none
DNS server help needed on server 2003

    Question

  • Hello. I have a strange issue.

    My 2003 windows server is the main DC. Suddenly after no changes at all on the server, websites won't load most of the time, and the few times they do load, they are extremely slow.

    We have a T1 at the site and it is working just fine as far as I can tell. I can upload and download data at full speed to my test sftp server.

    So internet speed is fast, but most websites come up as can't be found. It seems like a dns issue to me. However I can ping websites and it shows their ip address quickly. Pings usually say unreachable though.

    What could my issue be? I have tried changing the dns servers manually to Google's servers 8.8.8.8 and 8.8.4.4 just to test dns and it is still slow.

    -Thanks

    Friday, July 26, 2013 9:37 PM

Answers

All replies

  • First you say not loading, then you say slow. I'm going to assume you are having problems in general with internet resolution or connectivity.

    Can you post an ipconfig /all of the DC and of a sample client machine, please?

    And do NOT put in an internet DNS on any machine. That will cause AD to have major problems. You can put an internet DNS as a Forwarder (DNS properties, Forwarders tab). I would suggest to use 4.2.2.3 & 4.2.2.4. I believe they are more reliable than Google's (8.8.x.x) and also support a higher EDNS0 value. But make sure ALL MACHINES (the DC, member servers, clients, etc), are ONLY using your DC for DNS IP address in their NIC.

    -

    Also, if your FTP tests show fast access, do you possibly have an infected machine on the network that may be a spamming malware?

    If you are hosting Exchange, are you having trouble emailing certain domain names?


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, July 27, 2013 1:44 AM
  • Ok, I guess I should have been more clear. Most websites will not load. But it's weird, if you keep hitting refresh, you will eventually get some of them to load, but when they do load it takes like 2-3 minutes per page.

    The dns change to google was a quick change to see if the issue would resolve, but it did not, so I changed it back to the domain controller. The dns entries on all computers in the domain point to the main DC. The DC itself points to it's own ip address for dns. Gateway is the router on all computers including domain controller.

    I just checked spamhaus and we are clean. We do run exchange 2003 server on the main DC. I don't believe any computers are infected, but we did have an infected computer a few months ago. If one were infected, how would it affect this? It's not using any of our bandwidth as I've tested for that too. Anyhow, I am pretty certain we are clean.

    Here is my ipconfig /all output with a few changes to keep privacy:

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator.*****>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : w2k3*****srvr
       Primary Dns Suffix  . . . . . . . : *******.***
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : *******.***

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-1E-68-**-**-**
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.171.10
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.171.1
       DNS Servers . . . . . . . . . . . : 192.168.171.10

    C:\Documents and Settings\Administrator.*****>

    --Thanks

    Saturday, July 27, 2013 5:45 PM
  • Is this just happening from your domain controller or all clients?  If it's just the server, I beg to ask why you're surfing the internet on a domain controller?

    MCITP-EA | "Never test how deep the water is with both feet"

    Saturday, July 27, 2013 6:17 PM
  • It's the same from all computers. Even those that are not on the domain, like cell phones, tablets, etc.
    Saturday, July 27, 2013 7:19 PM
  • If you change the forwarders you are using as I've suggested, does the problem still occur?

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Sunday, July 28, 2013 9:06 PM
  • tried clearing the dns cache on the DC but not sure whether it will help.

    like: dnscmd /clearcache

    Do you have a firewall? or a manage switch in your network?


    Every second counts..make use of it.

    Monday, July 29, 2013 2:38 AM
  • Ok so magically the problem is gone today. I'm sure it will be here tomorrow. I did not change to your fwd's though. Just kept the same original ones. I made no changes and our internet is back. Could this just be the T1 provider somehow?

    Is there anywhere I can look to further troubleshoot this? I'd like to know why this happened and how to prevent it from happening again.

    Thanks

    Monday, July 29, 2013 5:03 PM
  • It could have been a DNS amplification or DDOS attack on the ISP's DNS servers.  You never know. Here's more info on it:

    Thread: "Protecting Windows DNS Server from being abused for DNS amplification attacks" 4/10/2013
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/fac86dc7-779d-48eb-a113-9c06c2222af9

    DNSSEC and DNS Amplification Attacks - Explanation of this DDOS attack, and suggestions to prevent an attack.
    By Greg Lindsay, MSFT, 4/23/2013
    http://technet.microsoft.com/en-us/security/hh972393.aspx

    Thread: "How to filter isc.org ANY attacks (DNS Amplification Attack)" 11/6/2012
    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/8a9d1c5e-a2df-4136-98cc-051fcde69f55

    Excellent discussion:
    Thread: "DDoS on Server 2008 R2," 6/3/2013
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/74125383-dad6-4a60-af0c-471849af6dc2/ddos-on-server-2008-r2


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 29, 2013 5:52 PM
  • Thank you, I will read up on these.
    Monday, July 29, 2013 7:09 PM