Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


DC is slow to respond

Posted on 2009-12-18
Medium Priority
Last Modified: 2014-12-18
I just setup a new DC (Server 2008 R2) and File server in a branch office.  I also setup DFS for the file structure and was noticing that the namespace was sluggish to respond.  I then did some ping tests on the server in several ways and my results are below.  

Ping domain.local - Takes 4 sec before the responses start to show up.  But when they do, they are under 1ms.  

ping Server Name - responses show up immediately are are under 1ms.

Ping Server IP - responses show up immediately are are under 1ms.

I would greatly appreciate any help you can give.

Question by:ITPro44
  • 4
  • 2
  • 2
  • +3
LVL 11

Expert Comment

ID: 26083970
Run nslookup and query the domain name to see where the response comes from.

Author Comment

ID: 26084052
Hey enrique,

The response seems to be coming from the correct server.  the nslookup appears immediately as well.  One odd things... the odd thing is that where is lists Address's, my laptop address shows up.  Is this normal?

Addresses:  (local DC)
  (main office DC)
  (my laptop address)
  (another branch office DC)

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\cscharf>nslookup sec.local
Server:  server6.sec.local

Name:    sec.local

C:\Users\cscharf>ping sec.local

Pinging sec.local [] with 32 bytes of data:
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

LVL 31

Accepted Solution

Henrik Johansson earned 1000 total points
ID: 26085127
No, domain name shall only resolve to DCs, so remove the incorrect IP address.

If not done, enabl aging/scavenging on the DNS server/zone to get rid of old orphan data in dynamic DNS zones.
Enable aging: Zone properties -> Aging
Enable automatic scavenging: Server properties -> Advanced -> Enable automatic scavenging
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 24

Expert Comment

ID: 26086767
Did you verify order of dns server is set correctly into primary & secondary dns?

Also, verify correct subnet has been mapped to respective site into ADSS.
Please set primary dns server to FSMO role holder dc & secondary to itself to remove race condition.

As Henjoh09 said,enable aging & scavenging at zone level as well as server level. This removes stale records for dns.

Remove the host name of your laptop from dns server & create it again.
Run ipconfig /flushdns & ipconfig /registerdns

Try updating NIC driver of your laptop.
You can run below cmd on run to repair winsock of your laptop.

netsh winsock reset


LVL 39

Assisted Solution

ChiefIT earned 1000 total points
ID: 26087873
A slow ping response on domain.local. is a missing or hard to find HOST A record within DNS. Since there is NO actual HOST A record in DNS for domain.local, and there is for servername.domain.local. It might take a few seconds to find the "same as host" Host A record in the fwd lookup zone.

Go to your client machine that you are pinging from. look at the preferred DNS server. now go to THAT server and see if you have any problems with the HOST A called "same as host". You might actually have DNS metadata of a server that no longer exists with a same as host record.
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26088036
Ensure that the client doesn't have any external DNS server listed in the TCP/IP settings (ipconfig/all). Never use external DNS servers for direct resolving on any internal client. It doesn't matter if it's added as alternate DNS server, it will sometimes query the external DNS server without able to resolve the internal resource. Instead, configure the internal DNS server to use forwarders to forward unresolved queries to ISP's DNS servers.

Author Comment

ID: 26106942
Hey everyone, thanks for all your comments.  I traveled back from Denver, where I put in the new server, over the weekend then got sick and now I'm finally back at it.  

So I looked at the domain.local forward lookup zone.  I had a HOST A record with the name (same as parent folder)  with the IP address of  However, that IP address wasn't even mine, I was mistaken, it was someone else's  laptop.  I have no idea how it got in there as a (same as parent folder) item.  I have manually deleted this record on all DNS servers.    

I have a sneaky suspicion this may have been causing problems that I have experienced in the past with users who find it slow to browse the DFS namespace via mapped drive.  

ChiefIT, when you refer to the "same as host" Host A record, is that the same as "same as parent folder"?  I did not see any entries listed as "same as host"
LVL 39

Expert Comment

ID: 26107537
My mistake, I meant the same as parent. When using Ping, it queries the records in your FWD lookup zone. Whether that is your Host A, CNAME, or same as parent, depends upon what you ping.

Your slowness in browsing Distributive File Shares is caused by a netbios problem usually, not necessarily DNS.

Nevertheless, you should fix the Same As Parent DNS record. After that is fixed, what problems remain?

Author Comment

ID: 26132025
That solved the majority of the problems I was having.  I appreciate everyones help.  The DFS issue is intermittent on several users so time will ultimately tell if it fixed that or not.

Author Closing Comment

ID: 31667932
Thanks again for all your help!

Expert Comment

ID: 40507299
I had the same exact problem and discovered that it was Apple Bonjour.  I uninstalled it, and the problem cleared up.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question