Link to home
Start Free TrialLog in
Avatar of Nauj
Nauj

asked on

DNS resolution problem?

Hello, Im having some trouble when users view webpages.

When they try to access a webpage for the first time, it takes quite a few secs to open. Once they are in, it goes smooth (2 load balancing T1s). All te users go through the ISA server, but I dont think thats where the problem lies, since once they are in, it is fine. My ISP indicates that it could be high network traffic, but even when there are no people working, the problem persists.

The external DNS Im using belongs to the ISP. I have configured my DNS to forward DNS requests to the ISPs DNS (in DNS Mgmt. properties -> forwarders). I have also added the external DNSs to the external network card of the ISA 2000 server. Is there anywhere else it should be configured?

All my internal clients have my internal DNS set up in their IP Configuration.

Also, for some reason, I cannot see the ISPs page. I can see all other pages (resolving slowly, but I can). I configured a regular computer with an external IP and it works fine, even seeing the ISPs page.

Any info would be greatly appreciated.

If you request any more info, please post and I will post again.

Thanks.
SOLUTION
Avatar of brwwiggins
brwwiggins
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nauj
Nauj

ASKER

Its pretty much slow for all webpages that havent been viewed recently.
I would also make sure that these users have cleared the cache on that machine. I have seen IE cause probs like this.. also if there are toolbar search engines like yahoo. uninstall them. they can cause weird issues.
Avatar of Nauj

ASKER

Tried clearing the cache in my computer, along with all other offline ontent and history and still persists.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nauj

ASKER

Heres what I got form the nslookup

C:\>nslookup
Default Server:  (internal server)
Address: (Primary internal DNS address)

> ea.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out
> google.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out
www.google.com
Server:  (internal server)
Address:  (Primary internal DNS address)

DNS request timed out.
    timeout was 2 seconds.
*** Request to (internal server) timed-out

> server (ISPs DNS IP address)
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

> ea.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

Non-authoritative answer:
Name:    ea.com
Address:  159.153.235.27

> google.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  72.14.207.99, 64.233.187.99, 64.233.167.99

www.google.com
Server:  [(ISPs DNS IP address)]
Address:  (ISPs DNS IP address)

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  72.14.203.99, 72.14.203.104
Aliases:  www.google.com

Using the ISPs DNS server it seemed to work fine. . .however with my internal one, it timed out requests.

I tried using those addresses as my own computers DNS and it still seemed to perform slowly.

Yes, my DNS server points to itself as the DNS server.
My ISA internal NIC points to my Internal DNSs.
My ISA external NIC points to my ISPs DNSs.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nauj

ASKER

Yes, my ISPs DNS is listed in the forwarders tab on both my internal DNS servers.
Avatar of Nauj

ASKER

A thing I noticed is that when I try to do a nslookup on a page (like yahoo.com) if it doesnt respond, I exit nslookup and ping it, wait for the response (takes a bit), then go back to NS lookup and itll respond fine (probably because of the cache).
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
or verizons

4.2.2.1-6
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Questions:

Which client are you using SecureNAT/Firewall/Web Proxy?

Is your ISA not a DC?
Avatar of Nauj

ASKER

Should I try adding those DNSs to the forwarders list as well as changing them in the external ISA NIC?

rjwesley:
The only difference I see is that on the external NIC you set up the DNS as the server's internal address. I have my ISPs DNS there. Does it need to be that way? (My setup was working fine a couple of weeks ago though)

Some users have ISAs Firewall client, otherwise, no client at all (they have the proxy configured in IE for Internet Access) and no, ISA is not a DC.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nauj

ASKER

Ive performed different tests, and Ive found out it is probably due to some routing problem. I remote desktop to the ISA itself and try to ping the ISPs DNS and I get: Destination Host Unreachable. The ISP changed DNSs not too long ago. Getting the ISA itself to ping the external DNS will likely solve the issue. My guess is it went to the root servers to find addresses correct?
Avatar of Nauj

ASKER

I found out what it is. The ISA had 3 different IPs and each had 3 different Subnets (BIG mistake). I put the correct one on the 2 that were incorrect and I could start pinging the ISPs DNS as well as being able to browse their website. It still seems a bit slow, but it is resolving much quicker.

I will split the points b/n members who participated in helping me out.

Thanks all for your contributions, you all helped me in pointing me in the right direction to solving my problem.