Announcement

Collapse
No announcement yet.

DNS issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS issue

    We have about 150 people in a site. There are 2 DCs, each server DNS.

    Internet requests started getting painfully slow, so I looked more into. Turns out it's DNS resolution that's being very unpredictable. I have the DCs forwarders set to our ISP DNS.

    If I go to the DC and do an "nslookup", I can't get anything to resolve. If I set my client DNS to something public (8.8.8., everything is totally fine, so it's definitely DNS the problem.

    What else can I look for? I can't resolve names on the DC, so no way the client passing requests to the DC will get DNS back. It's not all the time, but probably 8-9 sec for a resolution.

    any ideas?

  • #2
    Re: DNS issue

    clean both the client and server dns cache on the servers

    then, change your forwarders to be openDNS servers, or 8.8.8.8 instead of your isps's servers.

    problem solved, since in all likelihood it's your isp's servers
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: DNS issue

      And report the issue to your ISP.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: DNS issue

        And report the issue to your ISP.

        Originally posted by tehcamel View Post
        8.8.8.8
        Probably worth pointing out that this is one of Google's public DNS servers. Given their tendancies for data harvesting, you may prefer to opt for OpenDNS instead.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: DNS issue

          That's funny because that's exactly what it ended up being and exactly the DNS entries I added after the fact. Good catch!

          Comment


          • #6
            Re: DNS issue

            So it looks like the problems still exists.

            I signed up for OpenDNS and put those as forwarders in our DC.

            Everything worked last night, and now I come in and DNS queries from nslookup are timing out. Even things like Google.

            The odd thing is, if I set my client IP statically and specify the OpenDNS servers as my DNS, everything resolves very quickly.

            So it seems the DC is having trouble resolving....any idea why this might be and what I can check?

            Comment


            • #7
              Re: DNS issue

              Does restarting the DNS Server service fix things, even if only temporary?

              Do the event logs show anything?

              Is the server fully patched?

              What AV and firewall etc do you have running on the server?
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: DNS issue

                I restarted the DNS service and nslookup was definitely much more responsive. I put some things in perfmon and I'm getting a fair number of DNS timeouts (see attached).

                The DNS event log shows this event every couple minutes...

                The DNS server wrote version 136448 of zone XXXXX.com to file XXXXXX.com.dns.

                The server it probably a little out of date, but it's on SP2. There is no AV running on the server and it's fed to a Juniper SSG firewall. Nothing with the firewall has change for months.

                We did add another ISP for the clients, but the servers are still going out the original. However, whenever I add the OpenDNS server as my client server, everything works normally.
                Attached Files

                Comment


                • #9
                  Re: DNS issue

                  Originally posted by frist44 View Post
                  There is no AV running on the server
                  Maybe something to look at sometime soon...
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: DNS issue

                    I'm not sure why that would matter. I don't think it's great practice to be putting AV on everything, especially if you have the right checks in place.

                    Besides, half the stuff out place gets isn't even detected by Symantec, so it doesn't tend to do much good.

                    Comment


                    • #11
                      Re: DNS issue

                      Originally posted by frist44 View Post

                      Besides, half the stuff out place gets isn't even detected by Symantec, so it doesn't tend to do much good.
                      Get a new AV then.

                      Using the actual figure of 50%, that's a sign you need to change something.
                      "To err is human but to really **** things up requires a computer user..."

                      "The path to enlightenment is /user/bin/enlightenment"

                      A+ CE

                      Comment


                      • #12
                        Re: DNS issue

                        Moved to DNS forum where it should be.

                        Comment


                        • #13
                          Re: DNS issue

                          Your DCs are mission critical systems - I would have thought they would be worthy of thorough protection. If they get compromised, then everything else might as well be compromised too, given that they hold the credentials of every domain user.

                          The problems with Symantec/Norton security products are well known. Take a look at independant AV rankings from somewhere such as VirusBulletin and you'll see that there are a number of competing products which are considerably more effective.

                          You're right that antivirus isn't a 'one size fits all' answer to the wide variety of threats faced by a system, but it is widely regarded as being a key part of the overall defence.
                          Gareth Howells

                          BSc (Hons), MBCS, MCP, MCDST, ICCE

                          Any advice is given in good faith and without warranty.

                          Please give reputation points if somebody has helped you.

                          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                          Comment


                          • #14
                            Re: DNS issue

                            This is probably a dumb question (it's a personality trait), but if you have forwarders setup on your DC, isn't it a best practice to disable recursion?

                            In any case, I'd Wireshark it and look at what your DC is doing to the DNS traffic.

                            Comment

                            Working...
                            X