• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2073
  • Last Modified:

Windows Server 2008 R2 DNS issues website browsing is slow or hangs

Hi all and thank you for all your help.

We have a 2 domain controller network. The primary domain controller is running Windows Server 2008 R2 Enterprise (IPv4 - 10.1.1.250 and IPv6 2001:db8:8765:4321::2) and the other domain controller is running Windows Server 2008 R2 Standard (IPv4 - 10.1.1.251 and IPv6 2001:db8:8765:4321::3). I have setup a VPN and NAT on the Enterprise server with RRAS and it is currently being used as a router. Because I have Exchange 2010 running on the primary Domain Controller, I had to setup both servers using IPv6. I also configured the NIC IP settings for each server as follows, for the IPv4 DNS settings, the Preferred DNS server is set to 10.1.1.250 and Alternate DNS server is set to 10.1.1.251) For the IPv6 settings, the Preferred DNS server is set to 2001:db8:8765:4321::2 and the alternate DNS server is set to 2001:db8:8765:4321::3). I setup the DNS server type to Active Directory-Integrated and also configured the proper Reverse Lookup Zones within DNS (at least I believe so). I also have forwarders configured which are the DNS servers given by the ISP.

Now that you know the configuration, here is the issue: When browsing the internet, most of the time, not always though, websites hang or take an extremely long time to load when you're browsing. But, if you hit refresh, the page will load immediately and there's no delay.

What is strange is that if I try to ping a website from a workstation on the network, it seems that DNS can resolve very quickly so it seems really weird for it to be a DNS problem.
I know that it is not an Internet problem because we do not have any issues with people remoting in through RDP.

I tried doing some research on the problem and find out that it may have to do with EDNS and so I ran the following command but I still have the problem: "dnscmd /Config /EnableEDnsProbes 0"

Thank you for all your help!
0
philpre
Asked:
philpre
  • 2
  • 2
  • 2
  • +2
2 Solutions
 
AwinishCommented:
Even though you can run Exchange on domain controller its not recommended, reason AD & exchange is a very heavy application, the use of memory,processor will load the server.

Technically, you can install Exchange 2010 on DC but its not recommended due to various constraint involved like, if you need to demote dc due to any issue, you need to remove exchange first than DC.
Even though article is for 2007, its applicable for Exchange 2010.
http://theessentialexchange.com/blogs/michael/archive/2008/03/29/exchange-server-2007-and-domain-controllers-a-summary.aspx

Ok, regarding your issue, see to it you apply windows 2008 SP1(test in a lab first). It can be bad nIC trying updating its drivers.
Take a look at article for fix in windows 2008 R2 SP1.
http://awinish.wordpress.com/2011/03/13/windows-2008-r2-sp1-and-directory-services-what%E2%80%99s-new/

Take a look at below article.
http://support.microsoft.com/kb/832223

Configure the DNS as posted in the link.
http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/
0
 
philpreAuthor Commented:
Awinish:

This server running as a domain controller and Exchange 2010 is extremely powerful, eg, 2 physical processors each with a 6-core intel xeon processors, 48 GB of RAM, so I know that is not what is causing the issue.

I know that it is not a bad NIC driver as I have the latest version of the NIC drivers loaded.

The server is currently running Windows Server 2008 R2 SP1 but it was happening before SP1.

I already performed that command,  "dnscmd /Config /EnableEDnsProbes 0" but the problem still persists.

As stated in the question, the DNS server addresses within the IP address configuration are set to point to both the primary and secondary domain controllers.

Thanks for the suggestions.
0
 
AwinishCommented:
Is DC is multihomed DC, means multiple active NIC, if yes try to disable all except one used for production.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/a1583d7f-fa59-4497-89de-666d683e53a0/
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
bevhostCommented:
Are you sure that you don't have problems with your IPv6 stack?  Do you have IPv6 Internet connectivity?

2001:db8 is not a real IPv6 address, so I assume you have substituted it for your real address for privacy reasons.

Sounds a bit like it is trying IPv6 first, failling and then falling back to IPv4, caching the answers and making it respond normally until the cache expires.
0
 
Darius GhassemCommented:
Configure your DNS servers to use DNS Forwarders and make sure your dns forwarders are updated.

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx

You should not have your DNS servers multihomed
0
 
philpreAuthor Commented:
I am not multihoming the DC. It has 1 NIC because that is the internet facing NIC and then I have the 1 NIC which is internal. From what I understood about RRAS, in order to setup a VPN, I need 2 NICs which the only way I knew how to set it up would be to configure it with NAT as well to be used as the router. As far as IPv6 being the problem, from the IPv6 address that I used, I made sure that was an internalized IPv6 address so that there wouldn't be any problem. I do know that exchange REQUIRES IPv6 because if you disable it, Exchange 2010 does not start up and the Exchange Management Console will not connect to the Exchange services. I already configured the DNS forwarders properly and that they are updated. I believe this issue has something to do with being an Active-Directory Integrated mode because on another Server 2008 R2 that I was playing it, I was having the same issue, and once I disabled this inside of DNS, the internet browsing was quick afterwards. Thanks again for all the help.
0
 
Darius GhassemCommented:
If you have two NICs enabled on a DC you can multihoming even if one is internal and external.

AD integration has nothing to do with this.

http://technet.microsoft.com/en-us/library/cc740071(WS.10).aspx

I would disable the second NIC for testing.

Go to your network binding make sure your internal NIC is listed first

http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/
1
 
bevhostCommented:
So you're just using Link Local IPv6 Addresses then? fe80::bla
0
 
softecsolutionsCommented:
HI Dariusg:
I read your answer of not having a multihomed DNS server.  I think you may have solved an ongoing issue for me.  I have a client with about 80 computers.  They are a single server environment.  The server is a DC, file server, DNS server, DHCP server and SharePoint server. (I know, not recommended, and they no longer use SharePoint right now, but they won't let me remove it, "just in case")

DNS has been an ongoing issue for the clients.  The Server has two network cards, one internal, one external.  The external NIC goes through a UTM appliance and separate internet feed and is used only for RDP access to the server for ourselves.  The internal NIC has it's own UTM/Gateway and internet feed which is common to all the clients.

I am assuming from your comment about multihomed dns servers, that my issue is probably the two NIC's and that I should disable the external one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now