Solved

Slow Internet Through Lan

Posted on 2014-09-28
9
407 Views
Last Modified: 2014-09-30
I have a medium sized network with 2 domain controllers that handle DNS and DHCP. They are failovers for each other. I have the DNS entries on each server as 10.1.x.x and 10.1.x.y with a third DNS entry of an ISP DNS server. I have recently upgraded to Cisco managed switches SG300 series. For some reason my users are experiencing slow web page response when they try to access an internet site. It seems to be having trouble resolving the URLs via DNS. When users attach to my guest public network, which is before my firewall and switches, the responses are normal on the same Internet pipe. Should I be setting up DNS on the switches as well? Not real sure what the proper protocol is for this scenario.

Please let me know if anything is unclear or more info is needed.

Thanks
0
Comment
Question by:JJENSEN3
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 166 total points
ID: 40349134
You should bit have any DNS entries pointing non AD DNS servers. That alone can cause real performance issues.   To improve external lookups, another thing you can do is configure your DNS servers to use forwarders that have quick response times for your uplinks. Perhaps ISP DNS servers, or perhaps other 3rd party servers. Root hints are very reliable, but you usually sacrifice some performance for that reliability.
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40349135
Hello,

How many users are affected?  Is it all or just some?  Is everyone using the same computer specs?  I don't think DNS is necessary on the switches directly.  Have you already tried flushing DNS cache on the workstations?  Are you using DNS forwarding on the domain controllers?  If not, I would recommend setting DNS forwarding on both controllers and point them to google's or open DNS servers.
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 334 total points
ID: 40349251
Typically with Active Directory Integrated DNS zones there is no reason to have the DNS servers pointing at each other for DNS.

For each server you should have the DNS servers be its IP address and the loopback IP of 127.0.0.1. You should also disable root hints and enabled forwarders (we also set forwarders to 8.8.8.8 and 8.8.4.4).

As the first post said you never want to use the ISPs DNS servers. Google's DNS servers are much less likely to go down or have issues.

When you are handing out DHCP you would then hand out both of your DNS servers and nothing else.

If that doesn't work can you try setting static DNS servers on one of the computers, flushing DNS and seeing if you are able to browse normally? If you are then it is a problem with your DNS servers that we will have to dive into deeper.

Let me know if you need help with disabling root hints and setting up the forwarders.
0
 

Author Comment

by:JJENSEN3
ID: 40349969
Great input from everyone. I definitely see I have some things to try. xKincaidx, I could use some help with setting up forwarders and disabling root hints.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:JJENSEN3
ID: 40350886
In addition to all of this, I have a Sonicwall TZ215 firewall. What DNS server settings should I use? ISP or my internal servers?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40350892
Why does it need DNS at all? The answer to that will answer your question.
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40351370
If I remember correctly he sonic wall does have active directory integration.  If you use this feature then you can use the internal servers, otherwise set them to your ISP servers or whatever your DNS forwarding is pointing to.
0
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 334 total points
ID: 40351480
Set the Sonicwall's DNS servers to 8.8.8.8 and 8.8.4.4.

To disable root hints on your DNS servers:

1. Open the DNS console
2. Right click on your server
3. Click on properties
4. Uncheck the "use root hints if no forwarders are available box"
5. Click edit and add 8.8.8.8 and 8.8.4.4
6. Restart the DNS server and client services

Let us know if you have any questions.
0
 

Author Closing Comment

by:JJENSEN3
ID: 40352021
Updating these settings and reducing some firewall scanning has significantly improved performance. Thank you to all.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now