Slow external DNS resolution

  • Thread starter Thread starter Mark Scott
  • Start date Start date
M

Mark Scott

I am having a strange problem with my DNS server at the moment. I can
resolve internally just fine but when I resolve out to the internet then it
takes almost a minute for the name to be resolved and the request to come
back.

I have an AD integrated DNS zone named school.wilts.sch.uk which is also our
internet address. Our connection is a 2mbit broadband link. The ISP has 2
DNS servers which I have placed in the DNS zone as forwarders.

If I add these 2 DNS servers to the external interface of my ISA server the
speeds come up to normal levels.

Is there any way I can acheive normal speeds without putting the DNS servers
on the external interface (a consultant told me that this was a risk and to
only use forwarders)
 
In
Mark Scott said:
I am having a strange problem with my DNS server at the moment. I can
resolve internally just fine but when I resolve out to the internet
then it takes almost a minute for the name to be resolved and the
request to come back.

I have an AD integrated DNS zone named school.wilts.sch.uk which is
also our internet address. Our connection is a 2mbit broadband link.
The ISP has 2 DNS servers which I have placed in the DNS zone as
forwarders.

If I add these 2 DNS servers to the external interface of my ISA
server the speeds come up to normal levels.

Is there any way I can acheive normal speeds without putting the DNS
servers on the external interface (a consultant told me that this was
a risk and to only use forwarders)
Click to expand...

It is a risk and I wouldn't suggest it. Try changing the forwarder you're
using. Try this guy: 4.2.2.2 and see if that helps.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thanks for the tip but I cannot use any other DNS servers apart from the
prescribed ones - I am on a managed internet connection and I am restricted
to their own DNS. what / where is 4.2.2.2?

Can you suggest anything else?

Regards

Mark

"Ace Fekay [MVP]"
 
In
Mark Scott said:
Thanks for the tip but I cannot use any other DNS servers apart from
the prescribed ones - I am on a managed internet connection and I am
restricted to their own DNS. what / where is 4.2.2.2?

Can you suggest anything else?

Regards

Mark
Click to expand...

Hi Mark,

I don;t understand why you cannot use 4.2.2.2 ? It's a well known DNS server
on the Internet. I can provide other ones that are usable for Forwarding.
Some DNS servers have their RA bit turned off, which means it doesn't
respond to a forwarding request. Some are just overburndened, which I
suspect of the one you are using, hence my suggestion to use 4.2.2.2.

I'm not sure about what you mean that you have a "managed" Internet
connection. Does this mean YOU do not have access to your DNS server??
You'll need access to it in order to change the Forwarder. In most cases,
whatever you use as a forwarder, DNS traffic will be allowed to traverse a
firwall, otherwise, how would one get Internet resolution anyway?

Just maybe the slowness is your ISA server. You could use them in the
external interface, but remember, if this is an AD member (the ISA box),
this will be detrimental to AD communication. Even if you have the internal
interface in the top of the binding order (which is HIGHLYrecommended
anyway), it will still revert to using the internal one first. If you are
saying that putting them into your external interface (as per your original
post), then it's telling me the binding order is possibly incorrect. An
ipconfig /all of a W2k server will determine what order they are in, if you
would like to post that.

Try changing the forwarder and see what happens.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I can get onto my DNS server but my internet connection is basically a WAN
which links all schools in SW England to a central server. my "external"
interface is actually sitting on a 10 network which then sits on a 62
network. They have tightened it up so much that I am only allowed to use
their 2 DNS servers as forwarders.

I will try your suggestions anyway and see what happens

"Ace Fekay [MVP]"
 
In
Mark Scott said:
I can get onto my DNS server but my internet connection is basically
a WAN which links all schools in SW England to a central server. my
"external" interface is actually sitting on a 10 network which then
sits on a 62 network. They have tightened it up so much that I am
only allowed to use their 2 DNS servers as forwarders.

I will try your suggestions anyway and see what happens
Click to expand...


Hmm, indeed many schools are very restrictive with their access policies. In
this case, I'm not entirely sure 4.2.2.2 will work. You may have to stick to
their rules. But either way, curious how you make out.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top