Z have you played with NSBench at all? I run it on my desktop. You can customize it to include any dns server. I include my own internal and externals and add a couple of others including 4.2.2.1&2 for comparison.
d From: Ziots, Edward [mailto:[email protected]] Sent: Monday, May 30, 2011 10:16 AM To: NT System Admin Issues Subject: RE: Slow dns lookups? Good deal, I would probably attach a sniffer to that workstation and see if something else wasn't going wrong with it, ( Maybe its hooked, or R00ted and you can't see it, but the network traffic coming out the affected system should give you a clue. Also you can use Fiddler (HTTP debugging Proxy) to help see how the web traffic is flowing from a client prespective, and then do a sideby side comparison with other workstations that are working the way you expect so as to obtain more information to continue your troubleshooting. Sincerely, EZ Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Level 5 Lists [mailto:[email protected]] Sent: Friday, May 27, 2011 2:50 PM To: NT System Admin Issues Subject: RE: Slow dns lookups? It seems to be just workstation related, although we are seeing some ping timeouts to the 4.2.2.2's on the T1, we took off forwarding but that didn't fix it. All the websites are external, could be anything from cnn.com to foxnews.com whatever. They all load a little, hang, load a little, hang, then finish. We are testing a few different things now by having some workstations just use an external dns of the provider. Internally pinging, nslookups , network browsing all is fast and without any issue. From: Ziots, Edward [mailto:[email protected]] Sent: Friday, May 27, 2011 12:55 PM To: NT System Admin Issues Subject: RE: Slow dns lookups? You can check your DNS lookups via nslookup both looking internally and externally. You say going to webpage ( is this webpage internal? Or External to the organization?) I am assuming that all users are seeing the same thing ( Correct) or is it localized? What is the Network Bandwidth out the Internet Router? ( Is the available Bandwidth Pegged? Which would make everything slow?) Any issues with dropped packets at the firewall/External Router to the Internet? Any issues querying DNS Server upstream of your business like L3 communications at 4.2.2.2 and 4.2.2.1. Here is an example: C:\windows\system32>nslookup Default Server: DNS Address: Internal_IP > set d2 > set type=A > server 4.2.2.1 ------------ SendRequest(), len 38 HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: 1.2.2.4.in-addr.arpa, type = PTR, class = IN ------------ ------------ Got answer (73 bytes): HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: 1.2.2.4.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 1.2.2.4.in-addr.arpa type = PTR, class = IN, dlen = 23 name = vnsc-pri.sys.gtei.net ttl = 84623 (23 hours 30 mins 23 secs) ------------ Default Server: vnsc-pri.sys.gtei.net Address: 4.2.2.1 > wwww.microsoft.com. Server: vnsc-pri.sys.gtei.net Address: 4.2.2.1 ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: wwww.microsoft.com, type = A, class = IN ------------ ------------ Got answer (52 bytes): HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: wwww.microsoft.com, type = A, class = IN ANSWERS: -> wwww.microsoft.com type = A, class = IN, dlen = 4 internet address = 67.215.65.132 ttl = 0 (0 secs) ------------ Non-authoritative answer: Name: wwww.microsoft.com Address: 67.215.65.132 You can see I did a fully qualified dns lookup for Microsoft.com ( using the trailing . so that domain names aren't appended in the lookups) Came back pretty snappy ( I would defintely put Wireshark on your PC and try and see the response times, because you might be dealing with a Layer 1-2 problem at the router/switch/firewall interface or uplink on the TXX line to your ISP, rather than your DNS Servers. HTH Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Level 5 Lists [mailto:[email protected]] Sent: Friday, May 27, 2011 12:34 PM To: NT System Admin Issues Subject: Slow dns lookups? I have a client with a t1 and cable as a backup for about 50 users and 9 servers. The past week their internet became amazingly slow, we pulled opendns out, we pulled the proxy filter out and still same thing. Reviewing onsite it seems like when we goto a webpage we get a lot of website found waiting for reply for several seconds. I switched gateways between t1 and cable and seemed to have no effect. You eventually get there, but I cant seem to pinpoint whats causing it. We tried removing the opendns forwarders, then no forwarders, then some forwarders to some public DNS servers. Always the same thing. Internally dns seems fine, no errors, ad replication is functioning okay etc etc .. Kind of at a loss as to where to look next. Speedtest/pingtest are showing speeds as expected on both connections, latency everything there seems pretty normal (16dn/6up on cable, A rating on pingtest) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
