Solved

Long DNS lookup times

Posted on 2012-04-02
9
514 Views
Last Modified: 2012-04-03
Hello,

I have a test domain where my 2 x 03R2 DC's were primary.  I then prepped the domain for 08R2, which went fine.  I then promoted the 08R2 machines to DC's, and then transferred FSMO roles etc.  Everything went well.  I then demoted the 03 servers so now I have 08R2 DC's as well as raising the forest and domain functional level to 08R2.

When my test clients to the internet, it takes a long time to resolve things, in fact, even on the DC's themselves it takes a long time.  

What could I have done wrong?
0
Comment
Question by:lbtoadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 

Author Comment

by:lbtoadmin
ID: 37797844
I also noticed that in my sites and services, I still have the old 03 servers listed, but there is nothing next to them like the others that say GC.  Do I need to manually delete them from sites and services, as well as DNS?  They are completely off of the domain.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37797855
Did you have the 2003 DC/DNS settings documented anywhere.  The reason I'm asking is because I'd check the forwarders.  Did you have forwarders configured (right click the DNS server, then properties, then forwarders tab).   If you had them on the 2003 box make sure they are on the 2008 box otherwise it is using root hints.

You can also sniff/monitor traffic with wireshark or netmon to see more on the wire

Thanks

Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37797859
Yes delete them from sites and services, that doesn't happen automatically during demotion.

Thanks

MIke
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 

Author Comment

by:lbtoadmin
ID: 37798363
Hello,

I just checked the forwarders tab on the 2008 server and it still has the old DC's.  Do you think that is the problem?  If so, how do I change them?  I also noticed that the old DNS servers are in DNS with the "same as parent" records.
0
 

Author Comment

by:lbtoadmin
ID: 37798521
Actually, I think I got it figured out.

1.  On the forward lookup zone, I right clicked on it, went to name servers, and deleted the old ones.  This took out of the "same as parent" DNS records for those two machines.

2.  I right clicked on my server in DNS, went to properties, clicked on fowarders, and edited the list.  I simply cleared out the servers in the list (there were only two entries, and they were for my old DC's).  

Once I did all of that, I was able to ping out and my clients could resovle things.

Does this sound like what I should have done?  

Mike, thanks for the tip above, which I performed in step 2 above.
0
 

Author Comment

by:lbtoadmin
ID: 37802464
Hello,

Can someone let me know if what I did above is correct in that I don't need the forwarders in there?

Thanks,
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 37802545
Yeah if those old servers were listed in forwarders then getting rid of them was the right move.  Would have been nice to see what was listed on forwarders for the old servers (you may have not had anything listed)

Thanks

Mike
0
 

Author Comment

by:lbtoadmin
ID: 37802590
Hi Mike,

Sorry I did not add that.  I happened to look at that before I demoted then and in the forwarders tab they had "all other domains"  in DNS domain and no entries for forwarders.

It looks like 08R2 does not have the option for "all other domains", just the option to manually add forwarders.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37802647
You got it, they also separated conditional forwarders in 2008,
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question