?
Solved

DNS resolution problem?

Posted on 2006-04-25
18
Medium Priority
?
433 Views
Last Modified: 2012-08-14
Hello, Im having some trouble when users view webpages.

When they try to access a webpage for the first time, it takes quite a few secs to open. Once they are in, it goes smooth (2 load balancing T1s). All te users go through the ISA server, but I dont think thats where the problem lies, since once they are in, it is fine. My ISP indicates that it could be high network traffic, but even when there are no people working, the problem persists.

The external DNS Im using belongs to the ISP. I have configured my DNS to forward DNS requests to the ISPs DNS (in DNS Mgmt. properties -> forwarders). I have also added the external DNSs to the external network card of the ISA 2000 server. Is there anywhere else it should be configured?

All my internal clients have my internal DNS set up in their IP Configuration.

Also, for some reason, I cannot see the ISPs page. I can see all other pages (resolving slowly, but I can). I configured a regular computer with an external IP and it works fine, even seeing the ISPs page.

Any info would be greatly appreciated.

If you request any more info, please post and I will post again.

Thanks.
0
Comment
Question by:Nauj
  • 8
  • 4
  • 2
  • +4
18 Comments
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 150 total points
ID: 16535850
Are all webpages slow for the first time or just a few?  I have seen sometimes where the auto-detect proxy settings in IE can really slow things down. It does a search when you first use IE for proxy settings but after it doesn't find one then it will go straight out and you don't see the delay.

You might look into that
0
 

Author Comment

by:Nauj
ID: 16536067
Its pretty much slow for all webpages that havent been viewed recently.
0
 
LVL 12

Expert Comment

by:Craig_200X
ID: 16536092
I would also make sure that these users have cleared the cache on that machine. I have seen IE cause probs like this.. also if there are toolbar search engines like yahoo. uninstall them. they can cause weird issues.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:Nauj
ID: 16536197
Tried clearing the cache in my computer, along with all other offline ontent and history and still persists.
0
 
LVL 9

Assisted Solution

by:cooledit
cooledit earned 450 total points
ID: 16536214
hi, there

So the ISP DNS servers should only be on the NIC that connects to the ISP no where else.
So on the internal NIC on the DNS server it should point to itself...

ISP NIC 1-2 DNS entries for ISP
Internal NIC point to internal DNS server....

Client's DHCP or static IP point to internal DNS server.

you can check the DNS by:

DOS Prompt:

Nslookup "enter" you are now on your internal DNS
try like www.google.ie

you can also try
after nslookup "enter"
type "server" and then either enter the name or the IP from your ISP
now you are directly on the ISP DNS and you can try to see if the addresses gets resolved.

Cooledit
0
 
LVL 5

Assisted Solution

by:The_IT_Garage
The_IT_Garage earned 150 total points
ID: 16536230
Manually set one internal client to use 4.2.2.5 and 4.2.2.6 as a DNS addres and see if Web browsing performace improves. (If it does, this isn't the fix only a troubleshooting step).

Does your internal DNS server point to itself in the NIC properties of that server?
0
 

Author Comment

by:Nauj
ID: 16536724
Heres what I got form the nslookup

C:\>nslookup
Default Server:  (internal server)
Address: (Primary internal DNS address)

> ea.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out
> google.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out
www.google.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out

> server (ISPs DNS IP address)
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

> ea.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

Non-authoritative answer:
Name:    ea.com
Address:  159.153.235.27

> google.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  72.14.207.99, 64.233.187.99, 64.233.167.99

www.google.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  72.14.203.99, 72.14.203.104
Aliases:  www.google.com

Using the ISPs DNS server it seemed to work fine. . .however with my internal one, it timed out requests.

I tried using those addresses as my own computers DNS and it still seemed to perform slowly.

Yes, my DNS server points to itself as the DNS server.
My ISA internal NIC points to my Internal DNSs.
My ISA external NIC points to my ISPs DNSs.
0
 
LVL 12

Accepted Solution

by:
Craig_200X earned 450 total points
ID: 16536877
do you have your ISP's dns server listed on the forwarders tab on YOUR dns server properties??? if not then public DNS queries will not reach a public DNS server and they won't be resolved.

If the nslookup queries dont return promptly then your problem is with dns.
0
 

Author Comment

by:Nauj
ID: 16536973
Yes, my ISPs DNS is listed in the forwarders tab on both my internal DNS servers.
0
 

Author Comment

by:Nauj
ID: 16537039
A thing I noticed is that when I try to do a nslookup on a page (like yahoo.com) if it doesnt respond, I exit nslookup and ping it, wait for the response (takes a bit), then go back to NS lookup and itll respond fine (probably because of the cache).
0
 
LVL 1

Assisted Solution

by:ASILVA0421
ASILVA0421 earned 150 total points
ID: 16539235
It sounds like your ISP is having DNS problems....try these for sh*ts and giggles:

Primary DNS 168.215.210.50
Secondary DNS 207.170.210.162

These are from Time Warner in Phx Az. or use someone’s else that are local....

AS.
0
 
LVL 12

Expert Comment

by:Craig_200X
ID: 16539322
or verizons

4.2.2.1-6
0
 
LVL 8

Assisted Solution

by:rjwesley
rjwesley earned 150 total points
ID: 16539542
On the ISA Server (example)

Internal NIC
192.168.0.10 IP
255.255.255.0 Subnet Mask
No GATEWAY (important)
DNS
192.168.0.2 (your dns server)

EXTERNAL NIC
66.165.x.x WAN IP
255.255.255.248 WAN Subnet Mask
66.165.x.x (WAN Gateway)
DNS
192.168.0.10 (IP of internal NIC)

DNS Forwarding already set up



0
 
LVL 8

Expert Comment

by:rjwesley
ID: 16539631
Questions:

Which client are you using SecureNAT/Firewall/Web Proxy?

Is your ISA not a DC?
0
 

Author Comment

by:Nauj
ID: 16543388
Should I try adding those DNSs to the forwarders list as well as changing them in the external ISA NIC?

rjwesley:
The only difference I see is that on the external NIC you set up the DNS as the server's internal address. I have my ISPs DNS there. Does it need to be that way? (My setup was working fine a couple of weeks ago though)

Some users have ISAs Firewall client, otherwise, no client at all (they have the proxy configured in IE for Internet Access) and no, ISA is not a DC.
0
 
LVL 12

Assisted Solution

by:Craig_200X
Craig_200X earned 450 total points
ID: 16544101
"Should I try adding those DNSs to the forwarders list as well as changing them in the external ISA NIC?"

this would be to confirm the ISP dns is intermittantly slow.

I believe the external nic dns should have the isp dns not the internal nic ip
0
 

Author Comment

by:Nauj
ID: 16545223
Ive performed different tests, and Ive found out it is probably due to some routing problem. I remote desktop to the ISA itself and try to ping the ISPs DNS and I get: Destination Host Unreachable. The ISP changed DNSs not too long ago. Getting the ISA itself to ping the external DNS will likely solve the issue. My guess is it went to the root servers to find addresses correct?
0
 

Author Comment

by:Nauj
ID: 16546435
I found out what it is. The ISA had 3 different IPs and each had 3 different Subnets (BIG mistake). I put the correct one on the 2 that were incorrect and I could start pinging the ISPs DNS as well as being able to browse their website. It still seems a bit slow, but it is resolving much quicker.

I will split the points b/n members who participated in helping me out.

Thanks all for your contributions, you all helped me in pointing me in the right direction to solving my problem.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question