Slow Internet Through Lan

I have a medium sized network with 2 domain controllers that handle DNS and DHCP. They are failovers for each other. I have the DNS entries on each server as 10.1.x.x and 10.1.x.y with a third DNS entry of an ISP DNS server. I have recently upgraded to Cisco managed switches SG300 series. For some reason my users are experiencing slow web page response when they try to access an internet site. It seems to be having trouble resolving the URLs via DNS. When users attach to my guest public network, which is before my firewall and switches, the responses are normal on the same Internet pipe. Should I be setting up DNS on the switches as well? Not real sure what the proper protocol is for this scenario.

Please let me know if anything is unclear or more info is needed.

Thanks
JJENSEN3Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Skyler KincaidConnect With a Mentor Network/Systems EngineerCommented:
Typically with Active Directory Integrated DNS zones there is no reason to have the DNS servers pointing at each other for DNS.

For each server you should have the DNS servers be its IP address and the loopback IP of 127.0.0.1. You should also disable root hints and enabled forwarders (we also set forwarders to 8.8.8.8 and 8.8.4.4).

As the first post said you never want to use the ISPs DNS servers. Google's DNS servers are much less likely to go down or have issues.

When you are handing out DHCP you would then hand out both of your DNS servers and nothing else.

If that doesn't work can you try setting static DNS servers on one of the computers, flushing DNS and seeing if you are able to browse normally? If you are then it is a problem with your DNS servers that we will have to dive into deeper.

Let me know if you need help with disabling root hints and setting up the forwarders.
0
 
Cliff GaliherConnect With a Mentor Commented:
You should bit have any DNS entries pointing non AD DNS servers. That alone can cause real performance issues.   To improve external lookups, another thing you can do is configure your DNS servers to use forwarders that have quick response times for your uplinks. Perhaps ISP DNS servers, or perhaps other 3rd party servers. Root hints are very reliable, but you usually sacrifice some performance for that reliability.
0
 
bigeven2002Commented:
Hello,

How many users are affected?  Is it all or just some?  Is everyone using the same computer specs?  I don't think DNS is necessary on the switches directly.  Have you already tried flushing DNS cache on the workstations?  Are you using DNS forwarding on the domain controllers?  If not, I would recommend setting DNS forwarding on both controllers and point them to google's or open DNS servers.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
JJENSEN3Author Commented:
Great input from everyone. I definitely see I have some things to try. xKincaidx, I could use some help with setting up forwarders and disabling root hints.
0
 
JJENSEN3Author Commented:
In addition to all of this, I have a Sonicwall TZ215 firewall. What DNS server settings should I use? ISP or my internal servers?
0
 
Cliff GaliherCommented:
Why does it need DNS at all? The answer to that will answer your question.
0
 
bigeven2002Commented:
If I remember correctly he sonic wall does have active directory integration.  If you use this feature then you can use the internal servers, otherwise set them to your ISP servers or whatever your DNS forwarding is pointing to.
0
 
Skyler KincaidConnect With a Mentor Network/Systems EngineerCommented:
Set the Sonicwall's DNS servers to 8.8.8.8 and 8.8.4.4.

To disable root hints on your DNS servers:

1. Open the DNS console
2. Right click on your server
3. Click on properties
4. Uncheck the "use root hints if no forwarders are available box"
5. Click edit and add 8.8.8.8 and 8.8.4.4
6. Restart the DNS server and client services

Let us know if you have any questions.
0
 
JJENSEN3Author Commented:
Updating these settings and reducing some firewall scanning has significantly improved performance. Thank you to all.
0
All Courses

From novice to tech pro — start learning today.