Dns query is slow

Hi
Bellow is my network diagram

we got
(a) one Load Balancer router, where 2 isp is connected.
(b) one SBS 2003 Server which is working as Dns server and in Dns management, i am using dns forwarder IP for 2 isp
order : isp 1 : xx.xx.xx.xx , yy.yy.yy.yy
            isp2 : zz.zz.zz.zz



When i turned on both Isp :
User can brose properly. without any issue. from trafiq log i can see, users request is going through both isp1 and isp2 router

now if i turned off ISP1 router, so every trafiq is going through via isp2 router

but browsing is tooo slow ...  . There is not any ping time out. if i connect a pc directly to isp router , it can browse without any problem, but from inside of network its slow.

so what i am suspecting is :

Since i put 3 dns server address in dns forwarder ( xx and yy is the isp1, and zz.zz.zz.zz is isp2)
now when i am turning off isp1 router, there is a dns query delay ......

but when i am turning on isp1 router, since their ip address in first order , the dns query is quick.


can it be reason ??


here : SBS server can ping zz.zz.zz.zz without any problem .




Network-Problem.png
dnsquery.GIF
LVL 29
fosiul01Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sayed_maherCommented:
The reason is two parts, the first part is because you are hitting a bottle neck heading towards the 2nd ISP. The second part is because the ZZ has a slower response time then the XX and YY. When a large amount of traffic is being directed at a SLOW DNS server, the increase in millisecond delay becomes incremental. The solution:

1) Run a 64 bit enviroment LINUX BASED DNS Server (PowerDNS recommended)
2) Upgrade your ram and CPU or make sure you are running fiber connecters or gigabit networks because you will bottle neck on 10/100 if you have lots of customers
3) Make sure if you are running only 1 dns that it is a locally administered DATABASE dns and not a forwarder. Forwarders will take too long, especially during ISP peak times.

Regards.
0
fosiul01Author Commented:
The reason is two parts, the first part is because you are hitting a  bottle neck heading towards the 2nd ISP : not true, with even one user online, its same thing , so there is not any bottol neck, and as i said, if i connect the computer the isp2 router directly its works fine.

The second part is because the ZZ has a slower response time then the XX  and YY.  : not true,


2) Upgrade your ram and CPU or make sure you are running fiber  connecters or gigabit networks because you will bottle neck on 10/100 if  you have lots of customers :: not necessary, as we got very few users , and server is fully capable of handle those request


1) Run a 64 bit enviroment LINUX BASED DNS Server (PowerDNS recommended)  : disagree and  i really dont believe performance wise there is too much difference between liunx dns server and windows dns server



 Make sure if you are running only 1 dns that it is a locally  administered DATABASE dns and not a forwarder.  : local user getting dns address of the SBS server not the ip of the forwarder .

0
sayed_maherCommented:
Make sure if you are running only 1 dns that it is a locally  administered DATABASE dns and not a forwarder -> If you are running Linux based PowerDNS; what it does is it will go to the DNS server, look up the request in a Database, if the host matches an IP, it will serve it back to the computer, if not, It will go to the Internet to request the IP. This will solve a LARGE portion of your problem behind the load balancer. If you are having a problem behind the firewall and load balancer, it means that your parameters are not setup properly and they are causing a bottle neck. Very often if you have setup a certain IP range to go to ISP 1, and another IP range to go to ISP 2, when going through the firewall (especially Juniper) if the source address is supposed to go to ISP 1, and its going to ISP2, it will throw a 400 ms delay + use extra filters. Make sure of your parameters, and read about PowerDNS. Note: There is a difference between 32 bit and 64 bit architecture in performance, and there is a difference between Linux and Windows in that Linux will give you raw performance for your money + it wont hug resources, where as windows Server or any version of windows will use approximately 30% of your ram and CPU just to maintain the registry. It cannot process raw packets aswell which means that server transmissions are a a tad bit slower aswell. Also if you could update us on your firewall and load balancer, model numbers and firmware versions, that would help.

Regards.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

fosiul01Author Commented:
If you are having a problem behind the firewall and load balancer, it  means that your parameters are not setup properly and they are causing a  bottle neck. Very often if you have setup a certain IP range to go to  ISP 1, and another IP range to go to ISP 2, when going through the  firewall (especially Juniper) if the source address is supposed to go to  ISP 1, and its going to ISP2, it will throw a 400 ms delay + use extra  filters.

Ok this bit sounds interesting.


i am using IPcop as firewall and nexland as load balancer ( nexland is old product)

I agree there is some where is messed up .. but dont know where ...

note : after putting isp1 off, if i type : ping IP address of any thing, it works, only dns query is damm slow


about linux and windows performance, yes i agree, I am linux guy anyway . I got more then 10 64 bit linux server here. but i would not even think to change this dns server to linux only for dns management as this windows server is working as Exchange and domain controller

0
sayed_maherCommented:
If you could post the Model and Model # of the Load balancing router, that would be good, plus if you could paste the firewall configuration ".conf" file and of course white out any sensitive information that would help aswell. One more thing will be needed, the version of IPcop, is it the latest or the old obsolete versions?

Regards.
0
fosiul01Author Commented:
its old IPcop , not the latest one .. the truth is this problem is not new, its a old problem.. the work-way round was, we had couple of vps server. we made one of the vps server as proxy server, with that proxy + isp2 line, we can browse without any problem

but currently i am trying to fixed it permanently  ...

I dont believed its loadbalaner issue. its its passing the trafiq properly

its the ipcop issue

let me do some test more i will come back




0
fosiul01Author Commented:
this is wired is not it :

with isp2 line , if i use a outside proxy server. i can browse without any problem

but without the external proxy server, its too slow ..

how will you explain this one ???


0
sayed_maherCommented:
If you want, you can try 2 things.

1) upgrade your IPcop to the latest one which should eliminate your problem
2) paste your .conf file so that we can take a look and point out what your possible problems may be.

Regards.
0
fosiul01Author Commented:
what .conf file you are saying ??


0
sayed_maherCommented:
Its the IPcop configuration file. Its how IPcop deals with all incoming traffic and how it directs it. I am not sure what the actually file name would be.
0
fosiul01Author Commented:
hmmm no idea.. i use gui interface

i will try to find out


0
sayed_maherCommented:
Well do you have Proxy-service enabled?? If so that would be problematic with ISP2 Ip range. It would force them to use a proxy which would cause the net to be slow. You have to disable that service or make people use a proxy in order for the firewall to allow things to go smoothly. Check the following:

1) Which ranges are in GREEN
2) Is the Proxy-service enabled or disabled?

regards.
0
fosiul01Author Commented:
ok
this is not ipcop issue

this have to be something with SBS Dns server issue


Normally internal pc' getting ip from dhcp server so all those pc getting DNS server address of SBS server.

Now i have used dns server address of isp2 router instead of Dns server address of SBS server

i can browse properly, there is not any prblem

but with Dns server address of SBS server.. i can browse smoothly with isp 1 line but not isp2 line

 
0
bouguiCommented:
Hi

I think it's very easy to sove

you have a delay because you CAN'T reach your 2 first dns when ISP 1 is down

This is normail IF ISP1 protec it's DNS cache server.  You cant reach them from ISP2


Try this put google DNS public forwarder on the SBS server and you should be okay to flip from isp1 2 or both.

Google dns forwarder

8.8.8.8
8.8.4.4


Let me know
0
fosiul01Author Commented:
Hi thanks

I realized that before also another guy conferm it here

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_25851943.html?cid=1575#a30620888

We have some public facing dns server, i might put them instead of isp dns server


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.