Solved

Sonicwall Pro 2040 DSN problems.

Posted on 2009-04-03
3
787 Views
Last Modified: 2012-05-06
having an issue with Sonicwall 2040 and I belivev it's a DNS issue, just not sure how to approach the problem. I have one Sonicwall 2040, a bonded T1 and a DSL line as a fail over. On each interface I have configured all the ISP supplied info (ip, subnet and DNS info)  and the lines are working fine. I have the fail over as a percentage-based and it all seems to work fine. The problem is that the DNS inquires are timing out when the user is on the DSL interface. If I do a dnslookup (Google, yahoo, cnn.com  etc) they time out and I am forced to place the fail over on a basic active/passive fail over (no load balancing) so that the DNS inquires do not time out. The DNS server we use is a 2k AD server. I have the DNS of both ISPs in the  forward tab in the DNS properties. It seems that when the users is on the DSL line, dns is very slow and often their web sites will time waiting for the DNS. If they are on the main T1 line, websites come up no problem.
0
Comment
Question by:tjguy
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24062739
I think you need to establish if this is a problem with the DSL service it self (i.e. if you connect a PC to the LAN side of the DSL router directly, not through the Sonic, with the DSL router as Default Gateway, and the DSL ISP's DNS settings, and test out some pings, does it also demonstrate the same symptoms?

If so, then your problem is with the ISP, I'm afraid.Do they have more than one DNS server?

If not, it could be that the Sonic is sending the DNS requests, and also your USERS sending THEIR DNS requests, to the WRONG DNS server. Most ISPs will these days configure their dNS server to answer queries ONLY from their own users, so if the Sonic or a user sends a request for info to the T1 ISP's DNS server via the DSL line, the T1DNS will ignore the request (which will appear to time out).

I suggest that you tell the Sonicwall and your DHCP server (and, thereby, your workstations) to refer ALL dns queries to your internal DNS server, and that you do NOT set any "forwarders" on the 2k DNS server. If the DNS server is running in "full" mode (i.e. with no Forwarders set) it will always do a recursive lookup to the root name servers (which will answer) instead of trying to hand-off the query to one of the ISP servers (which may not answer if it's asking the wrong one).  Moreover, your 2k DNS server will cache a lot of DNS data which will save lots of looking up time for frequently visited sites.

0
 
LVL 1

Author Comment

by:tjguy
ID: 24064168
I agree with you on why the DNS is taken to long in reguards to the DNS request being sent to the wrong server. IAfter placing the 2k AD server to full mode, it worked with no time outs. I verified that the workstation I was at, was using the DSL line. The DHCP was already set to look at the AD server for DNS request. So by placing the DNS to full mode seemed to do the trick. Thanks for the repsonse
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24071698
IF by "full mode" you mean "not using a Forwarder", I think the problem will have been taht if you set up the ISP's DNS as Forwarder, the DNS server can't tell which WAN line the Sonicwall will use, so it'll be often as not forwarding a request to ISP1's DNS server but the Sonicwall will send that packet out via WAN2 - not only is that a long route to ISP1's DNS, but ISP1's DNS will refuse to answer the request because it has not come from an ISP1 customer, but from an ISP2 customer.

By turning off Forwarding you are removing your depednance on either ISP for DNS resolution. If you *have* your own DNS server and can use it in full recursive mode that's always going to be fastest!

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Resolve DNS query failed errors for Exchange
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question