• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Server 2008 R2 DNS

Websites have been taking 30-45 seconds to load, and I have narrowed the issue down to our Server 2008 R2 Server which handles our DNS. I bypassed the server, and the webpages load quickly. I chekced the forwarding Name Servers, and they are correct. I even placed them in different orders and included 4.2.2.2. However, this did not speed anything up. What should I check from here? Thanks!
0
ckleavitt2
Asked:
ckleavitt2
  • 5
  • 3
  • 2
  • +2
1 Solution
 
araberuniCommented:
Can you please explain what sort of website it is I mean IIS7.5
How you resolving name internally or external?
Win2k8 R2 DNS is your only DNS server?

You can use wireshark to detect traffic activity? use tracert command to traffic path.

Please update once you check all these.
0
 
ckleavitt2Author Commented:
Any website we go to e.g. Google.com, apple.com, etc..

The domain computers point to our 2008 DNS server based on the DHCP settings. The DNS server uses our ISP's NS which are listed in the forwarders. I use the ISP's 2 NS's and 4.2.2.2 as the 3rd.

I know the path of the traffic, so will wireshark or tracert help, as the path is already known. As stated before, I have checked through the server and bypassing the server. The slowdown occurs when the workstations DNS points to the server instead of say 4.2.2.2 or the ISP's DNS. Any DNS other than the server performs great.
0
 
Aaron TomoskyTechnology ConsultantCommented:
What is the output when you run this:
Nslookup -debug google.com
Both using internal and external
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ckleavitt2Author Commented:
Here is the output from the command when done from the Server. Obviously I have masked my domain with "mydomain" for the purposes of this post
______________________________________________________________________

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup -debug google.com
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
, type = PTR, class = IN
    AUTHORITY RECORDS:
    ->  1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa

        ttl = 677 (11 mins 17 secs)
        primary name server = ipdnstool-02.dnvr.twtelecom.net
        responsible mail addr = postmaster.ipdnstool-02.dnvr.twtelecom.net
        serial  = 5
        refresh = 86400 (1 day)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)

------------
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
        ttl = 677 (11 mins 17 secs)
        primary name server = ipdnstool-02.dnvr.twtelecom.net
        responsible mail addr = postmaster.ipdnstool-02.dnvr.twtelecom.net
        serial  = 5
        refresh = 86400 (1 day)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)
Server:  UnKnown
Address:  ::1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        google.com.mydomain.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.local
        ttl = 3600 (1 hour)
        primary name server = dc1.mydomain.local
        responsible mail addr = hostmaster.mydomain.local
        serial  = 205
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        google.com.mydomain.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.local
        ttl = 3600 (1 hour)
        primary name server = dc1.mydomain.local
        responsible mail addr = hostmaster.mydomain.local
        serial  = 205
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        google.com, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  google.com
        ttl = 95 (1 min 35 secs)
        primary name server = ns1.google.com
        responsible mail addr = dns-admin.google.com
        serial  = 1465838
        refresh = 7200 (2 hours)
        retry   = 1800 (30 mins)
        expire  = 1209600 (14 days)
        default TTL = 300 (5 mins)

------------
*** Request to UnKnown timed-out

C:\Users\Administrator>
0
 
arnoldCommented:
Check whether your IIS log options require the resolution of the requesting IP included?
HOST (cs-host) as well as server name (s-servername)
0
 
ckleavitt2Author Commented:
Sorry, how would I check that?
0
 
arnoldCommented:
Use the management interface and access the site dealing with logs.
http://learn.iis.net/page.aspx/579/advanced-logging-for-iis-70---custom-logging/
0
 
araberuniCommented:
I am wondering why external DNS resolution goes your DNS server and then goes to ISP. Whats the point to add extra hop in the communication. Do you have any proxy server in your infrastructure?
0
 
xzumanCommented:
Check the process of the tasks into your server, also check is your Anti Virus product are delay the connection?

Moreover, check the network interface card in your Server, what is the situation.

try to restart the DNS service, it may have some over flow buffer !!
0
 
ckleavitt2Author Commented:
So is the suggested method that my workstations use the ISP DNS servers? And if they need to resolve an internal host?
0
 
ckleavitt2Author Commented:
Antivirus is not the issue....as an update
0
 
arnoldCommented:
Does your DNS have the private IPs listed as authoritative?

Are you confirming that the issue is the DNS lookups that are sent from your webserver to the dns service?
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now