edz_pgt
asked on
Urgent TCPIP knowledge required please
Sorry for the title of this topic but I'm under a lot of pressure to sort this quickly.
Could anyone explain how the DNS works in a small domain environment please? I have a situation where the presence of a Windows based DNS server is causing a slow ping to the internet. Even though a workstation might rely on the server for the DNS, removing the network connection from the server makes everything normal. I'm guessing the workstation doesn't require the server once it's resolved the IP address but I'm puzzled as to why the presence of the server makes things slow.
There is no apparent unusual network traffic which you might otherwise associate with these symptoms.
Is it feasible to suggest that a faulty DNS server service might cause this to happen?
Could anyone explain how the DNS works in a small domain environment please? I have a situation where the presence of a Windows based DNS server is causing a slow ping to the internet. Even though a workstation might rely on the server for the DNS, removing the network connection from the server makes everything normal. I'm guessing the workstation doesn't require the server once it's resolved the IP address but I'm puzzled as to why the presence of the server makes things slow.
There is no apparent unusual network traffic which you might otherwise associate with these symptoms.
Is it feasible to suggest that a faulty DNS server service might cause this to happen?
what is the status of Antivirus on the DNS server ? updating to latest definition ?
AtB
AtB
Also see
* Check the events for any hint
* http://technet.microsoft.com/en-us/library/cc787724%28WS.10%29.aspx
* Check your DNS forwarder for unwanted entries ..
* Observe the nslookup timing
AtB
* Check the events for any hint
* http://technet.microsoft.com/en-us/library/cc787724%28WS.10%29.aspx
* Check your DNS forwarder for unwanted entries ..
* Observe the nslookup timing
AtB
Flush the DNS on the server
ipconfig /flushdns
It is probablt a fowarder.
Make sure that they are the same as your ISP.
Can also chuck in 8.8.8.8 which is googles public dns
ipconfig /flushdns
It is probablt a fowarder.
Make sure that they are the same as your ISP.
Can also chuck in 8.8.8.8 which is googles public dns
ASKER
Many thanks for all of your replies.
It seems that the notification emails have gone astray so I was unaware of your comments until a couple of minutes ago. Hence my delayed reply - sorry guys.
It now seems that DNS may have been a red herring. After a lot of investigation I've managed to narrow this down a lot. I've found that stopping the SMTP service brings the ping results back to normal.
To answer a previous question, I had been pinging www.google.com and getting replies at around 300ms - 600ms. Stop the SMTP service and these replies take around 50ms - 60ms.
So, my question I suppose is now related to email.
I've checked the queue, bad mail & pickup directories and they are empty. The UCEarchive folder has about 10 emails in it which appear quite normal.
Any ideas?
It seems that the notification emails have gone astray so I was unaware of your comments until a couple of minutes ago. Hence my delayed reply - sorry guys.
It now seems that DNS may have been a red herring. After a lot of investigation I've managed to narrow this down a lot. I've found that stopping the SMTP service brings the ping results back to normal.
To answer a previous question, I had been pinging www.google.com and getting replies at around 300ms - 600ms. Stop the SMTP service and these replies take around 50ms - 60ms.
So, my question I suppose is now related to email.
I've checked the queue, bad mail & pickup directories and they are empty. The UCEarchive folder has about 10 emails in it which appear quite normal.
Any ideas?
ASKER
A bit more information:
1. Stopping the default SMTP in Exchange stops the ping problem.
2. Disabling all inbound NAT ports at the router has no effect.
3. Disabling outbound mail in Exchange has no effect.
So, it appears to be smtp related but I can't see anything to explain it in the Exchange queues.
Not sure if this is relevant, but there's a lot of port 445 netbios activity on the network. Never really looked into this before so I'm not sure what levels of 445 traffic to expect.
1. Stopping the default SMTP in Exchange stops the ping problem.
2. Disabling all inbound NAT ports at the router has no effect.
3. Disabling outbound mail in Exchange has no effect.
So, it appears to be smtp related but I can't see anything to explain it in the Exchange queues.
Not sure if this is relevant, but there's a lot of port 445 netbios activity on the network. Never really looked into this before so I'm not sure what levels of 445 traffic to expect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Billy.
While testing this afternoon the traffic suddenly stopped of it's own accord. The only thing I noticed was that the apparently empty outbound smtp queues had vanished.
All is still quiet but I suspect the issue may return on Monday when the office staff are back at work.
Is there a simple guide to running wireshark? I've read a lot of people suggesting it's good but it seems really complicated at first glance.
While testing this afternoon the traffic suddenly stopped of it's own accord. The only thing I noticed was that the apparently empty outbound smtp queues had vanished.
All is still quiet but I suspect the issue may return on Monday when the office staff are back at work.
Is there a simple guide to running wireshark? I've read a lot of people suggesting it's good but it seems really complicated at first glance.
>Is there a simple guide to running wireshark? I've read a lot of people suggesting it's good but it seems really complicated at first glance.
There is a guide, but parsing through all the data will be a bit intimidating; If you are not very knowledge in TCP/IP, then your best bet is to run a packet capture and ask the Experts here at the exchange to assist.
Billy
There is a guide, but parsing through all the data will be a bit intimidating; If you are not very knowledge in TCP/IP, then your best bet is to run a packet capture and ask the Experts here at the exchange to assist.
Billy
You can filter traffic with Wireshark after you make the capture. Based on your comments I would filter out all but SMTP. I would also check to make sure your server is not exposed to being an open relay.
http://www.amset.info/exchange/smtp-openrelay.asp
Or use the Microsoft on-line test tool:
https://testexchangeconnectivity.com
http://www.amset.info/exchange/smtp-openrelay.asp
Or use the Microsoft on-line test tool:
https://testexchangeconnectivity.com
ASKER
Just for the record....
The problem was due to a 15MB email being continuously rejected by Yahoo.com and being continuously resent.
The message wasn't visible in the queue until I blocked port 25 outbound on the router. Once I could see it, I could then delete and problem solved.
Thanks everyone.
The problem was due to a 15MB email being continuously rejected by Yahoo.com and being continuously resent.
The message wasn't visible in the queue until I blocked port 25 outbound on the router. Once I could see it, I could then delete and problem solved.
Thanks everyone.
DNS requirements for an Active Directory domain are fairly simple:
1. All clients must be able to reliably resolve names for the AD domain name in DNS
2. The DNS server must support service records (MS DNS does)
The first is perhaps the most critical, and it means that you should not, under any circumstances, feed clients DNS servers that know nothing about your AD domain (for example, your ISPs DNS servers).
Your Internal DNS server will be able to resolve public names on its own by default (using Root Hints), although using Forwarders (typically to ISPs DNS servers) is a popular choice.
On to Ping. What do you mean by slow ping? Because DNS cannot directly impact Ping, although it can cause a delay before Ping really gets going if you ping a name rather than IP.
Chris