It seems to be just workstation related, although we are seeing some ping timeouts to the 4.2.2.2's on the T1, we took off forwarding but that didn't fix it. All the websites are external, could be anything from cnn.com to foxnews.com whatever. They all load a little, hang, load a little, hang, then finish.
We are testing a few different things now by having some workstations just use an external dns of the provider. Internally pinging, nslookups , network browsing all is fast and without any issue. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, May 27, 2011 12:55 PM To: NT System Admin Issues Subject: RE: Slow dns lookups? You can check your DNS lookups via nslookup both looking internally and externally. You say going to webpage ( is this webpage internal? Or External to the organization?) I am assuming that all users are seeing the same thing ( Correct) or is it localized? What is the Network Bandwidth out the Internet Router? ( Is the available Bandwidth Pegged? Which would make everything slow?) Any issues with dropped packets at the firewall/External Router to the Internet? Any issues querying DNS Server upstream of your business like L3 communications at 4.2.2.2 and 4.2.2.1. Here is an example: C:\windows\system32>nslookup Default Server: DNS Address: Internal_IP > set d2 > set type=A > server 4.2.2.1 ------------ SendRequest(), len 38 HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: 1.2.2.4.in-addr.arpa, type = PTR, class = IN ------------ ------------ Got answer (73 bytes): HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: 1.2.2.4.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 1.2.2.4.in-addr.arpa type = PTR, class = IN, dlen = 23 name = vnsc-pri.sys.gtei.net ttl = 84623 (23 hours 30 mins 23 secs) ------------ Default Server: vnsc-pri.sys.gtei.net Address: 4.2.2.1 > wwww.microsoft.com. Server: vnsc-pri.sys.gtei.net Address: 4.2.2.1 ------------ SendRequest(), len 36 HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: wwww.microsoft.com, type = A, class = IN ------------ ------------ Got answer (52 bytes): HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: wwww.microsoft.com, type = A, class = IN ANSWERS: -> wwww.microsoft.com type = A, class = IN, dlen = 4 internet address = 67.215.65.132 ttl = 0 (0 secs) ------------ Non-authoritative answer: Name: wwww.microsoft.com Address: 67.215.65.132 You can see I did a fully qualified dns lookup for Microsoft.com ( using the trailing . so that domain names aren't appended in the lookups) Came back pretty snappy ( I would defintely put Wireshark on your PC and try and see the response times, because you might be dealing with a Layer 1-2 problem at the router/switch/firewall interface or uplink on the TXX line to your ISP, rather than your DNS Servers. HTH Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Level 5 Lists [mailto:li...@levelfive.us] Sent: Friday, May 27, 2011 12:34 PM To: NT System Admin Issues Subject: Slow dns lookups? I have a client with a t1 and cable as a backup for about 50 users and 9 servers. The past week their internet became amazingly slow, we pulled opendns out, we pulled the proxy filter out and still same thing. Reviewing onsite it seems like when we goto a webpage we get a lot of website found waiting for reply for several seconds. I switched gateways between t1 and cable and seemed to have no effect. You eventually get there, but I cant seem to pinpoint whats causing it. We tried removing the opendns forwarders, then no forwarders, then some forwarders to some public DNS servers. Always the same thing. Internally dns seems fine, no errors, ad replication is functioning okay etc etc .. Kind of at a loss as to where to look next. Speedtest/pingtest are showing speeds as expected on both connections, latency everything there seems pretty normal (16dn/6up on cable, A rating on pingtest) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
