Opening webpage first time is very slow each time.
-
Monday, July 02, 2012 10:53 AM
I'm using Server 2008 AD with dns installed. I find that most workstation opening webpage first time is very slow. It's always needs several or more seconds to open webpage first time. The DNS forwarders are using ISP's dns for external query.
But we don't have this problem on the other site which is using Server 2003 AD with dns installed. And don't need to input info for DNS forwarders. Opening website first time is fast and normal.
What's the problem for the slow opening webpage first time? What should I check first? Please kindly help.
All Replies
-
Monday, July 02, 2012 11:34 AM
Hello,
lets start with an unedited ipconfig /all from the DC/DNS server and a client with problems.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Tuesday, July 03, 2012 3:49 AM
Hi, here is the info.
Server 2008 DC/DNS:
Windows IP ConfigurationHost Name . . . . . . . . . . . . : nnwdc
Primary Dns Suffix . . . . . . . : nnwave.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nnwave.localEthernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 18-A9-05-3D-F8-29
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.251(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.251
NetBIOS over Tcpip. . . . . . . . : EnabledWinXP Client:
Windows IP Configuration
Host Name . . . . . . . . . . . . : user10
Primary Dns Suffix . . . . . . . : nnwave.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nnwave.local
nnwave.local
Ethernet adapter Local Area Connection :
Connection-specific DNS Suffix . : nnwave.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1C-C0-F1-3E-3B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.48
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.251
DNS Servers . . . . . . . . . . . : 192.168.1.251
Lease Obtained. . . . . . . . . . : Tuesday, 3 July, 2012 9:01:42
Lease Expires . . . . . . . . . . : Saturday, 7 July, 2012 9:01:42 -
Tuesday, July 03, 2012 5:39 AM
Thanks for posting that info. Can you run and post the results of the following please? It's testing EDNS0 settings.
nslookup -type=TXT rs.dns-oarc.net
FYI: Look for the part in the response that says, " ...DNS reply size limit is at least xxxx." The xxxx is the DNS UDP packet size that your firewall will support, assuming EDNS0 has not been disabled on the DNS server. If it's under 512, then it is blocking EDNS0 or the Forwarder you are using is blocking or not allowing/configured to use EDNS0.
.
Also, in Registry Editor, navigate to the following location. Does the MaximumUdpPacketSize key exist? If so, what is the value in Hex or Decimal?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
MaximumUdpPacketSizeCheck the MaximumUdpPacketSize setting for your server to make sure it's 4096 and hasn't been changed to something lower:
Change UDP message size
http://technet.microsoft.com/en-us/library/cc737093(v=ws.10).aspx.
Can you run an example nslookup for the following, please? Does nslookup hang or time out when you try to run them?
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Tuesday, July 03, 2012 6:22 AM
Hi,
C:\Temp>nslookup -type=TXT rs.dns-oarc.net
Server: nnwdc.nnwave.local
Address: 192.168.1.251DNS request timed out.
timeout was 2 seconds.
*** Request to nnwdc.nnwave.local timed-outC:\Temp>nslookup -type=TXT rs.dns-oarc.net
Server: nnwdc.nnwave.local
Address: 192.168.1.251Non-authoritative answer:
rs.dns-oarc.net canonical name = rst.x3827.rs.dns-oarc.net
rst.x3827.rs.dns-oarc.net canonical name = rst.x3837.x3827.rs.dns-oarc.netrst.x3837.x3827.rs.dns-oarc.net canonical name = rst.x3843.x3837.x3827.rs.dns-oa
rc.net
rst.x3843.x3837.x3827.rs.dns-oarc.net text ="203.80.96.10 DNS reply size limit is at least 3843"
rst.x3843.x3837.x3827.rs.dns-oarc.net text ="Tested at 2012-07-03 06:14:09 UTC"
rst.x3843.x3837.x3827.rs.dns-oarc.net text ="203.80.96.10 sent EDNS buffer size 4096"
C:\Temp>
==================================================
The MaximumUdpPacketSize key does not exist in Registry on DC.
-
Tuesday, July 03, 2012 6:43 AM
EDNS0 looks fine. No problem about the key not existing.
What forwarder are you using? If you change to 4.2.2.2, does it help?
What event log errors are you seeing? Check all logs, please.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Tuesday, July 03, 2012 8:31 AMForwarders are using: 203.80.96.10 203.186.94.22 203.80.96.33 Some webpage cannot be accessed after changed to 4.2.2.2. May be my location is Hong Kong. You mean dns and event log? Not find any error. If all my settings above are correct, want to verify that there is nothing wrong. Just think if the ISP's dns servers are not stable.. Many thanks.
-
Wednesday, July 04, 2012 1:51 AM
The first forwarder you listed worked for me, but not the other two. I had trouble with them. Look below:
C:\>nslookup
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2> server 203.80.96.10 <------ This one was ok.
Default Server: ns1o.ctihk.com
Address: 203.80.96.10> www.microsoft.com
Server: ns1o.ctihk.com
Address: 203.80.96.10Non-authoritative answer:
Name: lb1.www.ms.akadns.net
Address: 65.55.57.78
Aliases: www.microsoft.com
toggle.www.ms.akadns.net
g.www.ms.akadns.net> intel.com
Server: ns1o.ctihk.com
Address: 203.80.96.10Non-authoritative answer:
Name: intel.com
Address: 192.198.164.158> howdy.com
Server: ns1o.ctihk.com
Address: 203.80.96.10Non-authoritative answer:
Name: howdy.com
Address: 204.13.162.123> server 203.186.94.22 <----- This one is not ok.
Default Server: ns6o.ctihk.com
Address: 203.186.94.22> intel.com
Server: ns6o.ctihk.com
Address: 203.186.94.22DNS request timed out. <----- Look at all the time outs.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns6o.ctihk.com timed-out> www.microsoft.com
Server: ns6o.ctihk.com
Address: 203.186.94.22DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns6o.ctihk.com timed-out
> server 203.80.96.33 <------------- This one gave me problems, too - look at the time outs.
DNS request timed out.
timeout was 2 seconds.
Default Server: [203.80.96.33]
Address: 203.80.96.33> www.microsoft.com
Server: [203.80.96.33]
Address: 203.80.96.33DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to [203.80.96.33] timed-out
> exitC:\>nslookup <--------- I figured I would exit nslookup and try it again.
Default Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2> server 203.80.96.33 <---------- Nope, this one gave me problems again. Look below at the time outs.
Default Server: bmgw02.hkbn.net
Address: 203.80.96.33> www.microsoft.com
Server: bmgw02.hkbn.net
Address: 203.80.96.33DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to bmgw02.hkbn.net timed-out
>.
.
The only one that worked is the first one, so I would honestly remove the other two. Let's remove the other two, and test it out.
After that, let's remove ALL of them leaving no forwarders, and try it out.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Edited by Ace Fekay [MCT]MVP Wednesday, July 04, 2012 1:53 AM
-
Friday, July 06, 2012 4:23 AM
Hi Thanks for the reply.
Yes, I find that 203.80.96.33 not work.
203.186.94.22 and 203.86.96.10 are same that sometimes work occassionally on nslookup.
I tried to remove all and were blank in forwarders. But found that some webpage cannot be accessed.
So I input 203.186.94.22 back to the forwarder list.
At Root Hints page, it shows only the below NS only
a.root-servers.net [198.41.0.4]
e.root-servers.net [192.203.230.10]
i.root-servers.net [192.36.148.17]
j.root-servers.net [192.58.128.30]
m.root-servers.net [202.12.27.33]Is it too less? I find that there are many NS in root hints page on Server 2003 at the other site.
Many thanks
-
Friday, July 06, 2012 4:35 AM
There are quite a few missing. There should be 13. Click on "copy from server" and choose 4.2.2.2. That will re-populate the whole list.
Here is more info on it. This is for 2003, but it works the same for 2008/2008 ER2
How to troubleshoot DNS name resolution on the Internet in Windows Server 2003
http://support.microsoft.com/kb/816567.
Also, here's something else you may want to look at regarding the cache.dns file missing certain root servers. If you follow his steps, just like anything else before making changes, make sure you backup your own cache.dns file first by renaming it instead of overwriting it.
Win 2K8 Server DNS Root Hints Don’t Include IPv6 Addresses By Default
https://www.nnbfn.net/2011/04/win-2k8-server-dns-root-hints-dont-include-ipv6-addresses-by-default/Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Friday, July 06, 2012 10:14 AM
I've tried to replace cache.dns file from the backup. Then input missing NS back into roots hints manually . Also clicked "Copy from server" sucessfully too.
Cleared the forwarders lists and test. But user reports some webpage cannot be accessed. Then I need to put back 203.186.94.22 into forwarder.
Some webpage will wait for 2-5 seconds to appear the webpage occassionally till now. Unlike using broadband at home which is very fast and normal.
Actually, is it related to our Internet Service Provider? or related to our server settings? etc. (Note. I only have one DC now)
- Edited by EcoAxis Friday, July 06, 2012 10:15 AM
-
Friday, July 06, 2012 11:53 AM
Can you test and compare response times from the 2 sites so we can rule out any network related issue?
Have you tried configuring public dns addreses like 8.8.8.8 for forwarders?
Also remember after making a change run an ipconfig /flushdns or a dnscmd /clearcache if you are testing from the dns server.
Another option might me to monitor the traffic using software like Wireshark or MS network monitor during a query and see how it's resolved.
MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/
-
Friday, July 06, 2012 3:21 PM
Using a public forwarder is a good idea. But when I suggested to try 4.2.2.2, he said it didn't help. The only thing I don't like with Google's (8.8.8.8), is they don't support EDNS0, which will cause problems with some domains with large zone data. But if it helps to overcome this "slowness," then it should help.
Rather than Google's, that is if one prefers using Google's DNS servers, I would suggest to try OpenDNS as forwarders. You can also control what can be resolved with OpenDNS, such as blocking social, video or many other types of sites by setting up a free account at www.opendns.com. I used it for a couple of my customers:
- 208.67.222.222
- 208.67.220.220
.
If none of our forwarders suggestions work, whether Google, OpenDNS, 4.2.2.2, 4.2.2.3, etc, take a look at the following to see if it helps:
MaxCacheTtl
"Determines how long the Domain Name System (DNS) server can save a record of a recursive name query.
If the value of this entry is 0x0, the DNS server does not save any records.
The DNS server saves the records of recursive name queries in a memory cache so that it can respond quickly to new queries for the same name. Records are deleted from the cache periodically to keep the cache content current. The interval during which the records remain in the cache usually is determined by the value of the Time to Live (TTL) field in the record. MaxCacheTtl establishes the maximum time that records can remain in the cache. The DNS server deletes records from the cache when the value of this entry expires, even if the value of the TTL field in the record is greater."
http://technet.microsoft.com/en-us/library/cc959926And one more thing to look at - a hotfix for Windows 2008 R2 DNS:
DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2 http://support.microsoft.com/kb/2508835
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Saturday, July 07, 2012 6:10 AM
Tried OpenDNS 208.67.222.222, 208.67.220.220. Results are same.
Hey, I can isolate the problem now. When I changed local NIC's dns to any dns lists above such as 203.186.94.22 or 4.2.2.2 in my XP computer, browsing internet is super fast and normal!! When changed back dns to DC's ip, slow browsing appears again.
Then it should be related to Server 2008 DNS problem. So not related to outside dns server or ISP problem. Server's internal firewall is ON too. I've restarted the Server once. Still same. What happen for this DNS Server??
-
Sunday, July 08, 2012 2:13 AM
So that points back to the server. Have you looked at the other suggestions I posted, such as the MaxCacheTtl or the hotfix?
Or one more thing to look at:
Configure Cache Locking
DNS "Cache locking is configured as a percent value. For example, if the cache locking value is set to 50, then the DNS server will not overwrite a cached entry for half of the duration of the TTL. By default, the cache locking percent value is 100. This means that cached entries will not be overwritten for the entire duration of the TTL. The cache locking value is stored in the CacheLockingPercent registry key. If the registry key is not present, then the DNS server will use the default cache locking value of 100."
http://technet.microsoft.com/en-us/library/ee649148(WS.10).aspx.
If that doesn't work, unfortunately I'm out of ideas and suggest to contact Microsoft. Here's the link if you decide to go with this option. ANd please do post back to let us know what they come up with:
http://support.microsoft.com/contactus/?ln=en-us
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Monday, July 09, 2012 8:53 AM
Hi, I've applied the hotfix KB2508835 and restarted server.
Also tried to add
dnscmd /config /maxcachettl 3600
dnscmd /Config /CacheLockingPercent 50
Now the dns parameters are shown as below.
HKLM\SYSTEM\....Services\DNS\Parameters
AdminConfigured
REG_SZ
(1)
BootMethod
REG_DWORD
(3)
CacheLockingPercent
REG_DWORD
(50)
EnableEDnsProbes
REG_DWORD
(0)
EnableGlobalQueryBlockList
REG_DWORD
(1)
Forwarders
REG_MULTI_SZ
203.186.94.22
ForwardingTimeout
REG_DWORD
(3)
GlobalQueryBlockList
REG_MULTI_SZ
Wpad isatap
IsSlave
REG_DWORD
(0)
MaxCacheTtl
REG_DWORD
(3600)
PreviousLocalHostname
REG_SZ
nnwdc.nnwave.local
All seems NO help. If I try the nslookup for the outside DNS, it works well.
If uses back the Server DC, seems not work.
C:\Documents and Settings\beams>nslookup
Default Server: nnwdc.nnwave.local
Address: 192.168.1.251
> trendy.com
Server: nnwdc.nnwave.local
Address: 192.168.1.251
DNS request timed out.
timeout was 2 seconds.
*** Request to nnwdc.nnwave.local timed-out
> server 203.186.94.22
DNS request timed out.
timeout was 2 seconds.
Default Server: [203.186.94.22]
Address: 203.186.94.22
> server 203.186.94.22
Default Server: ns6o.ctihk.com
Address: 203.186.94.22
> trendy.com
Server: ns6o.ctihk.com
Address: 203.186.94.22
Non-authoritative answer:
Name: trendy.com
Address: 96.127.180.98
> intel.com
Server: ns6o.ctihk.com
Address: 203.186.94.22
Non-authoritative answer:
Name: intel.com
Address: 192.198.164.158
> www.microsoft.com
Server: ns6o.ctihk.com
Address: 203.186.94.22
Non-authoritative answer:
Name: lb1.www.ms.akadns.net
Address: 65.55.57.78
Aliases: www.microsoft.com, toggle.www.ms.akadns.net
g.www.ms.akadns.net
> server 192.168.1.251
Default Server: [192.168.1.251]
Address: 192.168.1.251
> intel.com
Server: [192.168.1.251]
Address: 192.168.1.251
Non-authoritative answer:
Name: intel.com
Address: 192.198.164.158
> trendy.com
Server: [192.168.1.251]
Address: 192.168.1.251
DNS request timed out.
timeout was 2 seconds.
*** Request to [192.168.1.251] timed-out
> www.microsoft.com
Server: [192.168.1.251]
Address: 192.168.1.251
DNS request timed out.
timeout was 2 seconds.
*** Request to [192.168.1.251] timed-out
>
Any idea before I contact Microsoft? Many thanks.
-
Monday, July 09, 2012 7:47 PM
Everything looks fine from what I see. I think it may be better at this point to contact Microsoft Support. Please do let us know what they find and come up with!
Thanks!
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Saturday, August 18, 2012 3:17 AM
Hi Ace Fekay,
The problem is fixed now after using one NIC Card instead of plug two lan through HP Network Team . The server originally used one NIC card at initially and forgot when to use two lan after that.
Anyway, don't know why plug two lan will access internet slow. We can open webpage very fast each time now.
-
Saturday, August 18, 2012 3:42 AM
Possible reasons using two NICs together caused problems:
- The NICs weren't teamed properly in the software
- The switch doesn't support teaming.
- NIC software needs an update
.
Glad to hear you figured it out and got it working.
.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/This post is provided AS-IS with no warranties or guarantees and confers no rights.
- Marked As Answer by EcoAxis Saturday, August 18, 2012 3:50 AM
.png)
