Solved

Sonicwall Pro 2040 DSN problems.

Posted on 2009-04-03
3
789 Views
Last Modified: 2012-05-06
having an issue with Sonicwall 2040 and I belivev it's a DNS issue, just not sure how to approach the problem. I have one Sonicwall 2040, a bonded T1 and a DSL line as a fail over. On each interface I have configured all the ISP supplied info (ip, subnet and DNS info)  and the lines are working fine. I have the fail over as a percentage-based and it all seems to work fine. The problem is that the DNS inquires are timing out when the user is on the DSL interface. If I do a dnslookup (Google, yahoo, cnn.com  etc) they time out and I am forced to place the fail over on a basic active/passive fail over (no load balancing) so that the DNS inquires do not time out. The DNS server we use is a 2k AD server. I have the DNS of both ISPs in the  forward tab in the DNS properties. It seems that when the users is on the DSL line, dns is very slow and often their web sites will time waiting for the DNS. If they are on the main T1 line, websites come up no problem.
0
Comment
Question by:tjguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 24062739
I think you need to establish if this is a problem with the DSL service it self (i.e. if you connect a PC to the LAN side of the DSL router directly, not through the Sonic, with the DSL router as Default Gateway, and the DSL ISP's DNS settings, and test out some pings, does it also demonstrate the same symptoms?

If so, then your problem is with the ISP, I'm afraid.Do they have more than one DNS server?

If not, it could be that the Sonic is sending the DNS requests, and also your USERS sending THEIR DNS requests, to the WRONG DNS server. Most ISPs will these days configure their dNS server to answer queries ONLY from their own users, so if the Sonic or a user sends a request for info to the T1 ISP's DNS server via the DSL line, the T1DNS will ignore the request (which will appear to time out).

I suggest that you tell the Sonicwall and your DHCP server (and, thereby, your workstations) to refer ALL dns queries to your internal DNS server, and that you do NOT set any "forwarders" on the 2k DNS server. If the DNS server is running in "full" mode (i.e. with no Forwarders set) it will always do a recursive lookup to the root name servers (which will answer) instead of trying to hand-off the query to one of the ISP servers (which may not answer if it's asking the wrong one).  Moreover, your 2k DNS server will cache a lot of DNS data which will save lots of looking up time for frequently visited sites.

0
 
LVL 1

Author Comment

by:tjguy
ID: 24064168
I agree with you on why the DNS is taken to long in reguards to the DNS request being sent to the wrong server. IAfter placing the 2k AD server to full mode, it worked with no time outs. I verified that the workstation I was at, was using the DSL line. The DHCP was already set to look at the AD server for DNS request. So by placing the DNS to full mode seemed to do the trick. Thanks for the repsonse
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24071698
IF by "full mode" you mean "not using a Forwarder", I think the problem will have been taht if you set up the ISP's DNS as Forwarder, the DNS server can't tell which WAN line the Sonicwall will use, so it'll be often as not forwarding a request to ISP1's DNS server but the Sonicwall will send that packet out via WAN2 - not only is that a long route to ISP1's DNS, but ISP1's DNS will refuse to answer the request because it has not come from an ISP1 customer, but from an ISP2 customer.

By turning off Forwarding you are removing your depednance on either ISP for DNS resolution. If you *have* your own DNS server and can use it in full recursive mode that's always going to be fastest!

0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question