Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

Is this setup okay? Why was my previous setup causing internet to be super slow?

I Set up windows server 2008 at home with the following tcp/ip ipv4 settings:
ip address:  192.168.1.50
subnet mask: 255.255.255.0
default gateway: 192.168.1.1
dns server: 127.0.0.1
I then connected a client windows 7 to the server by after setting the following tcp/ip ipv4 settings for the client:
ip address: 192.168.1.10
subnet mask: 255.255.255.0
defualt gateway: 192.168.1.1
dns server: 192.168.1.50
--------------------------------------------------
Only when I set it to the above was I able to set windows 7 client as part of the domain.
But....I noticed websites were loading really slow. So I changed the windows 7 client settings back to
default (router dhcp server and router dns server)
and I am still able to log into the domain and now my internet is much faster.
My question is: Is this okay to do in a small business netowrk setup? If not, why was my internet connection so slow
when using windows server 2008 dns server? How can I make it faster other than what I did? Is what I did done in businesses?
0
now2010
Asked:
now2010
  • 4
  • 3
  • 3
  • +2
3 Solutions
 
pmasottaCommented:
your windows server DNS add an extra step on resolving every name...
when you take the DNS from your router you receive the 2 DNS servers provided by your ISP
then you move faster....
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
On your router, add 192.168.1.50 as a secondary DNS this way you can hit internal machines.

You could have also added 192.168.1.1 as a secondary DNS server to your DHCP on the SBS.  

Essentially when hitting a website you had to wait for the server to time out before moving onto the default gateway.
0
 
Chris DentPowerShell DeveloperCommented:
> Is this okay to do in a small business netowrk setup?

No, it's not.

> then you move faster....

Yeah, and wreck access to AD in the process.

If you're doing this for a business you must do it right.

> On your router, add 192.168.1.50 as a secondary DNS this way you can hit internal machines.

Won't work reliably / at all. If the router says "myserver" doesn't exist then the client will believe it. It will not check in with the alternate DNS server as well.

> You could have also added 192.168.1.1 as a secondary DNS server to your DHCP on the SBS.  

Same thing.

This is one of the most common problems we see. Misconfiguration stemming from bad advice. There's no two ways about that I'm afraid.

So:

For Active Directory Domains you need reliable Internal name resolution. Without it you will find you have trouble authenticating, or accessing domain resources (whether that's file servers or mail servers or anything else).

That means *all* clients and servers must *only* use DNS servers that can answer about the AD Domain. A router is extremely unlikely to be able to do that, which means any logon to your PC is done using Cached Credentials.

What you need to do is fix the problem with the DNS service on your server, so it can resolve names as quickly as your router. There's no reason for it not to do so.

One thing you might try initially is opening the DNS Console. Right click on the Properties for your DNS server, then select Forwarders. Add your ISPs DNS servers in here. Any query your server can't answer will be sent there. Forwarders are not strictly necessary, but it's a good first debugging step.

If it's still slow, please come back because it needs fixing.

Chris
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
pmasottaCommented:
@Chris
"Yeah, and wreck access to AD in the process."
take it easy man; I was just explaning the speed difference, and the speed difference is the added DNS. period.
No matter how well he's going to fix the DNS problem the local DNS server will always be slower than the ISP's one....

0
 
now2010Author Commented:
So should I keep the following settings?

windows server 2008 at home with the following tcp/ip ipv4 settings:
ip address:  192.168.1.50
subnet mask: 255.255.255.0
default gateway: 192.168.1.1
dns server: 127.0.0.1

Windows  7 professional client
ip address: 192.168.1.10
subnet mask: 255.255.255.0
defualt gateway: 192.168.1.1
dns server: 192.168.1.50

router: set to wpa2 personal and dhcp server
0
 
Chris DentPowerShell DeveloperCommented:
> take it easy man; I was just explaning the speed difference, and the speed difference is the added DNS. period.

Apologies if I was too short.

> No matter how well he's going to fix the DNS problem the local DNS server will always be slower than the ISP's one....

Why?

If the local server is not under load and uses Root Hints there's no reason for it to be slower. Indeed, it may even be faster.

> So should I keep the following settings?

Yep, those settings are correct. We need to work on DNS being slow, it shouldn't be.

Do you find that all requests are slow?

Chris
0
 
pmasottaCommented:
>If the local server is not under load and uses Root Hints there's no reason for it to be slower. Indeed, it may even be faster.
people experince proves this is not true.
1) the server is usually "under load"
2) "Root Hints" are requiered to ""connect"" the local DNS and a higher level DNS authority but it won't make the local DNS option faster than the external DNS option.... if you go "otside" you'll have always an extra delay...
0
 
Chris DentPowerShell DeveloperCommented:
1. Agreed, but comparable and significant load? We have no means of comparing with an ISP of course, but we can (probably) happily say and difference is measured in milliseconds (even if it's a hundred ms).

2. Sure, but answers are cached at all levels of the hierarchy. So you might end up finding .com once in a day and so on. That means the actual cost of finding www.something.com is nothing more than the cost of a single query to the name servers for something.com.

Of course it's not guaranteed to be faster, but nor is it guaranteed to be slower either.

The ISPs have to do the same lookups and caching, the only potential advantage they have is a bigger / more complete cache. It's not a guarantee, but there's a chance.

I don't agree with the link between "outside" and extra delay. What if I were an ISP? What is the actual difference between me running my own DNS service masquerading as an ISP, and being an ISP? Dedicated hardware for DNS services may have an impact, but that requirement is entirely related to service load.

It's all besides the point though. We must use the internal DNS service because we need reliable internal name resolution for AD. If that incurs a delay then the delay must be suffered. The only issue is that the delay quoted is significant and far more than we should expect (whether using Forwarders or Root Hints), we need to troubleshoot that because it should not exist.

Chris
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
now2010:

On ther server, add an additional (secondary) DNS server to 192.168.1.1

REMOVE DHCP from the router and let your AD handle it.  (Using DHCP service).

DHCP Service should have DNS of 192.168.1.50 and 192.168.1.1 (in case server goes down for some reason).
0
 
Chris DentPowerShell DeveloperCommented:
> DHCP Service should have DNS of 192.168.1.50 and 192.168.1.1 (in case server goes down for some reason).

It really should not. I'm not sure how much more I can emphasize this.

You cannot guarantee that a client will always use 192.168.1.50 and only ever use 192.168.1.1 when the first is down. The client resolver just doesn't work like that. It's based on a series of time-outs and, if the preferred server fails to respond quickly enough, will continue to use the alternate for up to 15 minutes before re-evaluating the list.

If another DNS server is to be used in the event of failure then it will need to be able to host the zone used by AD. That might be another DC, a stand-alone server with a secondary copy of the zone, or any other DNS service capable of hosting zones.

Adding devices that know nothing about the AD domain to the DNS server list just shifts problems around. You might have fault tolerance when the DC is down, but you also have to put up with intermittent access failures when the DC is up.

Chris
0
 
now2010Author Commented:
I finally solved the problem guys.
I went to DNS manager on the Windows server 2008
Right clicked computer name then properties
Opened forwarders and deleted 192.168.1.1
Immediately my server and windows 7 client was surfing at full speeds.

Thank you all very much for sticking with me and helping me solve this.
0
 
Glen KnightCommented:
Just to re-iterate what Chris-Dent has said.

Under no circumstances in an internal Windows Domain infrastructure should your clients or servers be using an external DNS server.  If you have a second internal DNS server then add this as an alternative.

In an SBS network the server should be using only 127.0.0.1 for DNS.  The clients should be using the SBS servers IP address.  If for any reason the SBS server is not being used for DHCP then the DHCP provider must be configured to give out the SBS servers IP for DNS.  NOT the router and NOT the ISP.

Reasoning, as Chris has already mentioned, if it's not configured this way then you will break SBS/Active Directory and Exchange.  They all publish records to DNS, therefore they must be able to write and update DNS.  DNS on an Internal Windows network is not simply about names resolution.

Secondly, if you have an external DNS server listed as an alternative then if for any reason your preferred DNS (the SBS server) is unable to respond to a request the client will switch to using the alternate DNS.  Which has no details of your internal network.  And it will not revert back to the prefered until you flush the DNS manually or the alternate DNS does not respond.

SBS by default will use root hint, and the SBS best practice Analyzer will complain if it uses forwarders.  However, I alway use forwarders in any Windows network.  Under the forwarders tab add the ISP DNS servers.  You will probably find this will cause external names resolution to be faster and more reliable.
0
 
now2010Author Commented:
experts helped out a lot all help is appreciated.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now