Slow internal DNS-lookup

  • Thread starter Thread starter Jon L
  • Start date Start date
J

Jon L

Hi all!

In my company's network we have WindowsXP clients and 2 Windows 2003 Domain
Controllers both acting as DNS-Servers. I have configured AD-integrated
zones and they are set up to forward external DNS-lookups to our ISP's
dns-servers.
We have also set up Wins-servers on both DC's.

The clients get their IP-adresses and DNS-servers by DHCP-server.

We are running a loginscript with mappings to both servers. When mapping a
drive to a share, there is a delay for about 5 sec before the mapping
actually is done. It seems to me that this happens the every first time
accessing a share on a server. If i try to make a mapping by the IP-address
the delay is not there.

Does anyone have any suggestions for me?

Jon L
 
In
Jon L said:
Hi all!

In my company's network we have WindowsXP clients and 2
Windows 2003 Domain Controllers both acting as
DNS-Servers. I have configured AD-integrated zones and
they are set up to forward external DNS-lookups to our
ISP's dns-servers.
We have also set up Wins-servers on both DC's.

The clients get their IP-adresses and DNS-servers by
DHCP-server.

We are running a loginscript with mappings to both
servers. When mapping a drive to a share, there is a
delay for about 5 sec before the mapping actually is
done. It seems to me that this happens the every first
time accessing a share on a server. If i try to make a
mapping by the IP-address the delay is not there.

Does anyone have any suggestions for me?

Jon L
Click to expand...

Is there a delay if you map to the FQDN? \\server.domain.com\share ?

What names are in the DNS suffix search list in the ipconfig /all?
 
Hi Kevin.
Thanks for your reply!

Yes, there is still a delay when using FQDN in my login script... Also when
i map my drives with FQDN or IP-adresses, Windows XP (SP2) displays a
security warning when i try to run a program from the shares.

In the DNS-suffix searchlist i have two identical listings: "mycompany.com".

Jon.
 
In
Jon L said:
Hi Kevin.
Thanks for your reply!

Yes, there is still a delay when using FQDN in my login
script... Also when i map my drives with FQDN or
IP-adresses, Windows XP (SP2) displays a security warning
when i try to run a program from the shares.

In the DNS-suffix searchlist i have two identical
listings: "mycompany.com".
Click to expand...

One more thing to try, add a trailing "." after the domain name in the
mapping to the FQDN like this: server.mycompany.com.\share
This will stop the DNS client from appending the names in the DNS suffix
search list.

Also make sure the only DNS server listed in TCP/IP properties is the
_local_ DNS servers' address. Never use an ISP's or any other DNS server
that does not support the local domain.
IOW, all DNS servers in the DNS server list must have a zone for the local
domain. This is not an option, if you have your ISP's DNS in TCP/IP
properties, your ISP's DNS will be searched for records that do not exist
because they only exist in the local DNS server.
 
Jon L said:
Hi all!

In my company's network we have WindowsXP clients and 2 Windows 2003 Domain
Controllers both acting as DNS-Servers. I have configured AD-integrated
zones and they are set up to forward external DNS-lookups to our ISP's
dns-servers.
We have also set up Wins-servers on both DC's.

The clients get their IP-adresses and DNS-servers by DHCP-server.

We are running a loginscript with mappings to both servers. When mapping a
drive to a share, there is a delay for about 5 sec before the mapping
actually is done. It seems to me that this happens the every first time
accessing a share on a server. If i try to make a mapping by the IP-address
the delay is not there.

Does anyone have any suggestions for me?
Click to expand...

Tell us about the following:

1) Number of subnets
2) (If more than one) WINS servers present?
3) If WINS servers present, do you have ALL of the machines,
including 'servers' as WINS Clients?
4) Are ALL of the INTERNAL machines using the INTERNAL
DNS SOLELY on their NIC->IP properties for DNS server?
(i.e., don't mix internal/external)?
5) SERVERS are DNS clients as per #4 also, are all of these
DNS clients of solely the internal DNS Server?
6) How many internal zones/domains do you have?
7) If more than one (#6) then how is each DNS server able to
resolve all zones?

What happens if you don't run the script but try the "net use"
command directly from the command line?

What happens when you try EACH of the clients DNS server
using NSLookup explicitly?

First get the list:
Ipconfig /all

Then try:

nslookup server.domain.com IP.of.Dns.Server

Is there a difference?
 
Herb Martin said:
Tell us about the following:
Click to expand...
Hi Herb!
heres a few "facts"
1) Number of subnets 1 subnet
2) (If more than one) WINS servers present? WINS servers are present
3) If WINS servers present, do you have ALL of the machines,
including 'servers' as WINS Clients? YES
4) Are ALL of the INTERNAL machines using the INTERNAL
DNS SOLELY on their NIC->IP properties for DNS server?
(i.e., don't mix internal/external)?
Click to expand...
YES no clients use ISP DNS-Servers
5) SERVERS are DNS clients as per #4 also, are all of these
DNS clients of solely the internal DNS Server?
6) How many internal zones/domains do you have? Only one zone, one domain
7) If more than one (#6) then how is each DNS server able to
resolve all zones?

What happens if you don't run the script but try the "net use"
command directly from the command line? I Get the same delay

What happens when you try EACH of the clients DNS server
using NSLookup explicitly?

First get the list:
Ipconfig /all

Then try:

nslookup server.domain.com IP.of.Dns.Server

Is there a difference?
Click to expand...
NO, They seem to give me a quick answer for any request's both servers.

Jon.
 
Kevin D. Goodknecht Sr. said:
In

One more thing to try, add a trailing "." after the domain name in the
mapping to the FQDN like this: server.mycompany.com.\share
This will stop the DNS client from appending the names in the DNS suffix
search list.
Click to expand...

Same slow mapping
Also make sure the only DNS server listed in TCP/IP properties is the
_local_ DNS servers' address. Never use an ISP's or any other DNS server
that does not support the local domain.
IOW, all DNS servers in the DNS server list must have a zone for the local
domain. This is not an option, if you have your ISP's DNS in TCP/IP
properties, your ISP's DNS will be searched for records that do not exist
because they only exist in the local DNS server.
Click to expand...
We only use internal DNS-servers on our clients.

When i use NSLOOKUP the servers answer fast, the delay is only when i try to
access a share.

Jon.
 
Jon L said:
Hi Herb!
heres a few "facts"

WINS servers are present
Click to expand...

Ok, if they are present -- they aren't absolutely needed
for one subnet -- then they can SLOW things down if
not all of the servers are registered.

The clients that do use the WINS server will always have
to look at the WINS servers first before trying other methods
for NetBIOS resolution (or even to assist if DNS fails.)
YES
Click to expand...

Well, that destroys the Servers not WINS clients theory.
YES no clients use ISP DNS-Servers
Click to expand...

Or firewall/gateway (unless it holds you internal zone which is
generally not the best design.)

Like WINS, all servers must be DNS clients too.
I Get the same delay
Click to expand...

Is your machine/user really authenticated on the network?
(I don't think this is the answer but something is weird.)
NO, They seem to give me a quick answer for any request's both servers.
Click to expand...

Ok, quick answers pretty much eliminate the DNS server as being
the source of the problem.
 
Herb Martin said:
Ok, if they are present -- they aren't absolutely needed
for one subnet -- then they can SLOW things down if
not all of the servers are registered.

The clients that do use the WINS server will always have
to look at the WINS servers first before trying other methods
for NetBIOS resolution (or even to assist if DNS fails.)


Well, that destroys the Servers not WINS clients theory.



Or firewall/gateway (unless it holds you internal zone which is
generally not the best design.)


Like WINS, all servers must be DNS clients too.
Click to expand...

Yes, all servers are DNS clients...
Is your machine/user really authenticated on the network?
(I don't think this is the answer but something is weird.)
Click to expand...

Yes they are:-)
 
It seems that the problem is WinXP related... I ran the logonscript on the
server (Both servers) and it executed very fast.... I also tried to
configure my XP client with static IP, DNS, Wins... Exact the same way as my
servers are configured but my logon script from the XP client is stil very
slow.

Jon
 
Jon L said:
It seems that the problem is WinXP related... I ran the logonscript on the
server (Both servers) and it executed very fast.... I also tried to
configure my XP client with static IP, DNS, Wins... Exact the same way as my
servers are configured but my logon script from the XP client is stil very
slow.
Click to expand...

It isn't likely the DNS (directly).

You have proven the DNS answers quickly.

It really sounds like your are FAILING name
resolution, failing over to another method, etc.,
until finally one works.

What happens when you issue those same commands
locally from the command line -- same machine,
logged on as same-user (or test user with same privileges
etc.)

Can you isolate a particular statement in the Script
that is slow?

Based on something like this:
@echo %date% %time COMMAND TO EXECUTE >> logonscript.txt
 
Herb Martin said:
It isn't likely the DNS (directly).

You have proven the DNS answers quickly.

It really sounds like your are FAILING name
resolution, failing over to another method, etc.,
until finally one works.

What happens when you issue those same commands
locally from the command line -- same machine,
logged on as same-user (or test user with same privileges
etc.)
Click to expand...

It is the NET USE command that is slow and when i run the command like "net
use k: \\MyServer\share it takes up to 10 sec. until the command has
completed
Can you isolate a particular statement in the Script
that is slow?

Based on something like this:
@echo %date% %time COMMAND TO EXECUTE >> logonscript.txt
Click to expand...
Heres the lines that causes the delay:

@echo off
net use W: \\myFirstserver\scenario
net use S: \\mySecondserver\install
 
Jon L said:
It is the NET USE command that is slow and when i run the command like "net
use k: \\MyServer\share it takes up to 10 sec. until the command has
completed
Click to expand...

And although you have proven the DNS to work
quickly such problems usually are NAME resolution
related.

On NT 4(and lower) such a name would likely
be resolved using NetBIOS so DNS would not
get checked until other methods failed.

What happens if you use the same commands
with IP addresses (just as a test)?

net use k: \\IP.Ad.dress.Server\share

It can also be authentication.

What happens if you issue one of those, then follow
it with another Net Use of a DIFFERENT share on
the same box?
 
Back
Top