Internet slow DNS error?

04/03/2006, 11h53

I have a 2003 Server where the domain has been set up as domain.co.uk and not
domain.local
Recently we changed our Internet access which has caused the following
problems and I wondered if any knew how to corrcet it. I think it is a DNS
error. All client computers are running XP Pro.

All client computers have fixed IP numbers with the gateway being the IP of
the router. The DNS settings on the clients are 1st DNS = IP of the 2003
Server 2nd DNS = IP of the router. I had to do this as it was taking ages for
the computers to log onto the Server (they do not run roaming profiles).

The problem that I have is that Internet access on both clients and the
Server is running very slow as I assume when a web site is requested it is
being checked on the Server as this is the primary DNS and then going to the
router afterwards when the site cannot be found. We do not host our own web
site. We cannot even get to our web site as again the domain is on the server
(.co.uk) but the web site is at our ISP. I have also noticed that there is a
list of cached web sites on the Server where as before there was none.
Nothing extra has been enabled on the Server.

I belive the answer is to do DNS Forwarders but could someone out and
confirm this and possible exactly how to do this.

Any other comments would be greatley appreciated.

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...0-dns/200603/1

04/03/2006, 15h00

matrix via WinServerKB.com wrote:
> I have a 2003 Server where the domain has been set up as domain.co.uk
> and not domain.local
> Recently we changed our Internet access which has caused the following
> problems and I wondered if any knew how to corrcet it. I think it is
> a DNS error. All client computers are running XP Pro.
>
> All client computers have fixed IP numbers with the gateway being the
> IP of the router. The DNS settings on the clients are 1st DNS = IP of
> the 2003 Server 2nd DNS = IP of the router. I had to do this as it
> was taking ages for the computers to log onto the Server (they do not
> run roaming profiles).
>
> The problem that I have is that Internet access on both clients and
> the Server is running very slow as I assume when a web site is
> requested it is being checked on the Server as this is the primary
> DNS and then going to the router afterwards when the site cannot be
> found. We do not host our own web site. We cannot even get to our web
> site as again the domain is on the server (.co.uk) but the web site
> is at our ISP. I have also noticed that there is a list of cached web
> sites on the Server where as before there was none. Nothing extra has
> been enabled on the Server.
>
> I belive the answer is to do DNS Forwarders but could someone
> out and confirm this and possible exactly how to do this.
>
> Any other comments would be greatley appreciated.

You must remove your ISP's DNS server from TCP/IP properties on all
machines.

In an Active Directory environment, all domain members MUST use the DNS
server that supports the Active Directory domain, ONLY. Usually this would
be the IP address of the domain Controller. In fact, the Domain Controller
should be used for DNS until you understand the full ramifications of moving
DNS to another machine.
Only DNS on a Domain Controller can have zones that are integrated with
Active Directory, which increases the security many times over zones on
other DNS server stored in a text file.
That said, you have a problem domain in that it is the same as your public
domain name and it is a third level domain name. Some of the problems can be
worked around, others cannot. Here are some of the problems and the work
around.
Your AD Domain Name, domain.co.uk, MUST resolve only to the Domain
Controller's IP address that have file sharing enabled. This means if you
have a web site at the address, you cannot use http://domain.co.uk to access
the site, you will have to use something like http://www.domain.co.uk to
access the site. There is a work around that works very well by using IIS on
your DC to redirect http://domain.co.uk to http://www.domain.co.uk.
Also, you will have to add a host record named www, to the internal
domain.co.uk zone, with the IP address of the public web site.

The most you should have to do is remove the "." (Root) Forward Lookup zone
from your DNS server for it to resolve internet names, this should
automatically load the Root Hint servers so DNS can resolve internet names.
The only forward zones you should have in your DNS are domain.co.uk and
likely _msdcs.domain.co.uk.

Another, sometimes major problem, is the third level domain name, especially
in the co.uk ccTLD. The DNS Client service will append the primary DNS
suffix and parent suffixes of the primary DNS suffix down to the second
level domain. In other words, if you look at your ipconfig /all your Primary
DNS suffix is domain.co.uk and your DNS suffix search list is domain.co.uk
and co.uk which is appended to all non-Fully qualified queries, ( a DNS
query is not Fully qualified until it has a trailing dot "." after the name
e.g. www.domain.co.uk is not fully qualified, www.domain.co.uk. is fully
qualified.) To stop the behavior of appending co.uk to all non-fully
qualified queries, clear the check box "Append parent suffixes of the
Primary DNS suffix" Which is enabled by default. You can do this in the
group policy here:
Computer Configuration
-Administrative templates
-Network
-DNS client
Primary DNS Suffix devolution- Set to disabled
This policy won't apply to Win2k clients, they have to be manually done at
the client.

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default...825036&sd=RMVP

323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default...323380&sd=RMVP

How to Delegate All Internet Top-Level Domains on an Internal Root DNS
Server: http://support.microsoft.com/default...b;en-us;294906

298148 - HOWTO Remove the Root Zone (Dot Zone):
http://support.microsoft.com/default...b;en-us;298148

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

04/03/2006, 11h53	#1
matrix via WinServerKB.com Messages: n/a Hébergeur:	Internet slow DNS error? I have a 2003 Server where the domain has been set up as domain.co.uk and not domain.local Recently we changed our Internet access which has caused the following problems and I wondered if any knew how to corrcet it. I think it is a DNS error. All client computers are running XP Pro. All client computers have fixed IP numbers with the gateway being the IP of the router. The DNS settings on the clients are 1st DNS = IP of the 2003 Server 2nd DNS = IP of the router. I had to do this as it was taking ages for the computers to log onto the Server (they do not run roaming profiles). The problem that I have is that Internet access on both clients and the Server is running very slow as I assume when a web site is requested it is being checked on the Server as this is the primary DNS and then going to the router afterwards when the site cannot be found. We do not host our own web site. We cannot even get to our web site as again the domain is on the server (.co.uk) but the web site is at our ISP. I have also noticed that there is a list of cached web sites on the Server where as before there was none. Nothing extra has been enabled on the Server. I belive the answer is to do DNS Forwarders but could someone out and confirm this and possible exactly how to do this. Any other comments would be greatley appreciated. -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forum...0-dns/200603/1

04/03/2006, 15h00	#2
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Internet slow DNS error? matrix via WinServerKB.com wrote: > I have a 2003 Server where the domain has been set up as domain.co.uk > and not domain.local > Recently we changed our Internet access which has caused the following > problems and I wondered if any knew how to corrcet it. I think it is > a DNS error. All client computers are running XP Pro. > > All client computers have fixed IP numbers with the gateway being the > IP of the router. The DNS settings on the clients are 1st DNS = IP of > the 2003 Server 2nd DNS = IP of the router. I had to do this as it > was taking ages for the computers to log onto the Server (they do not > run roaming profiles). > > The problem that I have is that Internet access on both clients and > the Server is running very slow as I assume when a web site is > requested it is being checked on the Server as this is the primary > DNS and then going to the router afterwards when the site cannot be > found. We do not host our own web site. We cannot even get to our web > site as again the domain is on the server (.co.uk) but the web site > is at our ISP. I have also noticed that there is a list of cached web > sites on the Server where as before there was none. Nothing extra has > been enabled on the Server. > > I belive the answer is to do DNS Forwarders but could someone > out and confirm this and possible exactly how to do this. > > Any other comments would be greatley appreciated. You must remove your ISP's DNS server from TCP/IP properties on all machines. In an Active Directory environment, all domain members MUST use the DNS server that supports the Active Directory domain, ONLY. Usually this would be the IP address of the domain Controller. In fact, the Domain Controller should be used for DNS until you understand the full ramifications of moving DNS to another machine. Only DNS on a Domain Controller can have zones that are integrated with Active Directory, which increases the security many times over zones on other DNS server stored in a text file. That said, you have a problem domain in that it is the same as your public domain name and it is a third level domain name. Some of the problems can be worked around, others cannot. Here are some of the problems and the work around. Your AD Domain Name, domain.co.uk, MUST resolve only to the Domain Controller's IP address that have file sharing enabled. This means if you have a web site at the address, you cannot use http://domain.co.uk to access the site, you will have to use something like http://www.domain.co.uk to access the site. There is a work around that works very well by using IIS on your DC to redirect http://domain.co.uk to http://www.domain.co.uk. Also, you will have to add a host record named www, to the internal domain.co.uk zone, with the IP address of the public web site. The most you should have to do is remove the "." (Root) Forward Lookup zone from your DNS server for it to resolve internet names, this should automatically load the Root Hint servers so DNS can resolve internet names. The only forward zones you should have in your DNS are domain.co.uk and likely _msdcs.domain.co.uk. Another, sometimes major problem, is the third level domain name, especially in the co.uk ccTLD. The DNS Client service will append the primary DNS suffix and parent suffixes of the primary DNS suffix down to the second level domain. In other words, if you look at your ipconfig /all your Primary DNS suffix is domain.co.uk and your DNS suffix search list is domain.co.uk and co.uk which is appended to all non-Fully qualified queries, ( a DNS query is not Fully qualified until it has a trailing dot "." after the name e.g. www.domain.co.uk is not fully qualified, www.domain.co.uk. is fully qualified.) To stop the behavior of appending co.uk to all non-fully qualified queries, clear the check box "Append parent suffixes of the Primary DNS suffix" Which is enabled by default. You can do this in the group policy here: Computer Configuration -Administrative templates -Network -DNS client Primary DNS Suffix devolution- Set to disabled This policy won't apply to Win2k clients, they have to be manually done at the client. 825036 - Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003 http://support.microsoft.com/default...825036&sd=RMVP 323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003 http://support.microsoft.com/default...323380&sd=RMVP How to Delegate All Internet Top-Level Domains on an Internal Root DNS Server: http://support.microsoft.com/default...b;en-us;294906 298148 - HOWTO Remove the Root Zone (Dot Zone): http://support.microsoft.com/default...b;en-us;298148 -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ https://secure.lsaol.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email