[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS

Posted on 2006-04-25
20
Medium Priority
?
785 Views
Last Modified: 2010-03-19
Hi We have just set up a new server 2003  system  and we were advised to use our router  for DNS but we think that this is causing all the windows xp machines to run slow as thay are all running really slow when browsing the network and starting up. would it be better to use the server for DNS to help speed the xp machines up?.
0
Comment
Question by:doddwell
  • 5
  • 4
  • 3
  • +4
20 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16534618
The server should be used for DNS as it is used to find resources on the domain assuming you are running Active Directory.  You could still use the router to give out DHCP addresses if you wish as long as it hands out the DNS pointing at your server.  

Personally I would run DHCP and DNS on the Windows 2003 box and leave the router to do routing.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 16534621
The DNS on your server should then point at your router or ISP DNS servers as forwarder.

Steve
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16534623

Yes, absolutely. I take it that you have an Active Directory Domain along with that? It would explain all the problems with slow startups and such.

The DNS running on your server is, by default, capable of finding out about hosts on the Internet so nothing really needs to be changed there unless you want to add things.

HTH

Chris
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 1

Expert Comment

by:nickhills
ID: 16534669
as dragon-it suggests this is far better than using your router for dns.

if you really want to you can configure the serve DNS to actually perform lookups via your router, but without an AD DNS server you will have real problems, speed being the least of them
:)

forget what you were advised, and listen to the man above!
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 600 total points
ID: 16534892
DNS as stated should definately be configured on the server as stated by others. To be more specific:

Assuming you have completed the server installation, installed Active Directory, and joined the workstations to the Domain, make sure DNS is configured as follows, assuming a single network adapter:
-The server's NIC should be configured with a static IP, the Internet router as the gateway, and only the server itself as the DNS server. Do not use an ISP DNS server here
-Each workstation should be configured using DHCP (obtain and IP address and DNS automatically) or if configured with static addresses; a static IP in the same subnet as the server, same subnet mask as the server, the gateway pointing to your Internet router, and the DNS server pointing ONLY to the server/domain controller. Again do not put an ISP's DNS server here
-In the DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers
-If the workstations are using DHCP, open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add the Internet router's IP in #003 router and the server's IP in #006 DNS Servers
-You really should enable DHCP on the server and disable on the router. Enabling DHCP on the server allows for dynamic updates to DNS

This should help with the slow logons. If you have the ISP's DNS's anywhere in the NIC's, the workstations will often go to the Internet to try to resolve names and cause them to "hang".
Also where you have been having problems, on the workstations that have been having problems you should clear the DNS cache by entering at a command line  IPConfig  /flushdns
0
 

Author Comment

by:doddwell
ID: 16534894
I assume i have to setup DNS on the server to look at the ISP. can you let me know how to do this please?

Thanks
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16534927
>>" assume i have to setup DNS on the server to look at the ISP. can you let me know how to do this please?"
Using Forwarders as above.
0
 
LVL 1

Expert Comment

by:nickhills
ID: 16535015
or even not bother - the Microsoft DNS server will obtain the root hints from the root servers, and resolve addresses without having to use your ISP's servers at all.

you may however be obligated to use your ISPs servers, in which case RobWill's note on forwarders stands.

regards,
Nick
0
 

Author Comment

by:doddwell
ID: 16535315
I have done as you suggested (RobWill). everything works fine thanks .Except I can't access our website I can access all others, the website is hosted externally any ideas
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16535752
By; "the website is hosted externally any ideas" do you mean an out side company like any other or on the DMZ of your router?
You could manually add an 'A' record to DNS, but if external it should resolve correctly. On a machine that cannot connect/resolve, try running at a command line:
 ipconfig  /flushdns
 ipconfig  /registerdns
then try
  nslookup  www.YourDomainName.xyz
and see if it resolves the IP.
0
 

Expert Comment

by:doranhatcher
ID: 16535871
If when installing Active Directory you named your Domain the very same name that is your registared Domain name then you will have a DNS resolution problem. You workstations will attempt to browes for the domain name 'www.yourdomain.com' on the Internet but will resolve to you server within you internal structure due to DNS pointing to the server that has the Active Directory domain listed as that's who it is. I suppose you could host your own Web on the IIS of the server and have your DNS records point to you public IP That may allow the internal empoyees to browes to your web and the rest of the world too.
0
 
LVL 9

Expert Comment

by:cooledit
ID: 16535877
hi, there

as long as you are sure on the DHCP scope that your clients only use your DNS server as the primary. No ISP dns on client pc.

be sure that only the External NIC card is the one with the ISP DNS on..... That should speed up things..

If not try the Microsoft Article regarding the Keberos TCP force...

http://support.microsoft.com/?id=244474

Cooledit
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16535939
doranhatcher, has an excellent point. What are your AD/local domain and your web domain names. Substitute characters to remain anonymous if you like. Microsoft's "best practices" recommend you name your External/web domain something like www.xyzcompany.com and the internal/local domain name as www.xyzcompany.local  That would not be easy to change at this point, and I wouldn't recommend it, but I am sure someone will have a workaround for that, if this is your situation, it is fairly common.
0
 
LVL 1

Assisted Solution

by:nickhills
nickhills earned 200 total points
ID: 16536016
or just create a a record for www that resolves to the ip address of your webserver, then when you try to resolve www.yourdomain.com it will be resolved internally internally, but resolved to the correct external ip hosting your site

regards,
Nick
0
 

Expert Comment

by:doranhatcher
ID: 16536033
depending on just how new this server build is and to amount of clients that are with in the network the easiest way I have found is to simply rebuild the domain environment by running DCPROMO and demoting the server and then once all the domain information is removed reboot and then run DCPROMO again renaming the domain in such a manner as to not have any internal browsing resolve to your server where the web is not currently hosted. When you demote the server you will loose all your users, groups, computers and policies that made up the Active Directory structure. demote the workstation to a work group recreate the users, groups and policies and rejoin the workstations and thins will be back on track.
0
 

Expert Comment

by:doranhatcher
ID: 16536066
I've never had much luck with the simple forwarding DNS record for resolution like this. Bind, DNS with Unix, works just that easy but DNS in Microsoft Active Directory hasn't been so cooperative with me on issues like these
0
 
LVL 1

Expert Comment

by:nickhills
ID: 16536279
doranhatcher-
i guess there could be problems if the webserver was using round robin dns for load balancing, but i have never had any problems using a simple staic IP, and we have done it dozens of times.

got to be worth a go hasn't it?

regards,
Nick
0
 

Author Comment

by:doddwell
ID: 16541792
-nickhills
I want to try your idea first, but im not sure how to create the record. can you please let me know how to do it.

Cheers
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 200 total points
ID: 16542004
Go into the DNS admin tool on the server drill down under your server name then right click on the domain name and choose new host.  Enter hostname as www then enter the IP address of your webserver.

To find the address of your webserver:

Go to the Start button then Run
Type cmd.exe and press OK
Type NSLOOKUP and Return
type server followed by your routers address or a DNS server at your ISP or if that fail 158.43.128.1 (a DNS server at Pipex)
type www.yourdomain.com
Note down the IP address and enter it in your new WWW host record in DNS above.
exit from Nslookup

Try it...

Steve


0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16542404
Thanks doddwell,
--Rob
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question