Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall Pro 2040 DSN problems.

Posted on 2009-04-03
3
Medium Priority
?
792 Views
Last Modified: 2012-05-06
having an issue with Sonicwall 2040 and I belivev it's a DNS issue, just not sure how to approach the problem. I have one Sonicwall 2040, a bonded T1 and a DSL line as a fail over. On each interface I have configured all the ISP supplied info (ip, subnet and DNS info)  and the lines are working fine. I have the fail over as a percentage-based and it all seems to work fine. The problem is that the DNS inquires are timing out when the user is on the DSL interface. If I do a dnslookup (Google, yahoo, cnn.com  etc) they time out and I am forced to place the fail over on a basic active/passive fail over (no load balancing) so that the DNS inquires do not time out. The DNS server we use is a 2k AD server. I have the DNS of both ISPs in the  forward tab in the DNS properties. It seems that when the users is on the DSL line, dns is very slow and often their web sites will time waiting for the DNS. If they are on the main T1 line, websites come up no problem.
0
Comment
Question by:tjguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 2000 total points
ID: 24062739
I think you need to establish if this is a problem with the DSL service it self (i.e. if you connect a PC to the LAN side of the DSL router directly, not through the Sonic, with the DSL router as Default Gateway, and the DSL ISP's DNS settings, and test out some pings, does it also demonstrate the same symptoms?

If so, then your problem is with the ISP, I'm afraid.Do they have more than one DNS server?

If not, it could be that the Sonic is sending the DNS requests, and also your USERS sending THEIR DNS requests, to the WRONG DNS server. Most ISPs will these days configure their dNS server to answer queries ONLY from their own users, so if the Sonic or a user sends a request for info to the T1 ISP's DNS server via the DSL line, the T1DNS will ignore the request (which will appear to time out).

I suggest that you tell the Sonicwall and your DHCP server (and, thereby, your workstations) to refer ALL dns queries to your internal DNS server, and that you do NOT set any "forwarders" on the 2k DNS server. If the DNS server is running in "full" mode (i.e. with no Forwarders set) it will always do a recursive lookup to the root name servers (which will answer) instead of trying to hand-off the query to one of the ISP servers (which may not answer if it's asking the wrong one).  Moreover, your 2k DNS server will cache a lot of DNS data which will save lots of looking up time for frequently visited sites.

0
 
LVL 1

Author Comment

by:tjguy
ID: 24064168
I agree with you on why the DNS is taken to long in reguards to the DNS request being sent to the wrong server. IAfter placing the 2k AD server to full mode, it worked with no time outs. I verified that the workstation I was at, was using the DSL line. The DHCP was already set to look at the AD server for DNS request. So by placing the DNS to full mode seemed to do the trick. Thanks for the repsonse
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24071698
IF by "full mode" you mean "not using a Forwarder", I think the problem will have been taht if you set up the ISP's DNS as Forwarder, the DNS server can't tell which WAN line the Sonicwall will use, so it'll be often as not forwarding a request to ISP1's DNS server but the Sonicwall will send that packet out via WAN2 - not only is that a long route to ISP1's DNS, but ISP1's DNS will refuse to answer the request because it has not come from an ISP1 customer, but from an ISP2 customer.

By turning off Forwarding you are removing your depednance on either ISP for DNS resolution. If you *have* your own DNS server and can use it in full recursive mode that's always going to be fastest!

0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question