• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Slow Web browsing after Cycling isa services

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Slow Web browsing after Cycling isa services Page: [1]
Login
Message << Older Topic   Newer Topic >>
Slow Web browsing after Cycling isa services - 6.Apr.2001 5:19:00 PM   
Alika

 

Posts: 8
Joined: 6.Apr.2001
From: Cedar Rapids, Iowa USA
Status: offline
we get Slow Web browsing after Cycling isa services. This is repeatable and so far there are only 2 ways to fix the issue, 1st we have to restart ISA server's box, or 2nd we have to go and cycle the two internal DNS server services. Any idea why or what reasoning this is happening. Just a note to ISA is running on 2000 server and DNS's are on NT 4.0
Post #: 1
RE: Slow Web browsing after Cycling isa services - 6.Apr.2001 8:48:00 PM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
So you see a connection with slow service and dns? What is the dns configuation you are useing? Particularly is ISA looking inward to dns or outward to an external name server? When webclients experience this behavior does the browser hand on finding website? This would be an indiation of high latency lookups. You might compare this with using an ip address to a site.

John


(in reply to Alika)
Post #: 2
RE: Slow Web browsing after Cycling isa services - 6.Apr.2001 9:40:00 PM   
Alika

 

Posts: 8
Joined: 6.Apr.2001
From: Cedar Rapids, Iowa USA
Status: offline

quote:
Originally posted by jmunyan:
So you see a connection with slow service and dns? What is the dns configuation you are useing? Particularly is ISA looking inward to dns or outward to an external name server? When webclients experience this behavior does the browser hand on finding website? This would be an indiation of high latency lookups. You might compare this with using an ip address to a site.

John



(in reply to Alika)
Post #: 3
RE: Slow Web browsing after Cycling isa services - 6.Apr.2001 9:43:00 PM   
Alika

 

Posts: 8
Joined: 6.Apr.2001
From: Cedar Rapids, Iowa USA
Status: offline
Our DNS configuration is we use is we have a Primary DNS, WINS, DHCP, and a Secondary WINS, DNS, DHCP server internally. They (DNS's) each have 3 forwarders pointing to the outside. Then the WAN NIC on ISA is pointing to the internal DNS's.

What do you mean by "hand on finding website?"

Thanks

quote:
Originally posted by jmunyan:
So you see a connection with slow service and dns? What is the dns configuation you are useing? Particularly is ISA looking inward to dns or outward to an external name server? When webclients experience this behavior does the browser hand on finding website? This would be an indiation of high latency lookups. You might compare this with using an ip address to a site.

John



(in reply to Alika)
Post #: 4
RE: Slow Web browsing after Cycling isa services - 6.Apr.2001 9:54:00 PM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
I meant hang not hand.

So ISA is pointing backward and then the dns does a forward lookup though the firewall? If this is the case, I have seen issues with the dns request properly making its way to the upstream resolver. Tom has recorded different results than I.

What I did, which is apparently not the best way of dealing with the situation is to install an instance of the dns service on isa and point isa at this dns. Then configure this dns to forward to the upstream resolver. I then took my internal dns' and forwared to the isa dns. This does work for me. If you opt to go this way make sure you let the dns only listen in an internal dedicated ip address. If you want public access to zone info held there create a dns publication rule from the public range to the internal address the dns is listening on.

John


(in reply to Alika)
Post #: 5
RE: Slow Web browsing after Cycling isa services - 6.Apr.2001 10:04:00 PM   
Alika

 

Posts: 8
Joined: 6.Apr.2001
From: Cedar Rapids, Iowa USA
Status: offline
Yes, the browser does hang but after it fails a refresh will pull up the web page, we see your solution but we would not feel comfortable doing it. We think the workaround now is more safe approach than going into unfamilier territory in configuring DNS. Thanks
quote:
Originally posted by jmunyan:
I meant hang not hand.

So ISA is pointing backward and then the dns does a forward lookup though the firewall? If this is the case, I have seen issues with the dns request properly making its way to the upstream resolver. Tom has recorded different results than I.

What I did, which is apparently not the best way of dealing with the situation is to install an instance of the dns service on isa and point isa at this dns. Then configure this dns to forward to the upstream resolver. I then took my internal dns' and forwared to the isa dns. This does work for me. If you opt to go this way make sure you let the dns only listen in an internal dedicated ip address. If you want public access to zone info held there create a dns publication rule from the public range to the internal address the dns is listening on.

John



(in reply to Alika)
Post #: 6
RE: Slow Web browsing after Cycling isa services - 7.Apr.2001 8:23:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey Guys,

You definitely should not set the external NIC to use the internal DNS Server to resolve names. I can't see a good reason to do this, and it would explain a the problems that you're having.

The internal interface should be configured with the IP address of the internal DNS Server.

Firewall and Web Proxy clients will allow the ISA Server to resolve Internet names for them. However, if you need to resolve unqualified names on the internal network, or even Fully Qualified names on the internal network, you should set up a DNS setting for them to a DNS Server on the internal network.

Also, SecureNAT clients have to use to be configured to use a DNS server, since the ISA Server will not perform name resolution for them.

The best solution is to configure an internal DNS Server that uses a Forwarder, that way you can support your published servers that must be configured as SecureNAT clients.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/


(in reply to Alika)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Slow Web browsing after Cycling isa services Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts