Slow DNS Resolution, I think is causing slow down problems.
I am having a heck of a time resolving any domain names from my DNS Server. It takes literally 10-20 seconds to resolve via ping. It always resolves, it just takes forever. I am running behind an ISA server on 192.168.2.1 with an external interface of 192.168.0.1 which then goes to a 209.112.x.x address.
I cannot set my dns to anything external due to the ISA server blocking it. Is there any known issues with 2003 Server's DNS? The DNS is just plain slow.
Thanks.
I cannot set my dns to anything external due to the ISA server blocking it. Is there any known issues with 2003 Server's DNS? The DNS is just plain slow.
Thanks.
Comments
-
blargoe Member Posts: 4,174 ■■■■■■■■■□2003 DNS is solid. There is a configuration issue somewhere.
Question #1 (as always )What has changed recently? Is this an ongoing problem or did it just happen?
Are you saying it takes this long when you are logged in directly to the DNS server, or from a PC which uses this server's address as the Primary DNS server?IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
TechJunky Member Posts: 881It happens on a client machine.
I allowed other DNS servers from a client machine and I get the same response. I am thinking its the ISA server because if I am on the outside of the ISA server the internet is fast.
So DNS is not the issue. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□ISA might do automatic reverse lookups for security reasons. I had a Symantec firewall do that. Search the help files on ISA for reverse lookups and see how to disable it. It's a good security practice, but probably overkill in many environments to have it.
I had the same problem - sites taking 20-30 seconds to come up. Disable reverse lookups and BANG they came up fast. The thing is, if a site HAS a ptr record, they come up okay (maybe just a tad bit slow), but if the site has no reverse lookup, ISA won't give up until a long timeout. At that point it displays the site anyway, so in my opinion it's a minimal security gain. The only thing it really protects against is when a site's reverse lookup does not match the A record.All things are possible, only believe. -
TechJunky Member Posts: 881I have no idea what it was... I finally disabled ISA, and it still had the same problem. I then went ahead and changed it so everyone goes through the router and not the server at the problem resolved. I am thinking possibly a bad nic or something?
Right now the server is setup only using 1 NIC instead of 2 and things seem to be snappy. There is just way too many services on one box to determine what the problem is at this point. Once we get the other server in I can try messing with ISA again.