Solved

Urgent TCPIP knowledge required please

Posted on 2011-03-04
11
400 Views
Last Modified: 2012-05-11
Sorry for the title of this topic but I'm under a lot of pressure to sort this quickly.

Could anyone explain how the DNS works in a small domain environment please? I have a situation where the presence of a Windows based DNS server is causing a slow ping to the internet. Even though a workstation might rely on the server for the DNS, removing the network connection from the server makes everything normal. I'm guessing the workstation doesn't require the server once it's resolved the IP address but I'm puzzled as to why the presence of the server makes things slow.

There is no apparent unusual network traffic which you might otherwise associate with these symptoms.

Is it feasible to suggest that a faulty DNS server service might cause this to happen?
0
Comment
Question by:edz_pgt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35034648
Good morning,

DNS requirements for an Active Directory domain are fairly simple:

1. All clients must be able to reliably resolve names for the AD domain name in DNS
2. The DNS server must support service records (MS DNS does)

The first is perhaps the most critical, and it means that you should not, under any circumstances, feed clients DNS servers that know nothing about your AD domain (for example, your ISPs DNS servers).

Your Internal DNS server will be able to resolve public names on its own by default (using Root Hints), although using Forwarders (typically to ISPs DNS servers) is a popular choice.

On to Ping. What do you mean by slow ping? Because DNS cannot directly impact Ping, although it can cause a delay before Ping really gets going if you ping a name rather than IP.

Chris
0
 
LVL 8

Expert Comment

by:afthab
ID: 35034757
what is the status of Antivirus on the DNS server ? updating to latest definition ?

AtB
0
 
LVL 8

Expert Comment

by:afthab
ID: 35034814
Also see

* Check the events for any hint
* http://technet.microsoft.com/en-us/library/cc787724%28WS.10%29.aspx
* Check your DNS forwarder for unwanted entries ..
* Observe the nslookup timing

AtB
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Expert Comment

by:Wycom
ID: 35043567
Flush the DNS on the server
ipconfig /flushdns

It is probablt a fowarder.
Make sure that they are the same as your ISP.
Can also chuck in 8.8.8.8 which is googles public dns
0
 
LVL 1

Author Comment

by:edz_pgt
ID: 35043632
Many thanks for all of your replies.

It seems that the notification emails have gone astray so I was unaware of your comments until a couple of minutes ago. Hence my delayed reply - sorry guys.

It now seems that DNS may have been a red herring. After a lot of investigation I've managed to narrow this down a lot. I've found that stopping the SMTP service brings the ping results back to normal.

To answer a previous question, I had been pinging www.google.com and getting replies at around 300ms - 600ms. Stop the SMTP service and these replies take around 50ms - 60ms.

So, my question I suppose is now related to email.

I've checked the queue, bad mail & pickup directories and they are empty. The UCEarchive folder has about 10 emails in it which appear quite normal.

Any ideas?

0
 
LVL 1

Author Comment

by:edz_pgt
ID: 35043871
A bit more information:

1. Stopping the default SMTP in Exchange stops the ping problem.
2. Disabling all inbound NAT ports at the router has no effect.
3. Disabling outbound mail in Exchange has no effect.

So, it appears to be smtp related but I can't see anything to explain it in the Exchange queues.

Not sure if this is relevant, but there's a lot of port 445 netbios activity on the network. Never really looked into this before so I'm not sure what levels of 445 traffic to expect.
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 35044476
>Could anyone explain how the DNS works in a small domain environment please?

1. The client contacts AD DNs server (ADDNS01) with a recursive query for www.google.com. The server must now return
either the answer or an error message.

2. ADDNS01 checks its cache and zones for the answer, but does not find it, so it contacts a server authoritative
for the Internet (that is, a root server ) with an iterative query for www.google.com.

3. The DNS server at the root of the Internet does not know the answer, so it responds with a referral to a DNS server
authoritative for the .com domain.

600ms of RTT latency

4. ADDNS01 contacts a DNS server authoritative for the .com domain with an iterative query for www.google.com.

5. The DNS server authoritative for the .com domain does not know the exact answer, so it responds with a referral
to a server authoritative for the google.com. domain.

Additional 600ms of latency

6. ADDNS01 contacts the DNS server authoritative for the google.com. domain with an iterative query for www.google.com.

7. The DNS server authoritative for the google.com. domain does know the answer. It responds with the requested IP address.

Again, an additional 600ms of latency on the query time, with a total of 1.8 seconds for the entire query to complete from
a client prespective

8. ADDNS01 responds to the client query with the IP address for www.google.com.

==============

Stopping SMTP does appear to be the culprit; however by disabling outbound email and the NAT policy indicates that possibly internal client are filling up the SMTP queue causing congestion on the Ethernet link. I find  it hard to believe that SMTP traffic internally could be causing congestion on your internal network. Do you have the capability to log into the Ethernet switch and check the statistics of the switchport that the Exchange server is connected to. You could also install wireshark
on the Exchange server to analyze the packets and parse through the data to give you a better understanding what is going on from a packet level.

Billy
0
 
LVL 1

Author Comment

by:edz_pgt
ID: 35044638
Thanks Billy.

While testing this afternoon the traffic suddenly stopped of it's own accord. The only thing I noticed was that the apparently empty outbound smtp queues had vanished.

All is still quiet but I suspect the issue may return on Monday when the office staff are back at work.

Is there a simple guide to running wireshark? I've read a lot of people suggesting it's good but it seems really complicated at first glance.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35044739
>Is there a simple guide to running wireshark? I've read a lot of people suggesting it's good but it seems really complicated at first glance.

There is a guide, but parsing through all the data will be a bit intimidating; If you are not very knowledge in TCP/IP, then your best bet is to run a packet capture and ask the Experts here at the exchange to assist.

Billy
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35050432
You can filter traffic with Wireshark after you make the capture. Based on your comments I would filter out all but SMTP. I would also check to make sure your server is not exposed to being an open relay.
http://www.amset.info/exchange/smtp-openrelay.asp
Or use the Microsoft on-line test tool:
https://testexchangeconnectivity.com
0
 
LVL 1

Author Comment

by:edz_pgt
ID: 35098039
Just for the record....

The problem was due to a 15MB email being continuously rejected by Yahoo.com and being continuously resent.

The message wasn't visible in the queue until I blocked port 25 outbound on the router. Once I could see it, I could then delete and problem solved.

Thanks everyone.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question