2

I have a microsoft DNS server for a local domain, running Windows server 2016STD. This computer is also a domain controller. It's configured to forward to fast public DNS servers.

From any computer in the network, directly configuring these same public DNS servers locally results in fast responses to DNS queries, both on the servers and clients in the local network. However, using the local server makes DNS requests take so long they frequently time out (20 seconds plus is not uncommon), on both the servers and the clients.

The time seems independent of caching; i.e. a cached site still takes a long time to load. Testing confirmed this by performing dns lookups and then clearing the local dns cache on a client machine running Windows 10 by using 

nslookup 
> www.google.com 
> quit
ipconfig /flushdns
nslookup 
> www.google.com 
> quit

Output is (in both cases): 

Server:  <myserver>.<mydomain>
Address:  192.168.1.7
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to <myserver>.<mydomain> timed-out

Even the machine itself (e.g. asking the dns server to resolve itself) will take a long time.

Most commandline diagnostic tools are not helping -- as they do DNS requests -- which obviously fail. Task manager does not indicate any severe resource usage; CPU is near 0% and memory usage is low. Any ideas as to the potential cause? Bugs in the dns server software or settings combination(s) that can lead to this?

Using GRC´s [DNS benchmarking tool][1]. 

192.168.  1.  7 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
+ Uncached Name | 0.008 | 1.065 | 6.349 | 2.240 |  77.6 |
+ DotCom Lookup | 0.013 | 0.352 | 5.952 | 1.354 |  94.7 |

I get some results that appear to be better than the user experience. However, noting the only 77.6% reliability it's likely regularly used website queries (e.g. WHOIS google.com) are (mostly) part of the 22.4% of tested addresses.

To check that this is not a network connectivity issue, I cross-referenced with logs on the DNS server. It appears the server is receiving the requests, but not answering until much later. An example log file of all the entries associated with one request for a website (e.g. typing it in the browser bar on one of the clients) is:

DNS Server log file creation at 1/27/2017 3:03:03 PM
Log file wrap at 1/27/2017 3:03:03 PM

Message logging key (for packets - other items use a subset of these fields):
    Field #  Information         Values
    -------  -----------         ------
       1     Date
       2     Time
       3     Thread ID
       4     Context
       5     Internal packet identifier
       6     UDP/TCP indicator
       7     Send/Receive indicator
       8     Remote IP
       9     Xid (hex)
      10     Query/Response      R = Response
                                 blank = Query
      11     Opcode              Q = Standard Query
                                 N = Notify
                                 U = Update
                                 ? = Unknown
      12     [ Flags (hex)
      13     Flags (char codes)  A = Authoritative Answer
                                 T = Truncated Response
                                 D = Recursion Desired
                                 R = Recursion Available
      14     ResponseCode ]
      15     Question Type
      16     Question Name

1/27/2017 3:03:03 PM 4F0C PACKET  0000025F7C1C6D10 UDP Rcv 192.168.1.55    b36c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:04 PM 4F0C PACKET  0000025F74BD10C0 UDP Rcv 192.168.1.55    68ef   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:04 PM 4F0C PACKET  0000025F0C61B910 UDP Rcv 192.168.1.55    b36c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:05 PM 21CC PACKET  0000025F7DE7AC80 UDP Rcv 192.168.1.55    68ef   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:06 PM 21CC PACKET  0000025F0A4E74E0 UDP Rcv 192.168.1.55    b36c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:07 PM 21CC PACKET  0000025F068FBCD0 UDP Rcv 192.168.1.55    68ef   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:09 PM 4F0C PACKET  0000025F7E99E9E0 UDP Snd 192.168.1.55    68ef R Q [8081   DR  NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:10 PM 21CC PACKET  0000025F2C106520 UDP Rcv 192.168.1.55    b36c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 21CC PACKET  0000025F071F99A0 UDP Rcv 192.168.1.55    7d62   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 46AC PACKET  0000025F0A0F6070 UDP Snd 192.168.1.55    7d62 R Q [8081   DR  NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:15 PM 46AC PACKET  0000025F0A0F6070 UDP Snd 192.168.1.55    b36c R Q [8081   DR  NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:20 PM 21CC PACKET  0000025F0E3614F0 UDP Rcv 192.168.1.55    b82c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:21 PM 21CC PACKET  0000025F02AB6080 UDP Rcv 192.168.1.55    b82c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:22 PM 21CC PACKET  0000025F7C1C6D10 UDP Rcv 192.168.1.55    b82c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:24 PM 21CC PACKET  0000025F0AD0BDD0 UDP Rcv 192.168.1.55    b82c   Q [0001   D   NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:26 PM 21CC PACKET  0000025F0E3614F0 UDP Snd 192.168.1.55    b82c R Q [8081   DR  NOERROR] A      (3)www(2)nu(2)nl(0)
1/27/2017 3:03:27 PM 21CC PACKET  0000025F74BD10C0 UDP Rcv 192.168.1.55    4855   Q [0001   D   NOERROR] A      (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:28 PM 21CC PACKET  0000025F002419A0 UDP Rcv 192.168.1.55    c0f3   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:28 PM 21CC PACKET  0000025F027C4960 UDP Rcv 192.168.1.55    4855   Q [0001   D   NOERROR] A      (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:29 PM 21CC PACKET  0000025F0A0F6070 UDP Rcv 192.168.1.55    c0f3   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:29 PM 21CC PACKET  0000025F7E01CD00 UDP Rcv 192.168.1.55    4855   Q [0001   D   NOERROR] A      (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:30 PM 21CC PACKET  0000025F7ACFD890 UDP Rcv 192.168.1.55    c0f3   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:31 PM 21CC PACKET  0000025F7C1C6D10 UDP Rcv 192.168.1.55    4855   Q [0001   D   NOERROR] A      (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 21CC PACKET  0000025F0E4ED4F0 UDP Rcv 192.168.1.55    c0f3   Q [0001   D   NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 21CC PACKET  0000025F002419A0 UDP Snd 192.168.1.55    c0f3 R Q [8081   DR  NOERROR] A      (5)media(2)nu(2)nl(0)
1/27/2017 3:03:32 PM 4F0C PACKET  0000025F74BD10C0 UDP Snd 192.168.1.55    4855 R Q [8081   DR  NOERROR] A      (7)privacy(2)nu(2)nl(0)
1/27/2017 3:03:33 PM 4F0C PACKET  0000025F0A0F6070 UDP Rcv 192.168.1.55    e0f1   Q [0001   D   NOERROR] A      (3)www(6)nuwerk(2)nl(0)
1/27/2017 3:03:33 PM 4F0C PACKET  0000025F71CCE520 UDP Rcv 192.168.1.55    417b   Q [0001   D   NOERROR] A      (7)meedoen(2)nu(2)nl(0)
1/27/2017 3:03:34 PM 4F0C PACKET  0000025F76483550 UDP Rcv 192.168.1.55    e0f1   Q [0001   D   NOERROR] A      (3)www(6)nuwerk(2)nl(0)
1/27/2017 3:03:34 PM 4F0C PACKET  0000025F0967A180 UDP Rcv 192.168.1.55    417b   Q [0001   D   NOERROR] A      (7)meedoen(2)nu(2)nl(0)
1/27/2017 3:03:35 PM 4F0C PACKET  0000025F7DE7AC80 UDP Rcv 192.168.1.55    e0f1   Q [0001   D   NOERROR] A      (3)www(6)nuwerk(2)nl(0)
Meijer
  • 29
  • 5
  • Given the question is over a year old, I assume you've solved the issue by now? Could you provide an answer yourself? Either way, the question is too vague. I would say we need more details regarding the configuration of your servers to help out. – Tommiie Oct 02 '18 at 13:34

0 Answers0