Slow DNS resolving

[Bjørnar]

Hi,

I have a problem with a DNS server running W2KS SP4 and
Active Directory on a network with about 70, mostly W2kWS, clients.


The problem is that, sometimes, DNS querys take a long time
to resolve. Typically this is browsing through IE, and it
also affects the login procedure -- it will just sit there
with "applying personal settings" for up to several minutes,
and then goes through.

The server eventlog doesn't contain any DNS errors.


If I switch primary DNS to another DNS server in the house,
the problem goes away.


The network is special in that it has separate DHCPs and VLANs,
so there might be an unknown issue there.


Any tips on how to troubleshoot this would be greately appreciated.



Regards...

 

[Phillip Windell]

Is the DNS server that it uses have more than one Nic?

 

[Bjørnar]

Is the DNS server that it uses have more than one Nic?

Yes, it has two. The other is for a backup-robot on a
different net with localhost set up as DNS.

Under "Advanced Settings\Adapters and Bindings" the LAN
interface is set up first in the order list.



Regards...

 

[Phillip Windell]

Try using 127.0.0.1 for DNS on both NICs.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Is the DNS server that it uses have more than one Nic?

Yes, it has two. The other is for a backup-robot on a
different net with localhost set up as DNS.

Under "Advanced Settings\Adapters and Bindings" the LAN
interface is set up first in the order list.



Regards...




--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi,

I have a problem with a DNS server running W2KS SP4 and
Active Directory on a network with about 70, mostly W2kWS, clients.


The problem is that, sometimes, DNS querys take a long time
to resolve. Typically this is browsing through IE, and it
also affects the login procedure -- it will just sit there
with "applying personal settings" for up to several minutes,
and then goes through.

The server eventlog doesn't contain any DNS errors.


If I switch primary DNS to another DNS server in the house,
the problem goes away.


The network is special in that it has separate DHCPs and VLANs,
so there might be an unknown issue there.


Any tips on how to troubleshoot this would be greately appreciated.



Regards...

 

[Bjørnar]

Try using 127.0.0.1 for DNS on both NICs.

Sorry, when I said localhost, I meant 127.0.0.1.


Regards...

 

[Phillip Windell]

Sorry, when I said localhost, I meant 127.0.0.1.

Ok, but is it set to that on both nics?
What machines is actually slow resolving?...browsing from the Server itself
or from other clients?

All clients should have only the DC/DNS server in their network settings. If
there is more than one DC, then each DC/DNS must be listed in the client's
network settings. The client should not have any other non-AD related DNS
listed in their settings. All external naming is done by placing the ISP's
DNS in the Forwarder's List of the AD/DC/DNS Server(s).

 

[Bjørnar]

Ok, but is it set to that on both nics?

I removed it from nic#2 (it has no function as the backup
service depend on IP), but the problem seems to be the same.

What machines is actually slow resolving?...browsing from the Server
itself or from other clients?

The clients, from the server it seems ok.

Problem is, the behaviour is erratic, it affects some clients,
and not all the time. Sometimes a client might only have a couple
of connections problems, while another might experience problems
all day.

All clients should have only the DC/DNS server in their network
settings. If there is more than one DC, then each DC/DNS must be
listed in the client's network settings. The client should not have
any other non-AD related DNS listed in their settings. All external
naming is done by placing the ISP's DNS in the Forwarder's List of the
AD/DC/DNS Server(s).

There is only one DC, and the forwarders are set correctly.
However, on the clients, the 2nd DNS is is am external Linux
DNS which which does not register the LAN PC hostnames.

The strange this is, if we set this to be the primary DNS
everything works like a charm.

As I mentioned, our LAN DHCPs are also Lunix box'es, one for
each VLAN.



Regards...

 

[Phillip Windell]

I removed it from nic#2 (it has no function as the backup
service depend on IP), but the problem seems to be the same.
???

The clients, from the server it seems ok.

Problem is, the behaviour is erratic, it affects some clients,
and not all the time. Sometimes a client might only have a couple
of connections problems, while another might experience problems
all day.

There is only one DC, and the forwarders are set correctly.
However, on the clients, the 2nd DNS is is am external Linux
DNS which which does not register the LAN PC hostnames.

The strange this is, if we set this to be the primary DNS
everything works like a charm.

That's probably because the client's don't work right with AD at all and
just give up quicker.

Client should have only the one DNS server listed in their settings and it
must be the AD/DNS,...they can have more if they are all AD/DNS. Put the
Linux DNS in the AD/DNS as the first "Forwarder" if it is actually required
for something. I don't see why you use Linux for that in an AD system anyway
(DHCP either). With a Linux DHCP, the DHCP Clients may not get entered into
the AD/DNS like they are supposed to. You should be running all DNS, WINS,
and DHCP on Windows Servers where they are configured to work together with
AD. These things are all tied together with AD now and you can't screw
around with things like you could back in the "good ol' days".

 

[Phillip Windell]

the AD/DNS like they are supposed to. You should be running all DNS, WINS,
and DHCP on Windows Servers where they are configured to work together

You can also do all the DHCP with a single DHCP Server with a single nic by
configuring the Routing Device to properly forward DHCP Requests. The DHCP
Server will simply have multiple Scopes (*not* a Superscope) and it will
give the right address out to the right client in the right subnet without
any problem.