Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

DNS tips?

Hi

i have 2dc's set up within the lan, both act as dns servers,  but i cant help but feel that our web connection is still  a little sluggish

within both dc's i have setup our firewall as a forwarder as i was getting slow response times, and i have also setup dc a as a forwarder in dc b and vice versa

can anyone give me any tips or pointer s that i may be ignoring?
0
meteorelec
Asked:
meteorelec
  • 4
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Remove the forwarders between DCs:

DC A -> DC B
DC B -> DC A

What you have there is a cyclic forwarder, neither server is able to deal with response, they just bounce it between each other until it times out.

Either forward to your router, or to your ISP, or use Root Hints. If you suffer performance issues using Forwarders, try using Root Hints (remove all Forwarders) and test performance. If that makes it nice and fast, either find new servers to Forward to or stick with Root Hints.

Chris
0
 
meteorelecAuthor Commented:
hi Chris

i meant to look into root hints.. what exactly is this doing?

mal
0
 
Chris DentPowerShell DeveloperCommented:

If you use Root Hints your server does all the work like this:

a. Client asks your server for www.domain.com
b. Server looks at Root Hints and asks one for www.domain.com
c. Root returns "don't know, try servers for com" (returns NS records for com)
d. Sever asks com for www.domain.com
e. com returns "don't know, about www, ask servers for domain.com" (returns NS records for domain.com)
f. Server asks domain.com for www.domain.com and gets answer
g. Server returns answer to client

Where if you use Forwards it goes more like this:

a. Client asks server for www.domain.com
b. Server asks Forwarder for www.domain.com
c. Forwarder replies answer for www.domain.com
d. Server returns answer to client

With the Forwarder it does all the work with Root Hints. There are a couple of advantages to be had with that:

1. The Forwarder is likely to have more in memory and can respond more quickly (a Performance gain)
2. Your server only needs to talk to the Forwarder, rather than everything (a Security gain)

The disadvantages are:

1. You are reliant on the organisation who manage the Forwarder (they might change something)
2. You cannot control the contents of your servers cache (your cache will follow the Forwarders cache)

Chris
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
meteorelecAuthor Commented:
ok understand,

so now i have the ip of the router as a forwarder in each DC, which i do because the isp dns ip's are specified here, should i simply add the isp ips as forwarders?
0
 
Chris DentPowerShell DeveloperCommented:

I would certainly give it a try. Chances are all your router is doing is forwarding to the DNS servers it has been given by the ISP anyway. If you forward directly to them you take one DNS server out of the path.

Chris
0
 
meteorelecAuthor Commented:
looks better any how ! as the ip's resolve to a FQDN where as the router couldnt

and over time - do the dc's build up there own records from the dns forwarders?
0
 
Chris DentPowerShell DeveloperCommented:

Yes, but it's based on what they're given by the Forwarder (of course). You can see it if you select View, Advanced in the DNS Console. Then you can expand the "Cached Lookups" folder, that's everything your server has had to lookup for your clients.

The data in the cache will only be there as long as the Time To Live value for the record says. When using a Forwarder you inherit the remaining TTL from there, essentially you and the Forwarder will have to ask for a new copy of the record at the same time.

Chris
0
 
meteorelecAuthor Commented:
thanks for the info Chris,


cheers

mal
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now