1

I'm trying to figure out how one goes about setting up DNS in a setup like at my work. We have:

  1. A "business" DSL line that is just a home DSL line with a dedicated IP address
  2. A Sonicwall router (NAT/VPN) appliance connected to the DSL modem (192.168.1.1)
  3. A Windows Server 2008 R2 box running Active Directory and DNS (192.168.1.2)

Each PC on our network is configured to use 192.168.1.2 as DNS, using manually-configured IP addresses. DHCP is enabled on the Sonicwall for VPN clients, not used for our workstations.

The server's NIC is configured to use:

127.0.0.1 75.154.132.100 75.154.132.68

The second and third entries are our ISP's DNS servers.

The problem is that while everything works, DNS resolution is absurdly slow for internet sites. Using GRC's DNSBench.exe, uncached requests to 192.168.1.2 are taking 3849 ms! Connecting to our ISP's DNS servers directly takes about 100 ms for the same uncached requests.

Thanks for any help - I really don't know what I'm doing here. Hah.

Improve this question
2
  • On the server, in DNS management, right-click on the server and go to properties. In the forwarders tab, what's configured? Commented Aug 25, 2011 at 21:45
  • There are no forwarders configured - the 2008 R2 system is set up the same way our Windows Server 2003 box was (I didn't install that one). Apparently, it was set up wrong for the last 4.5 years! Commented Aug 26, 2011 at 14:19

1 Answer 1

Reset to default
5

Drop your ISP's DNS servers out of your client's and your server's config. Once you've done that, add those servers as "forwarders" in the DNS server setup on the 2008R2 box.

With this setup, your clients will send all of their DNS queries to the server, and for queries the server is not authoritative for (basically anything outside your AD domain), it will recursively query your upstream ISP's DNS servers and then return the answer to your clients.

Improve this answer
4
  • 1
    @evilspoons: I agree with ErikA. In addition, set the NIC on the server to use the server's ip address instead of the localhost address. You might also consider using the root hints rather than forwarders at your ISP. Commented Aug 25, 2011 at 22:53
  • I had read about forwarders on Microsoft TechNet but I couldn't get past their indecipherable wording on the article. This gives me something to actually work with. Commented Aug 26, 2011 at 14:20
  • 1
    @joeqwerty : What is the difference between using 127.0.0.1 and the server's IP address? Wouldn't using the localhost be identically functional and continue to work if the server's IP changed for whatever reason? Commented Aug 26, 2011 at 14:28
  • @evilspoons: I suppose that there's no functional difference but there used to be a problem with RRAS clients if the DC/DNS server was also a RRAS server and pointed to 127.0.0.1 for DNS so I just got in the habit of using the actual ip address instead of localhost. It's just my preference. Commented Aug 26, 2011 at 15:06

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.