AD & BIND: domain listing is slow

[Blaqb0x]

Hi,

I have a set of 3 windows standard edition servers. All are domain
controllers for a single forest domain. I'm currently using BIND 9.x for
DNS.

The current service records are listed below.
---------------------------------------------------------------
;
; Active Directory Service Records
;
_ldap._tcp.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.foobar.com. SRV 0 0 88 ponzi.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 0 0 88 ponzi.foobar.com.

_ldap._tcp.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.foobar.com. SRV 8 8 88 bluechip.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 8 8 88 bluechip.foobar.com.
---------------------------------------------------------------

The resolution of machines on the domain is very slow in the Network Places.
I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other domain(access
denied). Can
someone give me some pointers on troubleshooting this issue. I suppose once
BIND is configured correctly it should work better.

Any help would be appreciated.

Thanks,

 

[Herb Martin]

I have a set of 3 windows standard edition servers. All are domain

controllers for a single forest domain. I'm currently using BIND 9.x for
DNS.

The resolution of machines on the domain is very slow in the Network
Places. I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

The first step is to run DCDiag on each DC and fix any
errors or warnings.

Most slow resolution does come down to DNS but note that
Network Places is PRIMARILY dependent on NetBIOS.

If you have more than one subnet this practically means WINS
server. Without that you will be waiting for NetBIOS to fail
before the DNS is used for resolution.

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other domain(access
denied).

"access" is very unspecific but most such cases across domains
are again DNS or NetBIOS problems.

NetBIOS, and maybe a common WINS database, is a practical
requirement if you have EXTERNAL trusts (outside the forest.)

Can
someone give me some pointers on troubleshooting this issue. I suppose
once BIND is configured correctly it should work better.

DCDiag. But even though BIND can work, since you have all
Win2000 DCs for DNS you will be better served by using
Microsoft DNS and AD Integration.

This will NOT however fix your likely current problems
directly.

 

[Blaqb0x]

Thanx for the info I'll try that.

Is it possible to skip NETBIOS resolution or at least shorten the timeout
and go to DNS resolution?

I thought WINS was supposed to be phased out soon.

Thanks,

I have a set of 3 windows standard edition servers. All are domain
controllers for a single forest domain. I'm currently using BIND 9.x for
DNS.

The resolution of machines on the domain is very slow in the Network
Places. I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

The first step is to run DCDiag on each DC and fix any
errors or warnings.

Most slow resolution does come down to DNS but note that
Network Places is PRIMARILY dependent on NetBIOS.

If you have more than one subnet this practically means WINS
server. Without that you will be waiting for NetBIOS to fail
before the DNS is used for resolution.

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other domain(access
denied).

"access" is very unspecific but most such cases across domains
are again DNS or NetBIOS problems.

NetBIOS, and maybe a common WINS database, is a practical
requirement if you have EXTERNAL trusts (outside the forest.)

Can
someone give me some pointers on troubleshooting this issue. I suppose
once BIND is configured correctly it should work better.

DCDiag. But even though BIND can work, since you have all
Win2000 DCs for DNS you will be better served by using
Microsoft DNS and AD Integration.

This will NOT however fix your likely current problems
directly.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Hi,

I have a set of 3 windows standard edition servers. All are domain
controllers for a single forest domain. I'm currently using BIND 9.x for
DNS.

The current service records are listed below.
---------------------------------------------------------------
;
; Active Directory Service Records
;
_ldap._tcp.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.foobar.com. SRV 0 0 88 ponzi.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 0 0 88 ponzi.foobar.com.

_ldap._tcp.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.foobar.com. SRV 8 8 88 bluechip.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 8 8 88 bluechip.foobar.com.
---------------------------------------------------------------

The resolution of machines on the domain is very slow in the Network
Places. I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other domain(access
denied). Can
someone give me some pointers on troubleshooting this issue. I suppose
once BIND is configured correctly it should work better.

Any help would be appreciated.

Thanks,

 

[Herb Martin]

Thanx for the info I'll try that.

Is it possible to skip NETBIOS resolution or at least shorten the timeout
and go to DNS resolution?

Generally no, but I am also sure there are some registry
settings to actually do this.

The reason is that Browsing is a NetBIOS problem so even
the DNS resolution for it is technically part of NetBIOS.

Best might be to make these machines into P-node and make
sure they have a VALID WINS server.

Now everything that is registered will get resovled quickly.
Broadcasts will be SKIPPED, and then DNS fail over will
be used.

Oh, and if you just setup you NetBIOS correctly with the
WINS server (which the method above requires) you
won't care because the netbios will be fast anyway.

I thought WINS was supposed to be phased out soon.

That's right. It will be phased out in a future version of
the OS "real soon now." <grin>

But not yet...there are too many dependencies left so it
should really just be made to work.

One of the primary dependencies is browsing.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks,

I have a set of 3 windows standard edition servers. All are domain
controllers for a single forest domain. I'm currently using BIND 9.x
for DNS.

The resolution of machines on the domain is very slow in the Network
Places. I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

The first step is to run DCDiag on each DC and fix any
errors or warnings.

Most slow resolution does come down to DNS but note that
Network Places is PRIMARILY dependent on NetBIOS.

If you have more than one subnet this practically means WINS
server. Without that you will be waiting for NetBIOS to fail
before the DNS is used for resolution.

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other
domain(access denied).

"access" is very unspecific but most such cases across domains
are again DNS or NetBIOS problems.

NetBIOS, and maybe a common WINS database, is a practical
requirement if you have EXTERNAL trusts (outside the forest.)

Can
someone give me some pointers on troubleshooting this issue. I suppose
once BIND is configured correctly it should work better.

DCDiag. But even though BIND can work, since you have all
Win2000 DCs for DNS you will be better served by using
Microsoft DNS and AD Integration.

This will NOT however fix your likely current problems
directly.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Hi,

I have a set of 3 windows standard edition servers. All are domain
controllers for a single forest domain. I'm currently using BIND 9.x
for DNS.

The current service records are listed below.
---------------------------------------------------------------
;
; Active Directory Service Records
;
_ldap._tcp.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.foobar.com. SRV 0 0 88 ponzi.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 0 0 389 ponzi.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 0 0 88 ponzi.foobar.com.

_ldap._tcp.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.foobar.com. SRV 8 8 88 bluechip.foobar.com.
_ldap._tcp.dc._msdcs.foobar.com. SRV 8 8 389 bluechip.foobar.com.
_kerberos._tcp.dc._msdcs.foobar.com. SRV 8 8 88 bluechip.foobar.com.
---------------------------------------------------------------

The resolution of machines on the domain is very slow in the Network
Places. I know the machines have no problems
resolving DNS names. Is there a way of speeding this up?

Also, although there is a verified trust between this domain and another
Win2k domain. I can't seem to access machines on the other
domain(access denied). Can
someone give me some pointers on troubleshooting this issue. I suppose
once BIND is configured correctly it should work better.

Any help would be appreciated.

Thanks,