Solved

Sonicwall Pro 2040 DSN problems.

Posted on 2009-04-03
3
785 Views
Last Modified: 2012-05-06
having an issue with Sonicwall 2040 and I belivev it's a DNS issue, just not sure how to approach the problem. I have one Sonicwall 2040, a bonded T1 and a DSL line as a fail over. On each interface I have configured all the ISP supplied info (ip, subnet and DNS info)  and the lines are working fine. I have the fail over as a percentage-based and it all seems to work fine. The problem is that the DNS inquires are timing out when the user is on the DSL interface. If I do a dnslookup (Google, yahoo, cnn.com  etc) they time out and I am forced to place the fail over on a basic active/passive fail over (no load balancing) so that the DNS inquires do not time out. The DNS server we use is a 2k AD server. I have the DNS of both ISPs in the  forward tab in the DNS properties. It seems that when the users is on the DSL line, dns is very slow and often their web sites will time waiting for the DNS. If they are on the main T1 line, websites come up no problem.
0
Comment
Question by:tjguy
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
Comment Utility
I think you need to establish if this is a problem with the DSL service it self (i.e. if you connect a PC to the LAN side of the DSL router directly, not through the Sonic, with the DSL router as Default Gateway, and the DSL ISP's DNS settings, and test out some pings, does it also demonstrate the same symptoms?

If so, then your problem is with the ISP, I'm afraid.Do they have more than one DNS server?

If not, it could be that the Sonic is sending the DNS requests, and also your USERS sending THEIR DNS requests, to the WRONG DNS server. Most ISPs will these days configure their dNS server to answer queries ONLY from their own users, so if the Sonic or a user sends a request for info to the T1 ISP's DNS server via the DSL line, the T1DNS will ignore the request (which will appear to time out).

I suggest that you tell the Sonicwall and your DHCP server (and, thereby, your workstations) to refer ALL dns queries to your internal DNS server, and that you do NOT set any "forwarders" on the 2k DNS server. If the DNS server is running in "full" mode (i.e. with no Forwarders set) it will always do a recursive lookup to the root name servers (which will answer) instead of trying to hand-off the query to one of the ISP servers (which may not answer if it's asking the wrong one).  Moreover, your 2k DNS server will cache a lot of DNS data which will save lots of looking up time for frequently visited sites.

0
 
LVL 1

Author Comment

by:tjguy
Comment Utility
I agree with you on why the DNS is taken to long in reguards to the DNS request being sent to the wrong server. IAfter placing the 2k AD server to full mode, it worked with no time outs. I verified that the workstation I was at, was using the DSL line. The DHCP was already set to look at the AD server for DNS request. So by placing the DNS to full mode seemed to do the trick. Thanks for the repsonse
0
 
LVL 16

Expert Comment

by:ccomley
Comment Utility
IF by "full mode" you mean "not using a Forwarder", I think the problem will have been taht if you set up the ISP's DNS as Forwarder, the DNS server can't tell which WAN line the Sonicwall will use, so it'll be often as not forwarding a request to ISP1's DNS server but the Sonicwall will send that packet out via WAN2 - not only is that a long route to ISP1's DNS, but ISP1's DNS will refuse to answer the request because it has not come from an ISP1 customer, but from an ISP2 customer.

By turning off Forwarding you are removing your depednance on either ISP for DNS resolution. If you *have* your own DNS server and can use it in full recursive mode that's always going to be fastest!

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now