Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Slow Internet Through Lan

Posted on 2014-09-28
9
Medium Priority
?
418 Views
Last Modified: 2014-09-30
I have a medium sized network with 2 domain controllers that handle DNS and DHCP. They are failovers for each other. I have the DNS entries on each server as 10.1.x.x and 10.1.x.y with a third DNS entry of an ISP DNS server. I have recently upgraded to Cisco managed switches SG300 series. For some reason my users are experiencing slow web page response when they try to access an internet site. It seems to be having trouble resolving the URLs via DNS. When users attach to my guest public network, which is before my firewall and switches, the responses are normal on the same Internet pipe. Should I be setting up DNS on the switches as well? Not real sure what the proper protocol is for this scenario.

Please let me know if anything is unclear or more info is needed.

Thanks
0
Comment
Question by:JJENSEN3
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 664 total points
ID: 40349134
You should bit have any DNS entries pointing non AD DNS servers. That alone can cause real performance issues.   To improve external lookups, another thing you can do is configure your DNS servers to use forwarders that have quick response times for your uplinks. Perhaps ISP DNS servers, or perhaps other 3rd party servers. Root hints are very reliable, but you usually sacrifice some performance for that reliability.
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40349135
Hello,

How many users are affected?  Is it all or just some?  Is everyone using the same computer specs?  I don't think DNS is necessary on the switches directly.  Have you already tried flushing DNS cache on the workstations?  Are you using DNS forwarding on the domain controllers?  If not, I would recommend setting DNS forwarding on both controllers and point them to google's or open DNS servers.
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 1336 total points
ID: 40349251
Typically with Active Directory Integrated DNS zones there is no reason to have the DNS servers pointing at each other for DNS.

For each server you should have the DNS servers be its IP address and the loopback IP of 127.0.0.1. You should also disable root hints and enabled forwarders (we also set forwarders to 8.8.8.8 and 8.8.4.4).

As the first post said you never want to use the ISPs DNS servers. Google's DNS servers are much less likely to go down or have issues.

When you are handing out DHCP you would then hand out both of your DNS servers and nothing else.

If that doesn't work can you try setting static DNS servers on one of the computers, flushing DNS and seeing if you are able to browse normally? If you are then it is a problem with your DNS servers that we will have to dive into deeper.

Let me know if you need help with disabling root hints and setting up the forwarders.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:JJENSEN3
ID: 40349969
Great input from everyone. I definitely see I have some things to try. xKincaidx, I could use some help with setting up forwarders and disabling root hints.
0
 

Author Comment

by:JJENSEN3
ID: 40350886
In addition to all of this, I have a Sonicwall TZ215 firewall. What DNS server settings should I use? ISP or my internal servers?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40350892
Why does it need DNS at all? The answer to that will answer your question.
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40351370
If I remember correctly he sonic wall does have active directory integration.  If you use this feature then you can use the internal servers, otherwise set them to your ISP servers or whatever your DNS forwarding is pointing to.
0
 
LVL 15

Assisted Solution

by:Skyler Kincaid
Skyler Kincaid earned 1336 total points
ID: 40351480
Set the Sonicwall's DNS servers to 8.8.8.8 and 8.8.4.4.

To disable root hints on your DNS servers:

1. Open the DNS console
2. Right click on your server
3. Click on properties
4. Uncheck the "use root hints if no forwarders are available box"
5. Click edit and add 8.8.8.8 and 8.8.4.4
6. Restart the DNS server and client services

Let us know if you have any questions.
0
 

Author Closing Comment

by:JJENSEN3
ID: 40352021
Updating these settings and reducing some firewall scanning has significantly improved performance. Thank you to all.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question