Solved

Slow DNS resolution of internet websites

Posted on 2006-10-30
10
217 Views
Last Modified: 2010-04-18
Hello All,

I have a bit of an issue with DNS and I am about to add a second domain controller and want to get this worked out ahead of time.  I will first explain the issue, and then give you as much detail as possible.

Currently there is 1 windows 2003 domain controller in this small network (25 users total) I have added the second server that will become the additional domain controller but at this point it is just a member server on the domain, no AD roles active on it.

My clients on the network, and DC included are experiencing slow internet access.  I test it and it is a  clear pause from when you make a request, it pauses, then after several seconds it comes down very fast.

I have thought it is a DNS issue, so on the member server I added, I had it get it's address through DHCP and it received the following (some blocked out for security purposes)

Windows IP Configuration



   Host Name . . . . . . . . . . . . : AddServer-02
   Primary Dns Suffix  . . . . . . . : xxxxxxxx.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxxxxxxx.local

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . : xxxxxxxx.local
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-15-C5-E8-4E-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 192.168.1.187
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.3
   DNS Servers . . . . . . . . . . . : 192.168.1.3  (these are the current DC's addresses)
                                              192.168.1.4
   Primary WINS Server . . . . . . . : 192.168.1.3
   Lease Obtained. . . . . . . . . . : Monday, October 30, 2006 10:03:17 AM
   Lease Expires . . . . . . . . . . : Sunday, January 28, 2007 10:03:17 AM


When I have that website come up very slow, now if I just take the DNS server part and disable the DHCP for it and set it to:
207.173.224.3
206.13.31.12

Which are our ISP dns servers then everything is great, very fast, instant, as it should be.

My quesiton is should these addresses be configured somewhere in the existing DNS in Active Directory?  It seems like it looks all around locally for the site, then queries root hint servers, or something else?   I need to figure out when the resolution of external site is so sloooww  for the current AD environment.

Thanks

Bill
0
Comment
Question by:CRNorthAmerica
  • 6
  • 4
10 Comments
 
LVL 10

Expert Comment

by:Chris_Gralike
Comment Utility
Do you use dns forwarding on your DNS server? or do you rely on the root hints, and is cashing enabled?
0
 

Author Comment

by:CRNorthAmerica
Comment Utility
Where in the DNS information do I look for forwarding?  I know if you don't have forwarding then it automatically looks at root hints.  Yes, caching is enabled.
0
 

Author Comment

by:CRNorthAmerica
Comment Utility
yes forwarders are turned on for "all other dns domains" and it is set to the dns servers that I showed above
0
 
LVL 10

Expert Comment

by:Chris_Gralike
Comment Utility
The forwarder should actually point toward an internet dns server.

All zones ie; .google.com. (forward lookup)
All IP addresses not part of your network (in-addr-arpa)
are forwarded to the dns server(s) in the forwarding list...

Use the dns server of your internet provider as the forwarding address

regards,
0
 
LVL 10

Accepted Solution

by:
Chris_Gralike earned 125 total points
Comment Utility
All zones ie; .google.com. (forward lookup) not part of your domain zone (mydomain.local)

typo ;)
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:CRNorthAmerica
Comment Utility
That is what I have -

In DNS Domain: (of the forwarders tab)
All Other DNS domains

and they forward to the IP's of the DNS server from the ISP
0
 

Author Comment

by:CRNorthAmerica
Comment Utility
looks like there was a typo in the forwarders that a previous person had in there. Thanks Buddy!
0
 
LVL 10

Expert Comment

by:Chris_Gralike
Comment Utility
okey try this,

go to the command prompt of any client,

Start > Execute > cmd.exe [enter]

ipconfig /flushdns [enter]   (dont do this on a server! but a client)

nslookup [enter]
>set debug [enter]
>server (inet dns ip or name) [enter]
>google.com [enter]

and see what happens in the query ;) and post that info if it doesnt make sense :D

Regards,
0
 
LVL 10

Expert Comment

by:Chris_Gralike
Comment Utility
ps do the same against your dns server...

Regards,
0
 
LVL 10

Expert Comment

by:Chris_Gralike
Comment Utility
Well it looks like you solved the problem yourself, that wasnt me :P

Happy it works :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now