Server 2016 Domain DNS Slow

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
Hi.

I trust you are well?

Here's my problem. I have set up a Server 2016 Standard domain with only my generalized IT experience and no qualifications.

So far I can pat myself on the back for doing a very good job as everything is functioning well except for one thing, so far.

I configured the FQDN as "company-name.co.za". This conflicts, as I soon found out, with our website which is the same as well as our email pop3 and smtp being mail.company-name.co.za. I have fixed the email part by creating an entry in forward lookup zones that points to the mail server's IP address. Not sure if that is the proper way to do it. We still can't open our website as it points to our local DNS server's IP address.

Another issue is that our DNS is very slow. For example a printer shared on one of the PC's takes forever to print to from remote PC's when pointing to the name of the PC where the printer is shared. I have changed it to point to the PC's IP address instead for now. However we use Pastel accounting software and it only works when pointing it to the server name and not IP address. Don't ask me why but Pastel insist it should be this way. As a result, said accounting software is also very slow since setting up the domain.

Please let me know if you need any more info on the matter and thank you in advance for your assistance.
 

irBosOtter

Expert Member
Joined
Feb 14, 2014
Messages
2,264
Add a A record entry in DNS "www" and point it to your external website IP

So when users type in www.yourcompany.co.za DNS will look at the IP of www only and should connect to the external website

A-record.JPG
 
Last edited:

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
Thank you for your reply.

That did not work although I am not sure I did exactly what you said. I did however enter the IP address in "forwarders" in the root of DNS and that fixed it.

That leaves the speed issue to be resolved.

Thank you very much.
 

syntax

Executive Member
Joined
May 16, 2008
Messages
7,714
This really isnt my field, but your DNS testing doesnt seem conclusive.
I quickly googled and there are DNS testing tools to provide real stats on DNS lookup times.

I would start with that to make sure that it really is slow response times for DNS that is causing your issues and not something else

Again, not my field, but this is the logic and route I would probably take
 

eth3rZA

Active Member
Joined
Jun 18, 2013
Messages
94
Hi,

If at all possible you should try and create companyname.local domain on an additional server and migrate the users/computers over to that (if you have a small environment - 10 to 20 devices). You could also pull a allnighter and rename the domain (take long and messy). There are workarounds for your issues but as your environment grows this will frequently come back to bite you in the ass.
 

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
Hi,

If at all possible you should try and create companyname.local domain on an additional server and migrate the users/computers over to that (if you have a small environment - 10 to 20 devices). You could also pull a allnighter and rename the domain (take long and messy). There are workarounds for your issues but as your environment grows this will frequently come back to bite you in the ass.
As much as I did not want to accept the fact, I figured as much. Thank you for confirming it though.
 

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
This really isnt my field, but your DNS testing doesnt seem conclusive.
I quickly googled and there are DNS testing tools to provide real stats on DNS lookup times.

I would start with that to make sure that it really is slow response times for DNS that is causing your issues and not something else

Again, not my field, but this is the logic and route I would probably take
Thank you.

This is the result I got from one such tool, for the local DNS server. I am no expert either, but the results don't look good to me.

dnstest.png
 

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
If I am correct those results are in milliseconds and I would expect figures for say average, to look like those currently in Std.Dev. Also being on a local LAN, I would expect them to be a lot better than that even.
 
Last edited:

johancsmuts

Active Member
Joined
Apr 16, 2018
Messages
45
Here are the results from nslookup debug:

Default Server: UnKnown
Address: 192.168.1.252

> set debug
> company-name.co.za
Server: UnKnown
Address: 192.168.1.252

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
company-name.co.za.company-name.co.za, type = A, class = IN
AUTHORITY RECORDS:
-> company-name.co.za
ttl = 3600 (1 hour)
primary name server = server-hostname.company-name.co.za
responsible mail addr = hostmaster.company-name.co.za
serial = 61
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
company-name.co.za.company-name.co.za, type = AAAA, class = IN
AUTHORITY RECORDS:
-> company-name.co.za
ttl = 3600 (1 hour)
primary name server = server-hostname.company-name.co.za
responsible mail addr = hostmaster.company-name.co.za
serial = 61
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
company-name.co.za.co.za, type = A, class = IN
AUTHORITY RECORDS:
-> co.za
ttl = 899 (14 mins 59 secs)
primary name server = ns.coza.net.za
responsible mail addr = this-is-probably-not-the-email-address-you-are-looking-for.co.za
serial = 1180718055
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 2592000 (30 days)
default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
company-name.co.za.co.za, type = AAAA, class = IN
AUTHORITY RECORDS:
-> co.za
ttl = 899 (14 mins 59 secs)
primary name server = ns.coza.net.za
responsible mail addr = this-is-probably-not-the-email-address-you-are-looking-for.co.za
serial = 1180718055
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 2592000 (30 days)
default TTL = 3600 (1 hour)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
company-name.co.za, type = A, class = IN
ANSWERS:
-> company-name.co.za
internet address = 192.168.1.252
ttl = 600 (10 mins)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
company-name.co.za, type = AAAA, class = IN
AUTHORITY RECORDS:
-> company-name.co.za
ttl = 3600 (1 hour)
primary name server = server-hostname.company-name.co.za
responsible mail addr = hostmaster.company-name.co.za
serial = 61
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

------------
Name: company-name.co.za
Address: 192.168.1.252

>
 

syntax

Executive Member
Joined
May 16, 2008
Messages
7,714
Thank you.

This is the result I got from one such tool, for the local DNS server. I am no expert either, but the results don't look good to me.

View attachment 537667
I really know squat about this, but it looks as if the DNS server is slow in responding to non cached requests.
Where is the server getting its DNS from?
If you use that on a local desktop and do a test are you getting decent results?

Seems like its struggling to get lookups, but once it does and caches it, its fine

Again, really really not my field so I am just guessing
 
Top