You can check your DNS lookups via nslookup both looking internally and
externally.
You say going to webpage ( is this webpage internal? Or External to the
organization?)
I am assuming that all users are seeing the same thing ( Correct) or is
it localized?
What is the Network Bandwidth out the Internet Router? ( Is the
available Bandwidth Pegged? Which would make everything slow?)
Any issues with dropped packets at the firewall/External Router to the
Internet?
Any issues querying DNS Server upstream of your business like L3
communications at 4.2.2.2 and 4.2.2.1.
Here is an example:
C:\windows\system32>nslookup
Default Server: DNS
Address: Internal_IP
> set d2
> set type=A
> server 4.2.2.1
------------
SendRequest(), len 38
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
1.2.2.4.in-addr.arpa, type = PTR, class = IN
------------
------------
Got answer (73 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional
= 0
QUESTIONS:
1.2.2.4.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.2.2.4.in-addr.arpa
type = PTR, class = IN, dlen = 23
name = vnsc-pri.sys.gtei.net
ttl = 84623 (23 hours 30 mins 23 secs)
------------
Default Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1
> wwww.microsoft.com.
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1
------------
SendRequest(), len 36
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional
= 0
QUESTIONS:
wwww.microsoft.com, type = A, class = IN
------------
------------
Got answer (52 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional
= 0
QUESTIONS:
wwww.microsoft.com, type = A, class = IN
ANSWERS:
-> wwww.microsoft.com
type = A, class = IN, dlen = 4
internet address = 67.215.65.132
ttl = 0 (0 secs)
------------
Non-authoritative answer:
Name: wwww.microsoft.com
Address: 67.215.65.132
You can see I did a fully qualified dns lookup for Microsoft.com ( using
the trailing . so that domain names aren't appended in the lookups)
Came back pretty snappy ( I would defintely put Wireshark on your PC and
try and see the response times, because you might be dealing with a
Layer 1-2 problem at the router/switch/firewall interface or uplink on
the TXX line to your ISP, rather than your DNS Servers.
HTH
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:[email protected]
Cell:401-639-3505
From: Level 5 Lists [mailto:[email protected]]
Sent: Friday, May 27, 2011 12:34 PM
To: NT System Admin Issues
Subject: Slow dns lookups?
I have a client with a t1 and cable as a backup for about 50 users and 9
servers.
The past week their internet became amazingly slow, we pulled opendns
out, we pulled the proxy filter out and still same thing.
Reviewing onsite it seems like when we goto a webpage we get a lot of
website found waiting for reply for several seconds.
I switched gateways between t1 and cable and seemed to have no effect.
You eventually get there, but I cant seem to pinpoint whats causing it.
We tried removing the opendns forwarders, then no forwarders, then some
forwarders to some public DNS servers. Always the same thing.
Internally dns seems fine, no errors, ad replication is functioning okay
etc etc .. Kind of at a loss as to where to look next.
Speedtest/pingtest are showing speeds as expected on both connections,
latency everything there seems pretty normal (16dn/6up on cable, A
rating on pingtest)
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
