Slow network when changing gateway from AD server to internet gateway

[shogyn]

Hi!

We just received a new internet connection at our office (in northeastern Cambodia). The connection is working, but we have trouble with getting the clients on the network to access the connection.

The problem is the following: We have a Windows 2000 server with Active Directory, DHCP server, DNS server, etc.

When we got the new Internet connection we connected it to a router on the network. After doing that no one could still access the internet. In order for the clients to access the connection, we switched the DHCP server from the server to the router to see if it solved the problem. In one way it did, everyone could now access the Internet. But instead we got big problems with our domain. It took forever to login and communications with the server was very slow.

There are 2 possible problems as I see it:

1. Between the server and the main switch, we have a 1000 Mbps connection. When using the router as gateway, maybe all traffic goes through the router and then to the server, creating a bottle neck at the router, which is only 100 Mbps. But it feels like the speed should be enough anyway.

2. The domain controller wants to be primary default gateway and cannot function properly unless it is the default gateway.

The solution that comes to my mind is that all clients should go to the server first. If the address or name is not found there, the server should redirect them to the router and internet DNS servers. The problem is that I don’t know how to implement this.

Any help or small ideas would be appreciated!

Regards, Jeremia

[Romas]

Hi Jeremia

As I understand it, for AD to work correctly, your DC must be the DNS server for your clients. I would also move the DHCP server back to your DC. Have you changed your DC's DHCP scope to point to the new router's IP as the default gateway?

I set my DC's to point to themselves for DNS, and I don't configure any forwarders to external DNS's either as this has caused problems in the past.

Regards

Paul

Edited June 5, 2007 by Romas

[Stoic Joker]

ALL Machines should (must) point only to the DC's DNS server. = Correct.

The DC's DNS server should (must) have forwarders enabled to resolve (internet) DNS lookups for the rest of the network. The sticking point here is in Windows2000 you need to delete the Dot '.' Zone before the forwarders tab will be displayed, so you can enable DNS (lookup) forwarding for external (internet) domains.

Edited June 5, 2007 by Stoic Joker

[shogyn]

:-) Yes, I just found the solution myself. Thank you very much for providing with me with the answer anyway!

Here is my complete config for the solution:

1. Use the server as DHCP server (because it's mostly easier to set the settings from here).

2. In the DHCP server set the following options:

003 Router: [internet router IP]

006 DNS Servers: [Win server IP], [iSP DNS server 1], [iSP DNS server 2]

(Adding the ISP DNS servers here lets the clients access the internet even if the server is down, but the network and router is up)

3. In the DNS server on the Win server:

- Right click on the server

- Choose tab "Forwarders"

- Click "Enable forwarders"

(If this is not possible, see point 4 below)

- Add the ISP's DNS servers to the IP address list

4. If you can not "Enable forwarders" on the server DNS in point 3:

The problem is that the DNS server thinks it is a ROOT (top) DNS server which do not need to ask anyone above for help with DNS lookups. This is mostly not the case, why we need to tell the DNS server that it isn't a ROOT DNS server.

- Expand the Win server

- Expand "Forward Lookup Zones"

- Delete the folder named with a dot (".")

- Restart the DNS server and try to follow the instructions in point 3 again.

Thank you for helping me to find the solution!

Best regards, Jeremia