I've been putting up with this for a long time and think it is about time to find out what is going on. Internal DNS is quickly resolved, but anything that needs to reach outside the domain is very slow. I only have 1 DNS server, DHCP is configured to hand this single IP out. I've used forwarders, no forwarders .. Nothing seems to work as good as it should. Some queries timeout making browsing slow. A second attempt and it works! What is going on? Where can I look, any help? Tips? Windows 2008 R2 Domain Controller DNS Thanks! Dane!

Hiya, Find out what DNS server your ISP is using. From a klient, use NSLookup and change to that server. Flush the DNS cache on your klient. Do an external lookup and see what happends. If the response is slow, then its the ISP DNS server that responds slow. You can change that in the router setup. Basically you can use NSLookup to pinpoint which DNS server is responding slow. Using NSlookup.exe http://support.microsoft.com/kb/200525

1. Hope you assign internal DNS IP address and no public one. 2. Test if there is another program using port 53: nbtstat -bn 3. I would test the network resolution traffic by network monitor (either from Microsoft or open software Wireshark ) Regards Milos

Hi, thanks for the suggestions. First, Jasper... In an effort to help speed things up, I have added a forwarder 4.2.2.2... This helped a little bit but has not totally solved the problem. Before that, I presume the MS DNS server used root hints to resolve external addresses. Not sure how to check to see if these have been updated, are complete, missing one, or not used at all?? Milos, Yes, clients get internal address of DNS server. Internal name resolution is not the problem.. It is resolving external DNS that seems to fail at times. Regardless of a Forwarder or not. This server DOES seems to run kind of slow at times. But, DNS is so light weight I'd hate to think the computer is so slow that it can not respond in time. Maybe I will move Domain and DNS functions to another machine and see if that helps. Any more suggestions? I think it is something in the DNS service itself. Dane!

As a test try conditionl forwarding to google dns server 8.8.8.8 For examle let you internal DNS resolve your domain names and anything else forward to 8.8.8.8. If things are better that way then your ISP DNS name resolution is the problem.

As a test try conditionl forwarding to google dns server 8.8.8.8 For examle let you internal DNS resolve your domain names and anything else forward to 8.8.8.8. If things are better that way then your ISP DNS name resolution is the problem. OK. Will do this now. Dane!

No difference, really. Some things still timeout. If I go to eBay, type in something to search, maybe all the images show up, usually only half. Have to refresh the page to get everything to appear. Weird. Dane!

Remove forwarders and use root hints instead.

Hello, I would recommend to start by changing the used DNS server set as a forwader and check results. If this does not help, I would recommend using a DNS forwarding timeout that is equal or higher to 5 using the /TimeOut switch. More here: http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Remove forwarders and use root hints instead. That is the original configuration. Added forwarder to see if it helped. It did not. Think I will be moving all DNS / domain functions to another machine and see how that goes. Will check back in a couple days. Feel free to send more suggestions! Thanks, dane Dane!

http://support.microsoft.com/kb/249868 check for Event ID: 453 Description: DNS Server sendto () function failed. The data is in the error. Event ID: 7053 Description: DNS_EVENT_SENDTO_CALL_FAILED DNS Server sendto () function failed. The data is in the error. You may need to reload "Cache.dns"

http://support.microsoft.com/kb/249868 check for Event ID: 453 Description: DNS Server sendto () function failed. The data is in the error. Event ID: 7053 Description: DNS_EVENT_SENDTO_CALL_FAILED DNS Server sendto () function failed. The data is in the error. You may need to reload "Cache.dns" No, this is not the case. Dane!

So, here's an update to this afrer moving DNS to another DNS server. Same result. I am wondering if this could have to do with a large amount of reverse DNS zones I reload from other zones? I have separate zones for each /24 subnet and I have a lot of them. Seems everything works ok but as I added more and more DNS slows down. Also have a couple forwarding zones.Dane!

Well, I think I just figured this out... Evidently, my hardware Firewall has a user limit. With the addition of a new 3D television and new cable box, PS3, Xbox360, iPad, Tablet, couple laptops, IP Cameras, a few Virtual Machines, at some point I hit the "User Limit" on the firewall. As I added more devices the issue got worse, wound up doing many nslookups and finally started looking at the FW. The FW logs are full of User Limit Exceeded IP address xxxx.xxxx.xxx.xxx not added - and they were the DNS servers (among others). Making the situation harder to track down was having laptops that would tip the scales sometimes and not others. Then the randomness (?) of which client it decides to block. GRR I can't be too ticked off at the FW, it IS over 6 years old. Although, this is a licensing issue and not a hardware limitation. Wow. Dane!