Old Dns on a new network not resolving as it used to.

Hello All,
   I have an odd issue. Recently we had a huge network install, this install subsequently moved our previous network from a flat /16 network to multiple VLAN's and subnets all on a /24. Our DNS server (also PDC) was the primary dns for the network started to act oddly after we changed the subnet information both in the NIC and AD Sites & Services (I added the 10.25.0.0/24 range). Now we have an odd issue of not being able to resolve as quickly as we did before the change over. The major change was changing the subnet of the DC. Does anyone know if I need to add the entire VLAN structure into AD S&S, or is there some sort of DNS issue at large? Any help would be appreciated.

PS. Google DNS is setup in the forwarders, and The DNS server resolves just fine, the clients do not.
wadneyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SteveCommented:
so you've changed the IP/subnet of the DC. did you update DNS bindings so it knows it is responding on a new IP?

could you provide more info on what subnets/IPs your main items (server, dns, gateway) used to be on and what they are on now?
what subnets are you now using?

yes, it is worth adding the subnets to S&S so the PCs can identify which AD site they are in, but it shouldn't affect DNS in theory so may be a moot point in your case.

what DNS server(s) are listed on the clients?

can the server see it's own DNS or is it having an issue too?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wadneyAuthor Commented:
Hey, thanks so much for replying!

The DC changed from a /16 to a /24 subnet so the IP, Gateway and even the DNS settings stayed the same.
EX:
IP 10.25.1.16/17 respectively
SM 255.255.255.0 (was 255.255.0.0)
GW 10.25.1.1
DNS
10.25.1.16/17 respectively
127.0.0.1
The change we made was simply changing the mask to be on the subnet our network was phasing into from /16 to /24.   Clients at the moment pull DHCP from our Cisco Solution (trust me it was not my choice) so the GW is relative to VLAN and subnet routed through layer3, however, all clients get the correct IPs for both DNS servers when running ipconfig /all. The Servers browse and resolve with no issue, as for the bindings since the IP stayed the same all appear to be good (I double checked and settings show both IP and Localhost as well as our Domain suffix) The issue appears to be isolated to clients when they attempt to access a site it takes upwards of 8-10 seconds to resolve, once it resolves it appears to cache because that site is now fine. Kind of odd.

Thanks again for your help!
0
SteveCommented:
No problem. Hope we can fix it for ya.


could I ask what you mean by 16/17 respectively? do you have more than one server?
have you amended the subnet mask in DHCP on the cisco switch?
can you ping the server's IP from the clients?
what do you get if you run nslookup on a client?

could I also just check that the DNS 127.0.0.1 is just on the server, and not in DHCP too?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

wadneyAuthor Commented:
No problem!

There are two DC's our PDC and BDC, both are running DNS one is 10.25.1.16 and the other is 10.25.1.17,
Subnet masks have been amended in DHCP as well, all are pulling in /24 masks. Internal Resolution is SUPER Fast, however, when externally resolving to http/https we get the lag time. Can nslookup both IP for reverse and NS for FQDN get results back np.

Ive taken a look and the PTR and CNAMES all look good, one additional note, scavenging is enabled, but it has not removed all the old IPs from when we were using /16's.
0
wadneyAuthor Commented:
Oh one more thing, I just was looking at the tickets from my predecessor, it appears he was having issues with the _.msdcs in DNS and had to delete and recreate it. However, I see that it is not listed under our domain but rather as another forwarding zone _.msdcs.<ourdomain>.org
0
AkinsdNetwork AdministratorCommented:
Run dcdiag /fix on your domain controller and see if that helps
0
footechCommented:
Having _msdcs as a zone is not an issue.  In fact it's how it will be created by default with a new domain since Server 2003.  You should have a delegation under <ourdomain>.org for _msdcs that includes the DNS servers that host the zone.

I think to diagnose this I would take a network capture on the DNS servers and look at network firewall traffic to understand/verify how DNS traffic is flowing.
0
SteveCommented:
I agree unfortunately. there's nothing discussed so far that's obvious so you should turn on DNS logging and have a look. you may end up wiresharking to check packet flow.
0
wadneyAuthor Commented:
Hey Guys,
   SO I pcapped and logged DNS, do you guys want me to post the results so we all can look?
0
footechCommented:
I don't know if I'll get a chance to look at them, but if someone does it'll make it easier if they're available.
0
wadneyAuthor Commented:
Sorry for the delay in response everyone! We determined the issue was a web filter. It was setup as a bridge and while it was supposed to be invisible on the network it was giving us some issues.  Taking it offline allowed the network to function normally an subsequently DNS to work normally. Now we need to contact the manufacturer.

Thanks All!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.