I have a number of Windows XP clients using DHCP for addresses and DNS. These workstations are getting IP addresses and DNS information from a Windows 2008 R2 server. The workstations only use the 2008 R2 server for DNS, and forwarders are set up on the 2008 server. When loading web pages in IE 8 on the XP workstations, the pages for some sites load very slowly (for example, www.miamiherald.com). These same pages load quickly in Firefox or Chrome. I have turned off EDNS0 on the 2008 server using the command: dnscmd /config /enableednsprobes 0 but this has not changed the situation. If I change the XP workstations to use static DNS addresses such as the public Google server (18.104.22.168) the same web pages load quickly in IE. This seems to point to an issue with the 2008 DNS server but I can't pin it down. Has anyone seen this before?
- Moved by Boo_MonstersIncMicrosoft contingent staff, Moderator Thursday, June 20, 2013 7:33 AM
Check the proxy configuration of IE. If a proxy is configured but not available this might cause slowness in some cases.
Also check if things improve if "automaticly detect settings" is disabled. This might indicate your local DNS server contains a WPAD record that is not valid.
I assume you already tried reverting IE8 to its defaults?
Thanks for the suggestion. Proxy is not enabled for IE for any of the workstations. I also tried the procedure for reverting IE back to defaults but this did not change the behavior. The "Automatically detect settings" check box under Connections > LAN Settings... is not checked. We do not use an automatic configuration file so there is no WPAD record in DNS.
Is there anything different about DNS lookups for IE that might not apply to other browsers such as Firefox or Chrome? It's my understanding that functions like that would be browser-agnostic.
Are you seeing this slowness with or without forwarders? If without, meaning the Roots only, the first hotfix below should address that. They are not part of Windows Updates.
It also appears your 2008 R2 DNS servers may need to be updated or a hotfix applied.
Run the following, and if the hotfix is already installed or it doesn't apply due to service pack level or operating system version, no fret, the installer will tell you right away. Some of them require restarts.
DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
Post Windows 2008 R2 SP1 HOTFIX available.
APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
Requires a restart.
Windows 2008 -
DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008- Post Windows 2008 SP2 Hotfix available
Requires a restart.
DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in Windows Server 2008 R2 - Post Service Pack Hotfix available.
Does not require a restart.
DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2 - Hotfix release - (released 4/15/2011)
And if nslookup times out on MX records, it's by design:
NSLOOKUP Returns Time-out Error When Query for an MX Record
I *highly recommend* to not disable EDNS0. EDNS0 is used for more than just internet resolution, and disabling it can affect internal AD performance. Here's more on it:
What is EDNS0? (Extension mechanisms for DNS)
Published by Ace Fekay, MCT, MVP DS on Oct 11, 2010 at 2:46 PM
If you are using Google DNS servers as a forwarder, they do not support EDNS0. Same goes with OpenDNS. I suggest using 22.214.171.124 & 126.96.36.199.
You can test if EDNS0 is supported by your firewalls. Remove any general forwarders, and run the following:
nslookup -type=TXT rs.dns-oarc.net
FYI: In the nslookup results, look for the two parts in the response that say, " ...DNS reply size limit is at least xxxx." The xxxx is the DNS UDP packet size that your firewall or forwarder will support, assuming EDNS0 has not been disabled on the DNS server. If it's under 512, then that DNS doesn't support it, or the firewall doesn't support it and is blocking EDNS0 or the Forwarder you are using is blocking or not allowing/configured to use EDNS0.
You can then put your forwarders back in and test it again.
Also, you can test EDNS0 against specific internet DNS servers, if you like using the following method:
> server 188.8.131.52 <---- change the IP to whatever DNS server you want to test for EDNS0 support
> set q=txt
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Thanks for the hotfix links as well as the information regarding EDNS0. I have re-enabled this on the DNS server and have downloaded and applied the first hotfix, and have scheduled an outage for this afternoon to reboot the server. I will check behavior after the reboot and update with a status.