| Author |
Message |
Kevin D. Goodknecht Sr. [
Guest
|
 Posted:
Thu Oct 27, 2005 8:51 pm Post subject:
Re: Router pointing to Windows DNS Server: OK? |
|
|
Rich Roller <rich@*REMOVE-THIS*r2c.com> wrote:
| Quote: | Kevin,
Thanks for checking back.
Actually, I already implemented what you're suggesting on the
customer's network many days ago. Perhaps I didn't make that clear
enough earlier in this thread. Here is the recent setup...
ROUTER (10.11.0.1):
- TCPIP->DNS points statically to ISP only! (Verizon 151.202.0.85,
151.203.0.85)
- DHCP SRVR is now OFF! (DC is now doing that)
DC (10.11.0.21):
- DHCP SRVR is now ON
- DHCP SRVR gives out to client PC's only one DNS server! (itself
10.11.0.21)
- DNS SRVR forwarders: only one! (router/gateway 10.11.0.1)
- TCPIP->DNS points to only one DNS server! (itself 10.11.0.21)
- TCPIP->WINS points to only one WINS server! (itself 10.11.0.21)
After implementing this, there were still big problems. Yesterday
was a disaster. The only trick we have is to reboot the router when
things get bad and that just buys you a short time until it comes
back.
Ironically today has been relatively good... no reboots required yet!
But I am sure it will come back. I can't figure out any pattern or
cause except for suspecting the router not being able to handle a
certain type of traffic. So I'm swapping routers tomorrow (Netgear
FVS318 -> Sonicwall TZ 170).
If that doesn't fix it, the other thing I'm wondering about is the
legacy NT server/domain which is running WINS (non-replicated) and a
TRUST relationship to AD. Can't see why they should cause problems
but who knows... the whole thing is mysterious.
|
Are you getting any errors in the event log?
If you have a Workstation that stays on all the time you could still install
BIND PE with a secondary zone of all zones on the DC. (Forward and reverse)
I've used this solution in a similar scenario.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
 |
Rich Roller
Guest
|
| Posted:
Thu Oct 27, 2005 8:51 pm Post subject:
Re: Router pointing to Windows DNS Server: OK? |
|
|
Kevin,
Thanks for checking back.
Actually, I already implemented what you're suggesting on the customer's
network many days ago. Perhaps I didn't make that clear enough earlier in
this thread. Here is the recent setup...
ROUTER (10.11.0.1):
- TCPIP->DNS points statically to ISP only! (Verizon 151.202.0.85,
151.203.0.85)
- DHCP SRVR is now OFF! (DC is now doing that)
DC (10.11.0.21):
- DHCP SRVR is now ON
- DHCP SRVR gives out to client PC's only one DNS server! (itself
10.11.0.21)
- DNS SRVR forwarders: only one! (router/gateway 10.11.0.1)
- TCPIP->DNS points to only one DNS server! (itself 10.11.0.21)
- TCPIP->WINS points to only one WINS server! (itself 10.11.0.21)
After implementing this, there were still big problems. Yesterday was a
disaster. The only trick we have is to reboot the router when things get
bad and that just buys you a short time until it comes back.
Ironically today has been relatively good... no reboots required yet! But I
am sure it will come back. I can't figure out any pattern or cause except
for suspecting the router not being able to handle a certain type of
traffic. So I'm swapping routers tomorrow (Netgear FVS318 -> Sonicwall TZ
170).
If that doesn't fix it, the other thing I'm wondering about is the legacy NT
server/domain which is running WINS (non-replicated) and a TRUST
relationship to AD. Can't see why they should cause problems but who
knows... the whole thing is mysterious.
-Rich
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OILWHym2FHA.3420@TK2MSFTNGP15.phx.gbl...
| Quote: | Ace Fekay [MVP]
PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
In news:ex9zXuW2FHA.400@TK2MSFTNGP09.phx.gbl,
Rich Roller <rich@*REMOVE-THIS*r2c.com> made this post, which I then
commented about below:
Well guys. I'm sorry to report that my Internet slowdown is back
with a vengeance this morning. So apparently the changes I made 2
nights ago to the DNS/DHCP as per this thread, did not solve that.
As I think I said at the very beginning of this thread, My Internet
problem is intermittent and thus harder to troubleshoot. But I do
now know that the DNS stuff we've been discussing (and which I
implemented) didn't really address it.
Maybe I have problems with my router/gateway device. I will be
focusing on that very closely now. :-(
-Rich
Sad to hear. What namebrand device?
I think the problem hear is the DNS loop Rich set up by forwarding the
Router to the DC and forwarding the DC to the router. He should take the
DC
out of the router, and forward only from the DC to the router. The router
should only forward to the ISP. If he really thinks he needs two DNS
server
I suggest putting BIND PE on a workstation, with a secondary of the AD
domain on it.
This won't help authentication if the DC goes down and everything will be
woefully slow if the DC does go down, but it makes the AD members happy as
for as finding the DC in both DNS servers. Something that will never
happen
if he uses the ISP or router DNS on the client.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Rich Roller
Guest
|
| Posted:
Fri Oct 28, 2005 8:51 am Post subject:
Re: Router pointing to Windows DNS Server: OK? |
|
|
Kevin,
No, the event logs generally are in good shape. But frankly I'll have to
double check them for recent events.
I assume that the configuration I detailed below is exactly what you'd
advise, because that's what I plan to stick with.
I'm swapping routers later today so I should know by Monday or so if the old
router was the problem.
The really weird thing is that the old router was very happy today... never
needed a reboot. Bizarre.
It's now got me thinking maybe there is some PC which is generating traffic
that the router can't handle. And this type of traffic is intermittent. I
have not had the time/budget on this project to do a full-blown netmon.
If the new router doesn't resolve the issue, then I'll certainly going back
to the drawing board for new ideas!
-Rich
p.s. The fault-tolerance issue is unfortunately off the radar for now, if
not forever. :-(
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:O7fYwVz2FHA.632@TK2MSFTNGP10.phx.gbl...
| Quote: | Rich Roller <rich@*REMOVE-THIS*r2c.com> wrote:
Kevin,
Thanks for checking back.
Actually, I already implemented what you're suggesting on the
customer's network many days ago. Perhaps I didn't make that clear
enough earlier in this thread. Here is the recent setup...
ROUTER (10.11.0.1):
- TCPIP->DNS points statically to ISP only! (Verizon 151.202.0.85,
151.203.0.85)
- DHCP SRVR is now OFF! (DC is now doing that)
DC (10.11.0.21):
- DHCP SRVR is now ON
- DHCP SRVR gives out to client PC's only one DNS server! (itself
10.11.0.21)
- DNS SRVR forwarders: only one! (router/gateway 10.11.0.1)
- TCPIP->DNS points to only one DNS server! (itself 10.11.0.21)
- TCPIP->WINS points to only one WINS server! (itself 10.11.0.21)
After implementing this, there were still big problems. Yesterday
was a disaster. The only trick we have is to reboot the router when
things get bad and that just buys you a short time until it comes
back.
Ironically today has been relatively good... no reboots required yet!
But I am sure it will come back. I can't figure out any pattern or
cause except for suspecting the router not being able to handle a
certain type of traffic. So I'm swapping routers tomorrow (Netgear
FVS318 -> Sonicwall TZ 170).
If that doesn't fix it, the other thing I'm wondering about is the
legacy NT server/domain which is running WINS (non-replicated) and a
TRUST relationship to AD. Can't see why they should cause problems
but who knows... the whole thing is mysterious.
Are you getting any errors in the event log?
If you have a Workstation that stays on all the time you could still
install
BIND PE with a secondary zone of all zones on the DC. (Forward and
reverse)
I've used this solution in a similar scenario.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Rich Roller
Guest
|
| Posted:
Wed Nov 02, 2005 5:50 pm Post subject:
Re: Router pointing to Windows DNS Server: OK? |
|
|
I have some very interesting updates!... and a follow-up question at the
end...
1. After installing Sonicwall yesterday, which had better logging/reporting
capabilities, I could see that one laptop seemed to be degrading the
Internet connection speed for everyone.
I have yet to figure out what specifically is running on that laptop to
cause this. So far all I have is a bunch of TCP ports that it's using, most
of which are non-std, non-published, and they seem to mutate. Pinning this
down will be my next step.
2. Equally interesting, I finally isolated the cause of DNS latency. (recall
that my ping requests would always be very slow on the first response, and
sometimes fail to do name resolution at all... same thing happened often in
IE on first time queries)
I moved away from Kevin's prior recommendation to have the Windows DNS
Server have only one forwarder, my router (10.11.0.1). I removed 10.11.0.1
and replaced it with the 2 ISP DNS servers (Verizon 151.202.0.85 &
151.203.0.85).
Immediately I saw dramatic improvement. The pings now resolve the first
time instantly... the way they should!
I then double-confirmed that the problem is when you point DNS to the router
(10.11.0.1). I used another server to do static DNS pointing to 10.11.0.1
and then DNS basically wouldn't resolve at all.
So, I'm left wondering about what is the best practice for setting up
Windows DNS Server forwarders? Originally I had setup 2 ISP forwarders, but
then was advised to change to just 1 local router forwarder. I had bad
results with the latter and would just like to know what if any concerns
there are about doing the former? (pointing to external ISP as forwarders)
-Rich
"Rich Roller" <rich@*REMOVE-THIS*r2c.com> wrote in message
news:upPGwq32FHA.2872@TK2MSFTNGP15.phx.gbl...
| Quote: | Kevin,
No, the event logs generally are in good shape. But frankly I'll have to
double check them for recent events.
I assume that the configuration I detailed below is exactly what you'd
advise, because that's what I plan to stick with.
I'm swapping routers later today so I should know by Monday or so if the
old router was the problem.
The really weird thing is that the old router was very happy today...
never needed a reboot. Bizarre.
It's now got me thinking maybe there is some PC which is generating
traffic that the router can't handle. And this type of traffic is
intermittent. I have not had the time/budget on this project to do a
full-blown netmon.
If the new router doesn't resolve the issue, then I'll certainly going
back to the drawing board for new ideas!
-Rich
p.s. The fault-tolerance issue is unfortunately off the radar for now, if
not forever. :-(
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:O7fYwVz2FHA.632@TK2MSFTNGP10.phx.gbl...
Rich Roller <rich@*REMOVE-THIS*r2c.com> wrote:
Kevin,
Thanks for checking back.
Actually, I already implemented what you're suggesting on the
customer's network many days ago. Perhaps I didn't make that clear
enough earlier in this thread. Here is the recent setup...
ROUTER (10.11.0.1):
- TCPIP->DNS points statically to ISP only! (Verizon 151.202.0.85,
151.203.0.85)
- DHCP SRVR is now OFF! (DC is now doing that)
DC (10.11.0.21):
- DHCP SRVR is now ON
- DHCP SRVR gives out to client PC's only one DNS server! (itself
10.11.0.21)
- DNS SRVR forwarders: only one! (router/gateway 10.11.0.1)
- TCPIP->DNS points to only one DNS server! (itself 10.11.0.21)
- TCPIP->WINS points to only one WINS server! (itself 10.11.0.21)
After implementing this, there were still big problems. Yesterday
was a disaster. The only trick we have is to reboot the router when
things get bad and that just buys you a short time until it comes
back.
Ironically today has been relatively good... no reboots required yet!
But I am sure it will come back. I can't figure out any pattern or
cause except for suspecting the router not being able to handle a
certain type of traffic. So I'm swapping routers tomorrow (Netgear
FVS318 -> Sonicwall TZ 170).
If that doesn't fix it, the other thing I'm wondering about is the
legacy NT server/domain which is running WINS (non-replicated) and a
TRUST relationship to AD. Can't see why they should cause problems
but who knows... the whole thing is mysterious.
Are you getting any errors in the event log?
If you have a Workstation that stays on all the time you could still
install
BIND PE with a secondary zone of all zones on the DC. (Forward and
reverse)
I've used this solution in a similar scenario.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Thu Nov 03, 2005 9:50 am Post subject:
Re: Router pointing to Windows DNS Server: OK? |
|
|
In news:%23W0it%2383FHA.3292@tk2msftngp13.phx.gbl,
Rich Roller <rich@*REMOVE-THIS*r2c.com> made this post, which I then
commented about below:
| Quote: | I have some very interesting updates!... and a follow-up question at
the end...
1. After installing Sonicwall yesterday, which had better
logging/reporting capabilities, I could see that one laptop seemed to
be degrading the Internet connection speed for everyone.
I have yet to figure out what specifically is running on that laptop
to cause this. So far all I have is a bunch of TCP ports that it's
using, most of which are non-std, non-published, and they seem to
mutate. Pinning this down will be my next step.
2. Equally interesting, I finally isolated the cause of DNS latency.
(recall that my ping requests would always be very slow on the first
response, and sometimes fail to do name resolution at all... same
thing happened often in IE on first time queries)
I moved away from Kevin's prior recommendation to have the Windows DNS
Server have only one forwarder, my router (10.11.0.1). I removed
10.11.0.1 and replaced it with the 2 ISP DNS servers (Verizon
151.202.0.85 & 151.203.0.85).
Immediately I saw dramatic improvement. The pings now resolve the
first time instantly... the way they should!
I then double-confirmed that the problem is when you point DNS to the
router (10.11.0.1). I used another server to do static DNS pointing
to 10.11.0.1 and then DNS basically wouldn't resolve at all.
So, I'm left wondering about what is the best practice for setting up
Windows DNS Server forwarders? Originally I had setup 2 ISP
forwarders, but then was advised to change to just 1 local router
forwarder. I had bad results with the latter and would just like to
know what if any concerns there are about doing the former? (pointing
to external ISP as forwarders)
-Rich
|
Actually Rich, I've always advocated forwarding directly to the ISP's to
eliminate the extra resolution hop forwarding to the router. Let the router
do it's job routing, and let DNS do their job.
As for that laptop, I would immediately run an AV scan and an anti-spyware
scan. The Microsoft AntiSpyware tool is a great tool. If it continues, then
I would download fport or TCPview to find out what ports are running and
what app is listening on them.
Ace |
|
| Back to top |
|
|
Ian_m
Joined: 15 Nov 2005
Posts: 2
|
| Posted:
Tue Nov 15, 2005 10:28 am Post subject:
|
|
|
Actually we have a similar situation, Internet access is of first priority, Server2003 access is secondary. We must have Internet access (E-mail, ASP apps and VPN endpoints) regardless of what server is doing.
We have a Vigor 2900 router (on 192.168.0.1) acting as DHCP server handing out addresses (192.168.0.10 and above). It hands out DNS entries to clients of 192.168.0.2 (our server), secondary of 192.168.0.1 (router) and gateway of 192.168.0.1 (router).
The server is at 192.168.0.2 with its network card DNS pointing to 192.168.0.2. There is one DNS forwarder to 192.168.0.1 (router).
The setup works fine, server has Internet access, clients all have Internet access, everybody is happy. Server goes down, people can't access files etc, but Internet and VPN all still active and people 1/2 happy.
Note that not all routers are as configurable as the Vigor, especially in the flexibility of its LAN side configuration allowing you to specify DHCP DNS entries, non-router gateway addresses etc. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
