locked
Windows Server 2012 Essentials R2 DNS slow to resolve RRS feed

  • Question

  • Hi All

    after an abrupt power outage our essentials server has come up with less than satisfactory DNS performance.

    In the domain environment I consistently get DNS_PROBE errors right before the page actually loads.  This problem is quite prominent when accessing sites suggested by google ads (this is how I test).

    so basically if i search for something generic (cars for sale in sydney) and click on one of the google ads in the results, i wait.  then wait.  then wait.  then i may get a DNS_PROBE error, then shortly after the page will load.

    If I hard code the ISP's DNS server to the NIC, internet is super speedy with no errors.  (it was and still is default to 127.0.0.1)

    At this stage I have configured DHCP to assign addresses using the ISP DNS server.  This of course fixes the internet issues, but plays havoc with the domain and authentication.

    this is a list of what I have tried thus far:

    *  configured ipv4 and ipv6 reverse lookups with ptrs

    *  disabled ipv6 using the microsoft "fix its" after trying to get ipv6 to work.

    *  tried different forwarders (google and isp) tried it with and without root hints, tried it with root hints only

    *  netsh winsock reset

    *  applied all current updates and patches.

    nslookups from the server resolve the server itself, but external lookups fail (2 sec timeout).  subsequent lookups obviously work after it has been cached.

    the firewall on the server has been dropped, as has the firewall on the modem.  anti virus has also been disabled.  problem occurs both on the server and workstation 

    there are no error logs on the server nor dns specific (which would lead me to believe that it is the problem) and so far debugging has hasnt given me much info either.


    this is a single Windows Essentials Server 2012 R2 box servicing around 20 PCs.  it is dual nic (but one has been disabled since install) and all power management options have been disabled.  

    before I do something drastic (like rebuilding the server, which normally wouldn't be a problem, but copying 8TB of data is a huge time suck) i was wanting to know if there is anything else I should try.

    Is it possible to remove the DNS role from the server and re add it?  I don't want to do anything that could "brick" the server before I do a data copy but I have tried pretty much every solution available on the net.

    help please?


    Sunday, September 6, 2015 10:34 PM

Answers

  • Hi Dexter Eugenio,

    According to your description, when clients use domain DNS server to open internet website, it may get error DNS_PROBE, when clients use ISP’s DNS server, it works well. And when you use command nslookup, the domain DNS server couldn’t resolve external name.

    If the DNS server is along with AD integrated zones, we may use command “dcdiag/test:dns” on DNS server to test general issues.

    In order to monitor the process of the DNS resolution, we may install the network monitor to perform a network traffic capture on DNS server. As you have tried forwarders on the DNS server, we may check if the DNS server could send out forward requests to the external DNS server, and receive the correct IP address from external server. Since you have tried forwarders and it failed to work, we may find out which process is blocked.

    You may click the following link to download network monitor:

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    If we finally find out that the problem is due to the DNS server itself, and try to reinstall DNS server role, we may refer to the following article to backup DNS zone:

    To restore an AD-integrated zone:

    https://technet.microsoft.com/en-us/library/Ff807395(v=WS.10).aspx

    If the dns server is standalone, we may typically find the backup files in C:\Windows\System32\dns

    Best Regards,

    Anne He


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, September 7, 2015 5:03 AM

All replies

  • Hi Dexter Eugenio,

    According to your description, when clients use domain DNS server to open internet website, it may get error DNS_PROBE, when clients use ISP’s DNS server, it works well. And when you use command nslookup, the domain DNS server couldn’t resolve external name.

    If the DNS server is along with AD integrated zones, we may use command “dcdiag/test:dns” on DNS server to test general issues.

    In order to monitor the process of the DNS resolution, we may install the network monitor to perform a network traffic capture on DNS server. As you have tried forwarders on the DNS server, we may check if the DNS server could send out forward requests to the external DNS server, and receive the correct IP address from external server. Since you have tried forwarders and it failed to work, we may find out which process is blocked.

    You may click the following link to download network monitor:

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    If we finally find out that the problem is due to the DNS server itself, and try to reinstall DNS server role, we may refer to the following article to backup DNS zone:

    To restore an AD-integrated zone:

    https://technet.microsoft.com/en-us/library/Ff807395(v=WS.10).aspx

    If the dns server is standalone, we may typically find the backup files in C:\Windows\System32\dns

    Best Regards,

    Anne He


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, September 7, 2015 5:03 AM
  • thanks Anne

    I tried that dcdiag /test:dns command and it passed

    I will download the network monitor and see what happens.

    I believe the server has some sort of error with the DNS, as setting the DNS server on the server and the workstations to the ISP's DNS servers resolves webpages no problems.

    I have also looked at the link you attached with regard to restoring AD-integrated zones.  Do I follow this procedure AFTER I remove and re-add the DNS Server role?  This is the process I'm afraid of, as I think that removing the DNS role and rebooting may lead to the server being inaccessible.

    I will most likely try this if you can confirm it is safe.

    The other thing I will try is to swap the networks cards on the server (1 is enabled, the other disabled).  Do you think that enabling the other network card, and giving it the same IP address as the current network card (whilst only keeping one card active of course) would work?

    I'm trying everything I can before I have to rebuild the server as it will be a huge pain and disruption to the business.

    thanks

    Tuesday, September 8, 2015 7:37 PM
  • Hi Dexter Eugenio,

    >This is the process I'm afraid of, as I think that removing the DNS role and rebooting may lead to the server being inaccessible.

    In the process, it is real that the DNS query for the integrated zone might fail and the DC may be inaccessible. 

    If it is possible, we may set up another DC for the domain, if the server is inaccessible, clients may query another one.  

    Best Regards,

    Anne He


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, October 12, 2015 2:23 AM