0

On our AD domain, end users desktops take a long time to resolve DNS from outside our company. Internally everything works fine.

The desktops are pointing pointing to 192.168.2.4 and .6. Those are the two domain controllers. .6 is currently down to be rebuilt, but it is the second DNS server listed in the TCP/IP settings. I dont think that is the issue.

The working DC's first DNS is pointing to our ISPs DNS and the second is set to 127.0.0.1. Using a browser on the server works as expected, external DNS resolution is quick.

Am I missing something obvious? Why are the desktops resolving DNS so slowly?

Keltari
  • 320
  • 3
  • 12
  • 3
    `1.` The DNS client on the DC should not be using an external DNS server for DNS. Both DC's should be using themselves for DNS only. The exact order is debatable, but what is not is that they SHOULD NOT use any DNS other then themselves. `2.` Try setting up forwarders in your DNS servers to use something other than your ISP, such as Google's public DNS servers. – joeqwerty Sep 18 '14 at 14:11
  • http://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why – Dusan Bajic Sep 18 '14 at 14:14
  • @joeqwerty You were right, the forwarder was the issue. It was trying to hit the server that was down and nothing was set for the external forwarding. If you make your comment an answer, Ill accept it. – Keltari Sep 18 '14 at 14:47

1 Answers1

2

  1. The DNS client on the DC should not be using an external DNS server for DNS. Both DC's should be using themselves for DNS only. The exact order is debatable, but what is not is that they SHOULD NOT use any DNS other then themselves.

  2. Try setting up forwarders in your DNS servers to use something other than your ISP, such as Google's public DNS servers.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172