Internet slow DNS error?

[matrix via WinServerKB.com]

I have a 2003 Server where the domain has been set up as domain.co.uk and not
domain.local
Recently we changed our Internet access which has caused the following
problems and I wondered if any knew how to corrcet it. I think it is a DNS
error. All client computers are running XP Pro.

All client computers have fixed IP numbers with the gateway being the IP of
the router. The DNS settings on the clients are 1st DNS = IP of the 2003
Server 2nd DNS = IP of the router. I had to do this as it was taking ages for
the computers to log onto the Server (they do not run roaming profiles).

The problem that I have is that Internet access on both clients and the
Server is running very slow as I assume when a web site is requested it is
being checked on the Server as this is the primary DNS and then going to the
router afterwards when the site cannot be found. We do not host our own web
site. We cannot even get to our web site as again the domain is on the server
(.co.uk) but the web site is at our ISP. I have also noticed that there is a
list of cached web sites on the Server where as before there was none.
Nothing extra has been enabled on the Server.

I belive the answer is to do DNS Forwarders but could someone help out and
confirm this and possible exactly how to do this.

Any other comments would be greatley appreciated.

 

[Kevin D. Goodknecht Sr. [MVP]]

I have a 2003 Server where the domain has been set up as domain.co.uk
and not domain.local
Recently we changed our Internet access which has caused the following
problems and I wondered if any knew how to corrcet it. I think it is
a DNS error. All client computers are running XP Pro.

All client computers have fixed IP numbers with the gateway being the
IP of the router. The DNS settings on the clients are 1st DNS = IP of
the 2003 Server 2nd DNS = IP of the router. I had to do this as it
was taking ages for the computers to log onto the Server (they do not
run roaming profiles).

The problem that I have is that Internet access on both clients and
the Server is running very slow as I assume when a web site is
requested it is being checked on the Server as this is the primary
DNS and then going to the router afterwards when the site cannot be
found. We do not host our own web site. We cannot even get to our web
site as again the domain is on the server (.co.uk) but the web site
is at our ISP. I have also noticed that there is a list of cached web
sites on the Server where as before there was none. Nothing extra has
been enabled on the Server.

I belive the answer is to do DNS Forwarders but could someone help
out and confirm this and possible exactly how to do this.

Any other comments would be greatley appreciated.

You must remove your ISP's DNS server from TCP/IP properties on all
machines.

In an Active Directory environment, all domain members MUST use the DNS
server that supports the Active Directory domain, ONLY. Usually this would
be the IP address of the domain Controller. In fact, the Domain Controller
should be used for DNS until you understand the full ramifications of moving
DNS to another machine.
Only DNS on a Domain Controller can have zones that are integrated with
Active Directory, which increases the security many times over zones on
other DNS server stored in a text file.
That said, you have a problem domain in that it is the same as your public
domain name and it is a third level domain name. Some of the problems can be
worked around, others cannot. Here are some of the problems and the work
around.
Your AD Domain Name, domain.co.uk, MUST resolve only to the Domain
Controller's IP address that have file sharing enabled. This means if you
have a web site at the address, you cannot use http://domain.co.uk to access
the site, you will have to use something like http://www.domain.co.uk to
access the site. There is a work around that works very well by using IIS on
your DC to redirect http://domain.co.uk to http://www.domain.co.uk.
Also, you will have to add a host record named www, to the internal
domain.co.uk zone, with the IP address of the public web site.

The most you should have to do is remove the "." (Root) Forward Lookup zone
from your DNS server for it to resolve internet names, this should
automatically load the Root Hint servers so DNS can resolve internet names.
The only forward zones you should have in your DNS are domain.co.uk and
likely _msdcs.domain.co.uk.

Another, sometimes major problem, is the third level domain name, especially
in the co.uk ccTLD. The DNS Client service will append the primary DNS
suffix and parent suffixes of the primary DNS suffix down to the second
level domain. In other words, if you look at your ipconfig /all your Primary
DNS suffix is domain.co.uk and your DNS suffix search list is domain.co.uk
and co.uk which is appended to all non-Fully qualified queries, ( a DNS
query is not Fully qualified until it has a trailing dot "." after the name
e.g. www.domain.co.uk is not fully qualified, www.domain.co.uk. is fully
qualified.) To stop the behavior of appending co.uk to all non-fully
qualified queries, clear the check box "Append parent suffixes of the
Primary DNS suffix" Which is enabled by default. You can do this in the
group policy here:
Computer Configuration
-Administrative templates
-Network
-DNS client
Primary DNS Suffix devolution- Set to disabled
This policy won't apply to Win2k clients, they have to be manually done at
the client.

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;323380&sd=RMVP

How to Delegate All Internet Top-Level Domains on an Internal Root DNS
Server: http://support.microsoft.com/default.aspx?scid=kb;en-us;294906

298148 - HOWTO Remove the Root Zone (Dot Zone):
http://support.microsoft.com/default.aspx?scid=kb;en-us;298148