slow DNS response time

  • Thread starter Thread starter chrism
  • Start date Start date
C

chrism

We have two AD-integrated DNS zones which are configured with the forwarders
of our ISP. I noticed that there is a definite response time lag whenever
we try to reach
an Internet site.

I removed the forwarders, thus using our Windows 2003 DNS servers to resolve
external names,
and the response time is lightning-fast.

However, I understand that using forwarders is the recommended way to
resolve external names so
I'd like to figure out *why* there is a response time lag and how it can be
solved.

I do not want to use our own Windows DNS servers to resolve external names
because of an
issue with our PIX Firewall which drops oversized UDP packets.

Thanks for any help !

chrism.
 
In
chrism said:
We have two AD-integrated DNS zones which are configured with the
forwarders of our ISP. I noticed that there is a definite response
time lag whenever we try to reach
an Internet site.

I removed the forwarders, thus using our Windows 2003 DNS servers to
resolve external names,
and the response time is lightning-fast.

However, I understand that using forwarders is the recommended way to
resolve external names so
I'd like to figure out *why* there is a response time lag and how it
can be solved.

I do not want to use our own Windows DNS servers to resolve external
names because of an
issue with our PIX Firewall which drops oversized UDP packets.

Thanks for any help !

chrism.
Click to expand...

It maybe the ISP's DNS servers causing the lag time and not yours. Here, try
this as a forwarder, and let us know if it works any better: 4.2.2.2.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
In
chrism said:
We have two AD-integrated DNS zones which are configured
with the forwarders of our ISP. I noticed that there is
a definite response time lag whenever we try to reach
an Internet site.

I removed the forwarders, thus using our Windows 2003 DNS
servers to resolve external names,
and the response time is lightning-fast.
Click to expand...

You should verify that the DNS servers you are forwarding to can do
recursive lookups. Some ISP's, especially the large ones, disable recursion
on the DNS servers they use for Authoritative lookups. These DNS server
cannot be used as forwarders.
 
thanks ace.

I tried 4.2.2.2 and it seems to be about the same or maybe even a little bit
slower.
I am going to try some of MCIs other caching only servers that they told me
about yesterday.
I think the problem may be with their servers.
also thought maybe a firewall issue but then when we use the win2003 DNS
servers to directly
query the root servers it works super fast.

chrism

"Ace Fekay [MVP]"
 
I am using MCIs servers that they use as caching only servers for name
resolution.

chrism
 
In
chrism said:
thanks ace.

I tried 4.2.2.2 and it seems to be about the same or maybe even a
little bit slower.
I am going to try some of MCIs other caching only servers that they
told me about yesterday.
I think the problem may be with their servers.
also thought maybe a firewall issue but then when we use the win2003
DNS servers to directly
query the root servers it works super fast.

chrism
Click to expand...

That's unusual. Its usually the other way around. Are there any errors in
the event logs?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
There are no errors in the DNS event log.

I contacted MCI and they said that their public caching-only servers are
slow and overburdened and that they get *lots* of complaints about that.

They gave me a list of some more servers to try but they are all slow with
an unacceptable response time.

Since clearing the Forwarders from our Win2003 DNS, everything's working
great.

thx,

chrism.



"Ace Fekay [MVP]"
 
In
chrism said:
There are no errors in the DNS event log.

I contacted MCI and they said that their public caching-only servers
are slow and overburdened and that they get *lots* of complaints
about that.

They gave me a list of some more servers to try but they are all slow
with an unacceptable response time.

Since clearing the Forwarders from our Win2003 DNS, everything's
working great.

thx,

chrism.
Click to expand...

Unusual, as I mentioned, that not using a forwarder is quicker. But either
way, glad you're up and running.

Ace
 
Back
Top