule out the router?
Yes we are running NAT.
Is there an efficient way to rule out the router?
Yea. Packet Sniffers can tell you a lot, but be prepared to see a lot of data passing by. I usually carry a hub and throw that on the line spliced between ethernet connections. Usually it is placed on the inside of the LAN, but I would think that you could put it outside also on a T1 line.. In fact, on second thought, if you are running through a switch, put it on the line going out to your perimeter router and see what is passing by. Only capture a few minutes of data, or you will be all night analyzing it.
Heck, you could also just take everyone off the line going out and test with a single machine. Take a laptop and plug straight into the router with nothing behind you and see if it is happening. Configure your laptop for TW's DNS servers and narrow it down. If the problem is still there, then take the Router out of the loop, and plug directly into the CSU/DSU, configuring your laptop with all the external configurations (public IP, Gateway, etc..).. Now, if it is still happening, you know it is Time Warner. Nothing they could say then, eh? :)
FE
Heck, you could also just take everyone off the line going out and test with a single machine. Take a laptop and plug straight into the router with nothing behind you and see if it is happening. Configure your laptop for TW's DNS servers and narrow it down. If the problem is still there, then take the Router out of the loop, and plug directly into the CSU/DSU, configuring your laptop with all the external configurations (public IP, Gateway, etc..).. Now, if it is still happening, you know it is Time Warner. Nothing they could say then, eh? :)
FE
ASKER
We never did solve this issue but we are starting to look into the ISP.
Yes, like I mentioned above, that is my thinking also...
ASKER
OK WE FIXED THIS. I have found out that our IS gave us 168.215.X.X address. They must have used a Class C subnet mask. On the router I put in a Class B subnet and it worked but very slow. Once I put in the class C subnet mask everything got fast again.
Brad
Brad
*grin* just goes to show how important the mask is...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Server 1 win2000, ad, dns, gc points to itself for dns
Server 2 win2003, ad, dns, points to server 1 for dns
clients primary dns server 1, secondary dns server 2
If we verify dns is setup correctly, then I would say to call the actual line provider instead of the isp.