none
Slow DNS resolving time after moveing the active directory to new server 2012 R2 RRS feed

  • Question

  • After i moving all 5 roles from old active directory server (windows server 2012) with DNS and DHCP to new windows server 2012 R2 all request from the new DNS is slow , I should refresh the web page two time to view the page

    all setting are same for DNS (including forwarder to external ISP DNS) and internet firewall, when i change the dns to old server all thing return back to normal, my old server still running as a file server and second active directory

    Please help.

    ------------------------------  dcdiag  test -------------------

    PS C:\Users\administrator.MYDOMAIN> dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = SVRDC1
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SVRDC1
          Starting test: Connectivity
             ......................... SVRDC1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SVRDC1

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... SVRDC1 passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : MYDOMAIN

       Running enterprise tests on : MYDOMAIN.COM
          Starting test: DNS
             Test results for domain controllers:

                DC: SVRDC1.MYDOMAIN.COM
                Domain: MYDOMAIN.COM


                   TEST: Records registration (RReg)
                      Network Adapter [00000005] QLogic BCM5709C Gigabit Ethernet (NDIS VBD Client):
                         Warning:
                         Missing AAAA record at DNS server 192.168.1.10:
                         SVRDC1.MYDOMAIN.COM

                         Warning:
                         Missing AAAA record at DNS server 192.168.1.10:
                         gc._msdcs.MYDOMAIN.COM

                         Warning:
                         Missing AAAA record at DNS server ::1:
                         SVRDC1.MYDOMAIN.COM

                         Warning:
                         Missing AAAA record at DNS server ::1:
                         gc._msdcs.MYDOMAIN.COM

                   Warning: Record Registrations not found in some network adapters

                   SVRDC1                      PASS PASS PASS PASS PASS WARN n/a
             ......................... MYDOMAIN.COM passed test DNS

    • Edited by ITbeko Monday, February 15, 2016 1:48 PM
    Monday, February 15, 2016 8:59 AM

Answers

  • Ok the problem are from Kaspersky End point Security and after I uninstall it the problem has been fixed

    I stop kaspersky firewall service only but this not fix the problem and i try to close the program also but this not fix the problem , the only way to fix the problem is to uninstall the program.

    in My old server i have the old version of kasepersky endpoint security and its work fine.

    I don't know why most of security programs not work well with windows server when the server run as DNS or Active dedicatory , Can any one suggest good security products for windows server DNS an AD?

    Thanks for all

    • Marked as answer by ITbeko Wednesday, February 17, 2016 9:28 AM
    Wednesday, February 17, 2016 9:28 AM

All replies

  • Would it be possible to check that your DC/DNS servers have their IP settings as mentioned here: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23

    That may point you to the right direction.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, February 15, 2016 5:25 PM
  • I checked it all ip setting is fine actually the main problem in the external dns when request for website its take time to get the page
    Tuesday, February 16, 2016 4:25 AM
  • Hi ITbeko,

     

             According your description,it seems nothing wrong with configuration.

             1.Try to connect the web page by IP address, determine which caused the problem, DNS or the network.

             2. You could perform a network capture on the new Windows server 2012 R2,check if there is another program using port 53,or any unexpected process on the server takes the network bandwich.

     

                   

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, February 16, 2016 6:07 AM
  • Both DNS servers are in same subnet or different. If they're in different subnets, please check how many hops/firewall are there to reach out to external DNS (ISP). Enable DNS debug log and check for issues and also do a network capture and check the traffic.

    Regards, MC Manikandan

    Tuesday, February 16, 2016 11:31 AM
  • I check the port 53 not used by any other program and i monitor the network and its seem to be normal

    When i use nslookup i got the following :

    PS C:\Users\ADMINISTRATOR.MYDOMAIN> nslookup MYDOMAIN.COM
    1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
            primary name server = 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
            responsible mail addr = (root)
            serial  = 0
            refresh = 28800 (8 hours)
            retry   = 7200 (2 hours)
            expire  = 604800 (7 days)
            default TTL = 86400 (1 day)
    Server:  UnKnown

    did the problem from the IP6 ?

    Tuesday, February 16, 2016 1:35 PM
  • Hi ITbeko,

          

           It seems your system prefer IPV6 over IPV4.Try to force the system to use IPV4 first, before IPV6.Then test again. 

           You could modify the registry to  make it work.The key you are looking for is     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisabledComponents. If it doesn’t exist, you have to created it.

    1. In Registry Editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
    2. Double-click DisabledComponents to modify the DisabledComponents entry. Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:
      1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
      2. Type DisabledComponents, and then press ENTER.
      3. Double-click DisabledComponents.
    3. Type 0x20 to prefer IPv4 over IPv6 by modifying entries in the prefix policy table.

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, February 17, 2016 1:17 AM
  • Ok the problem are from Kaspersky End point Security and after I uninstall it the problem has been fixed

    I stop kaspersky firewall service only but this not fix the problem and i try to close the program also but this not fix the problem , the only way to fix the problem is to uninstall the program.

    in My old server i have the old version of kasepersky endpoint security and its work fine.

    I don't know why most of security programs not work well with windows server when the server run as DNS or Active dedicatory , Can any one suggest good security products for windows server DNS an AD?

    Thanks for all

    • Marked as answer by ITbeko Wednesday, February 17, 2016 9:28 AM
    Wednesday, February 17, 2016 9:28 AM