I am getting bad / unreliable DNS performance of the DNS server running on my domain controller. It's for external domains. This results (among other things) in a very bad browsing experience both on the server and on the clients.
To isolate the problem down to DNS only I resolved domains using nslookup, which gives the following result for each new domain I try:
> pb.nl
Server: localhost
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
*** Request to localhost timed-out
A subsequent second attempt in the same session in most cases does work:
> pb.nl
Server: localhost
Address: 127.0.0.1
Non-authorative answer:
Name: pb.nl
Address: 95.211.59.50
When I try to resolve with a the Google DNS server directly (the first forwarder configured) using 'nslookup – 8.8.8.8' it instantly resolves every domain. Also when I configure 8.8.8.8 as the DNS server for a client it works as expected (quick).
From hours of searching and trial and error I got the following solutions, none of them worked (and reverted each step after I tried without succes):
-
Change the forwarders to other DNS servers than 8.8.8.8, 208.67.222.222 and 4.2.2.1, didn't work and also the fact that 'nslookup – 8.8.8.8' worked quickly and that was the first forwarder rules out that the forwarders were wrongly configured
-
I disabled EDNS with: 'dnscmd /config /enableednsprobes 0' but this also should not be relevant for our situation where we only use the internal Windows Firewall and have tried behind 2 different routers on 2 different internet connections.
-
I removed the primary DNS name on the IP6 properties of the NIC and set to automatically
-
I disabled IP6 on the NIC
-
Added the MaxCAcheTtl record (http://blogs.technet.com/b/sbs/archive/2009/01/29/cannot-resolve-names-in-certain-top-level-domains-like-co-uk.aspx)
Any help on this would be greatly appericiated.
For diagnosis / additional information:
When I use Wireshark I see that on the first request the correct IP is received and on the second request it retrieves it from the cache of the windows DNS server.
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Atreyu
Primary Dns Suffix . . . . . . . : AMteam.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : AMteam.local
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-69-5A-4D-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-25-B3-A1-15-80
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::58d4:bed7:1ced:b827%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.57.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.57.1
DHCPv6 IAID . . . . . . . . . . . : 385885619
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-AD-B4-23-00-25-B3-A1-15-81
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A590BBD1-B0A8-4DB6-9A59-8A210FCE2964}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{695A4DF1-6C55-4717-942D-0BD5BA32DD27}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
nslookup 192.168.57.51 (server it self)
*** localhost can't find 192.168.57.51: Non existent domain
Best Answer
The issue has been resolved. The server has 2 network ports which worked together as a 'Teamed' connection. Once we disabled the teaming and one of the NICs all worked like a charm.