locked
DNS over vpn causing slow internet? RRS feed

  • Question

  • Our organisation has 6 sites located in different cities, each site has it's own local network with firewall and cable internet access.

    The local networks are connected with IPSEC-VPN connections between the firewalls.

    We used to have a Windows server 2003, running dhcp & dns on each site.

    Last month I replaced these 2003 servers with 1 central Windows Server 2012 located in our biggest site.

    This server is only used for logon purposes and some file print and sharing. The printers are installed locally on each pc using group policy so the print jobs aren't transferred over the vpn to the server and back.

    The firewall on each site now serves as DHCP server, and I set the primary dns to the IP of the central server, and secondary dns to 8.8.8.8 (google public DNS), so the internet will still be available if the server or vpn connection goes down. And the WINS server is also set to the ip of our new server.

    Now in 1 of our sites, the users are complaining that the internet is very slow. Could this be because the dns-queries are going over the vpn to the central server?

    Is there a better way to do this?

    I only set the server ip as primary DNS so the computers can make a conenction to the server.

    Maybe I could add the server name and ip to each computer's hosts file and set primary and secondary dns to google's dns servers?

    Thursday, December 11, 2014 1:06 PM

All replies

  • Hi Joris,

    DNS over VPN may cause this issue. DNS use UDP port 53 by default. UDP is a unreliable protocol. DNS query may be dropped when it acrosses the VPN.

    If you use the standard DNS zone, please setup a secondary DNS server in each site.

    If you use the Active Directory-Integrated zone, please setup a domain controller in each site.

    Also, if the client is joined into the domain, we should only configure the IP address of the DC as the DNS settings on the client. If we add public DNS into the domain-joined client, it will cause a lot of issues about accessing the internal resources.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, December 14, 2014 1:46 PM