none
Windows Server 2012 DNS - Slow Name Resolution or Timeout RRS feed

  • Question

  • Any advice would be helpful.

    Just installed a new Windows 2012 Standard R2 server for small business running 5 workstations. The server is running AD, DHCP, and DNS. It's also behind a SonicWALL TZ300W firewall. Everything in preproduction was running fine, and then a few days after we went live into production all internet has slowed down to a crawl which is understandably frustrating users. Event logs look fine (except for warnings once in a while regarding domain names not being able to resolve in time). Internal resolution is instant however. My DNS forwarders point to Google DNS. Workstations of course point to my DC running DNS for resolution. My server points to itself for resolution (127.0.0.1).

    So here's the thing. For testing purposes... as soon as I change the DNS IP on any given NIC to an external DNS (say Google's at 8.8.8.8) name resolution times return to normal. Same goes for the server. But once I switch it back to point to the server trying to access web resources from anywhere on the network have considerable lag or time out altogether.

    I'm stuck. I'm not really sure where to go from here.

    Any help would be appreciated.

    Thanks so much.


    • Edited by everlifted Thursday, April 6, 2017 10:20 PM
    Thursday, April 6, 2017 10:19 PM

Answers

  • Ok. Weird. I'm using Kaspersky Security Center 10. The Endpoint Protection that's running on the server (and workstations) has a software firewall component that I had disabled. (This is a new server. I was still in the process of tweaking.) Not sure why but disabling the firewall component in the software was causing the issue. I would think if anything firewalls would slow traffic. Anyway, I enabled the component and immediately everything started running normal. Strange. I'll have to investigate the cause later.

    Thanks for your help John and Pascal.

    • Marked as answer by everlifted Sunday, April 9, 2017 7:18 AM
    Sunday, April 9, 2017 7:18 AM

All replies

  • Hi Everlifted,

    >>Same goes for the server.

    Do you mean that this issue occurs on DNS server too?

    Please try to disable firewall and check again.

    >> Internal resolution is instant however. My DNS forwarders point to Google DNS. Workstations of course point to my DC running DNS for resolution. My server points to itself for resolution (127.0.0.1).

    How about result of that clients resolve internal records?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 7, 2017 6:17 AM
  • Hi John. Yes... this occurs on DNS server as well. I'll double check, but I'm pretty sure clients are resolving internal records normally. I'll be continuing to troubleshoot this issue tomorrow at which point I was planning to bypass firewall to see if it makes any difference. I'll post my results.

    If you have any other thoughts I'll be happy to hear them.

    Friday, April 7, 2017 11:24 AM
  • Hi Everlifted,

    Can you try to disable edns with the command: dnscmd /config /enableednsprobes 0

    Edns can be blocked by your firewall.

    Best regards.

    Saturday, April 8, 2017 5:33 AM
  • Ok. Weird. I'm using Kaspersky Security Center 10. The Endpoint Protection that's running on the server (and workstations) has a software firewall component that I had disabled. (This is a new server. I was still in the process of tweaking.) Not sure why but disabling the firewall component in the software was causing the issue. I would think if anything firewalls would slow traffic. Anyway, I enabled the component and immediately everything started running normal. Strange. I'll have to investigate the cause later.

    Thanks for your help John and Pascal.

    • Marked as answer by everlifted Sunday, April 9, 2017 7:18 AM
    Sunday, April 9, 2017 7:18 AM
  • Always the same problem with antiviruses on servers, you should exclude processes, files, and maybe open some ports in firewall, some clues for Kaspersky: https://support.kaspersky.com/5927

    Also from Microsoft: https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

    Personally, I don't run antiviruses on servers (except files servers).

    It's a shame that antiviruses suppliers, since decades, don't detect simple services like DNS and automatically configure exclusions.

    Best regards.

    Monday, April 10, 2017 4:07 AM
  • Thanks Pascal. I'll read those articles. I would think that turning OFF the firewall would understandably eliminate the need to manually configure or open firewall ports, etc. It's weird that turning it ON would solve the issue. Incidentally, since we're a very small company we only have one machine, and although not recommended we're running a file server (amongst other things) on our DC... so that's why I'm running an endpoint protection on it.

    Thanks again for the help and the articles.

    Monday, April 10, 2017 1:44 PM
  • Hi,

    Thanks for your sharing.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 11, 2017 2:21 AM