Slow DNS lookup

  • Thread starter Thread starter Peter Schou
  • Start date Start date
P

Peter Schou

Hello Experts ...

On uor Win2K we have a DNS problem.

DNS lookups of external domains/addresses are slow. A lookup takes approx 20
sec.

- I have setup two forwarders as specified by my ISP and they are fine.
Tested them with nslookup.
- Root hints are OK

- Have another DNS linux based running on same network. This DNS server uses
same forwarders as Win2K box. If I setup this linux based DNS as forwarder
in Win2K box DNS lookups to Win2K answers 'immediatedly'. However need to
have Win2K system running independently of Linux system.

Any good hints would be much appreciated.

System is Win2K SBS up to date with all service packs.

TIA
Peter.
 
In
Peter Schou said:
Hello Experts ...

On uor Win2K we have a DNS problem.

DNS lookups of external domains/addresses are slow. A
lookup takes approx 20 sec.

- I have setup two forwarders as specified by my ISP and
they are fine. Tested them with nslookup.
- Root hints are OK

- Have another DNS linux based running on same network.
This DNS server uses same forwarders as Win2K box. If I
setup this linux based DNS as forwarder in Win2K box DNS
lookups to Win2K answers 'immediatedly'. However need to
have Win2K system running independently of Linux system.

Any good hints would be much appreciated.

System is Win2K SBS up to date with all service packs.
Click to expand...

This would sound to me like it is a problem with the forwarders you are
using if DNS answers immediately when you use the linux as the forwarder.
Are you seeing any events logged in the DNS log?
What are the ISP's DNS addresses?
 
Thanks for answering Kevin.

I can see your point ... However .... Linux box uses the same forwarders as
the Windows box.

Forwarders in use are:
193.162.153.194
193.239.134.83

Best regards
Peter
 
Damn ......

I had a typo in the primary DNS forwarder.

was 193.162.153.194
should have been 194.162.153.194

Problem gone now.
Thanks for answering Kevin.

Best regards.
Peter
 
In
Peter Schou said:
Damn ......

I had a typo in the primary DNS forwarder.

was 193.162.153.194
should have been 194.162.153.194
Click to expand...

I would like to test the DNS at these addresses, I am unable to make either
a TCP or UDP connection to them on port 53. What is your forwarding timeout
set to on the forwarders tab?
I don't know where you are located can I suggest you try these 4.2.2.1 and
4.2.2.2
 
Well Kevin.

This is getting embarrasing. Apparently I can't even repeat my typo's
without making new ones.

IP that was wrong was : 193.239.134.83
Should have been : 194.239.134.83

So now I'm using :
Primary : 194.239.134.83
Secondary : 193.162.153.164

I'm situated in Denmark. DNS servers has been provided by my ISP.

I will test with IP's suggested by you to morrow when back at work.

I'm so sorry if I have caused you any inconvenience.

--
Best regards.
Peter Schou
B.Sc.DE.
 
In
Peter Schou said:
Well Kevin.

This is getting embarrasing. Apparently I can't even
repeat my typo's without making new ones.

IP that was wrong was : 193.239.134.83
Should have been : 194.239.134.83

So now I'm using :
Primary : 194.239.134.83
Secondary : 193.162.153.164

I'm situated in Denmark. DNS servers has been provided
by my ISP.
Click to expand...

Neither of these servers can be used as a forwarder, they do NOT answer
recursively. What that means if they don't have a zone for the name it will
only answer with a referral. You probably have a pretty long forwarder
timeout that is why it takes so long unless you forward to the Linux.

You should be getting 7063 events in your log.
 
Thanks for your reply Kevin.

I havent found any 7063 events in my log.
Every thing seems to be working OK now. However I will try using the
forwarders you suggested in a previous post.

Sorry I forgot to tell you my forwarder timeout. Its set to 5 sec. Lowering
this value did help, but didn't resolve the problem. Now using 5 sec again.
Is 5 the default value?

Thanks for your patience.

Best regards
Peter
 
In
Peter Schou said:
Thanks for your reply Kevin.

I havent found any 7063 events in my log.
Every thing seems to be working OK now. However I will
try using the forwarders you suggested in a previous post.

Sorry I forgot to tell you my forwarder timeout. Its set
to 5 sec. Lowering this value did help, but didn't
resolve the problem. Now using 5 sec again. Is 5 the
default value?
Click to expand...

5 Sec is default, but you cannot use the DNS servers you posted as
forwarders, a forwarder must do recursive lookups. You would be better
disabling forwarders than using a non-recursive DNS as a forwarder.
Forwarders are not required, DNS is still able to resolve queries buy
getting referrals from the root servers, through root hints.

Below is a query I tried on the DNS servers you are using, notice the rd
flag and the lack of an ra flag. Also notice it only returned a referral to
the gTLD servers and one only returned the gTLD servers by name not even an
IP address.

opcode: Query, status: NOERROR, id: 42
flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

QUESTION SECTION:
lsaol.com. IN ANY

AUTHORITY SECTION:
com. 71555 IN NS i.gtld-servers.net.
com. 71555 IN NS f.gtld-servers.net.
com. 71555 IN NS h.gtld-servers.net.
com. 71555 IN NS d.gtld-servers.net.
com. 71555 IN NS k.gtld-servers.net.
com. 71555 IN NS j.gtld-servers.net.
com. 71555 IN NS a.gtld-servers.net.
com. 71555 IN NS l.gtld-servers.net.
com. 71555 IN NS g.gtld-servers.net.
com. 71555 IN NS e.gtld-servers.net.
com. 71555 IN NS m.gtld-servers.net.
com. 71555 IN NS c.gtld-servers.net.
com. 71555 IN NS b.gtld-servers.net.

ADDITIONAL SECTION:
i.gtld-servers.net. 75826 IN A 192.43.172.30
f.gtld-servers.net. 75826 IN A 192.35.51.30
h.gtld-servers.net. 75826 IN A 192.54.112.30
d.gtld-servers.net. 75826 IN A 192.31.80.30
k.gtld-servers.net. 75826 IN A 192.52.178.30
j.gtld-servers.net. 75826 IN A 192.48.79.30
a.gtld-servers.net. 71430 IN A 192.5.6.30
l.gtld-servers.net. 75826 IN A 192.41.162.30
g.gtld-servers.net. 75826 IN A 192.42.93.30
e.gtld-servers.net. 75826 IN A 192.12.94.30
m.gtld-servers.net. 75826 IN A 192.55.83.30
c.gtld-servers.net. 75826 IN A 192.26.92.30
b.gtld-servers.net. 75826 IN A 192.33.14.30

Query time: 341 ms
Server : 193.162.153.164:53 udp (193.162.153.164)
When : 8/20/2004 7:22:36 AM
Size rcvd : 459

opcode: Query, status: NOERROR, id: 42
flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

QUESTION SECTION:
lsaol.com. IN ANY

AUTHORITY SECTION:
com. 172796 IN NS I.GTLD-SERVERS.NET.
com. 172796 IN NS J.GTLD-SERVERS.NET.
com. 172796 IN NS K.GTLD-SERVERS.NET.
com. 172796 IN NS L.GTLD-SERVERS.NET.
com. 172796 IN NS M.GTLD-SERVERS.NET.
com. 172796 IN NS A.GTLD-SERVERS.NET.
com. 172796 IN NS B.GTLD-SERVERS.NET.
com. 172796 IN NS C.GTLD-SERVERS.NET.
com. 172796 IN NS D.GTLD-SERVERS.NET.
com. 172796 IN NS E.GTLD-SERVERS.NET.
com. 172796 IN NS F.GTLD-SERVERS.NET.
com. 172796 IN NS G.GTLD-SERVERS.NET.
com. 172796 IN NS H.GTLD-SERVERS.NET.

Query time: 200 ms
Server : 194.239.134.83:53 udp (194.239.134.83)
When : 8/20/2004 7:22:52 AM
Size rcvd : 251
 
In
Peter Schou said:
Thanks for your reply Kevin.

I havent found any 7063 events in my log.
Every thing seems to be working OK now. However I will try using the
forwarders you suggested in a previous post.

Sorry I forgot to tell you my forwarder timeout. Its set to 5 sec.
Lowering this value did help, but didn't resolve the problem. Now
using 5 sec again. Is 5 the default value?

Thanks for your patience.

Best regards
Peter
Click to expand...

Hi Peter,

Just wanted to jump in and add that what Kevin is trying to say is that the
addresses you provided do not support being forwarded to, and are timing out
and your system is using it's Root Hints. This is because they have that
ability turned off by the ISP's administrators. Some ISPs do this in order
to squelch other administrators using their systems as forwarders and are
content only DNS servers (their own content) and will not resolve queries
that are not authorative for (meaning that they won't answer for zones other
than the zones that were created in their own DNS servers). Some ISPs just
do that...

In Kevin's test results, the RD bit means "Recursion Desired" and the RA bit
means 'Recursion Available". The tests Kevin performed on those two servers
you provided did not return an RA bit, which unfortunatley means that the
servers do not support being forwarded to.

Try those two addresses that Kevin mentioned as a forwarder, 4.2.2.1 and
4.2.2.2. They support forwarding to and work fine!

Unless the provided servers were typos..... :-)

Hope that helps.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Thanks Ace for taking your time to drop in. Also thanks to Kevin for testing
the servers. Excellent replys I got there.

Sorry I dropped offline for a few days.

I have already disabled forwarders on my server and are now only using
roothints. Every thing seems ok and the system is working fine. I will test
using those addresses Kevin gave me.

-- Thanks --
Peter Schou
B.Sc.DE.


"Ace Fekay [MVP]"
 
In
Peter Schou said:
Thanks Ace for taking your time to drop in. Also thanks to Kevin for
testing the servers. Excellent replys I got there.

Sorry I dropped offline for a few days.

I have already disabled forwarders on my server and are now only using
roothints. Every thing seems ok and the system is working fine. I
will test using those addresses Kevin gave me.

-- Thanks --
Peter Schou
B.Sc.DE.
Click to expand...


Sounds good. Please do keep us informed.
:-)

Ace
 
Back
Top