Herb Martin
Guest
|
 Posted:
Wed Jan 12, 2005 12:51 am Post subject:
Re: Poor Performance |
|
|
"Aaron" <Aaron@discussions.microsoft.com> wrote in message
news:8FF688E0-865A-4FC7-904A-AC4341004D62@microsoft.com...
| Quote: | I am running 2003 AD integrated w/DNS. I am using forwarders for external
DNS lookup. Recently clients have been timing out when accessing
websites. |
There are some ideas below but you should also
show the exact change of forwards your clients
use...??
| Quote: | They have to try and access the site a second for success. This doesn't
happen everytime but it does happen. Also, once the site is access
everything seems to work without problem for the current session with that
site.
|
You have pretty much confirmed that something
in the DNS chain is slow, so that it gets into cache
on the first request BUT after the client (application)
has given up waiting.
| Quote: | I'm not using Reverse lookup since I'm using ISP's DNS server for external
lookup.
|
What does this have to do with the timeouts?
| Quote: | I have cleared the name server cache,
|
That is going to INCREASE the chances of a
timeout -- and might be useful during problem
resolution to try to force the problem scenario
(i.e., clearing server and client caches before
testing in an attempt to force a full authoritative
lookup through all forwarders.)
| Quote: | checked the router and
firewall logs to ensure a client didn't have a chatty NIC. At this point
i'm
not sure what to do next.
Should I create a reverse lookup zone?
|
Not unless you wish to lookup IPs but that doesn't
seem to have anything to do with your problem.
| Quote: | What about getting different DNS
servers from my ISP?
|
Let's first figure out what you have now before
you move the problem around or hide it.
Show the exact change of forwards your clients
use...??
Clients must ONLY use the Internal DNS servers,
the internal DNS servers should forward as
directly as possible (e.g., try to avoid internal
Forwarder to internal Forwarder unless this is
really the way your WANS are laid out.)
The Internal DNS servers can forward to your
Firewall (caching only) DNS server or directly
to the ISP.
They can use MULTIPLE DNS servers so that
if one is down or slow the other(s) may answer
faster -- the ISP usually has a least two.
Your Firewall DNS server (if you have one) can
also skip the Forwarder and do the physically
recursion itself -- but this is a poor choice IF
your ISP DNS is reliable AND if you WAN
line to the ISP is relatively slow.
| Quote: | Any help will by greatly appreciated. By the way no
one internally can get to yahoo.com. We have to type the ip address.
|
We can also try testing (with a lot of cache clearing),
with tools like NSLookup, or a replacement like Dig,
against EACH server in the chain explicitly -- then
figure out who if any specific DNS server is slow.
--
Herb Martin
| Quote: |
Thanks again,
Aaron |
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in