Slow network when chaning default gateway from AD server to Internet router.

Hi!
We just received a new internet connection at our office (in northeastern Cambodia). The connection is working, but we have trouble with getting the clients on the network to access the connection.

The problem is the following: We have a Windows 2000 server with Active Directory, DHCP server, DNS server, etc.

When we got the new Internet connection we connected it to a router on the network. After doing that no one could still access the internet. In order for the clients to access the connection, we switched the DHCP server from the server to the router to see if it solved the problem. In one way it did, everyone could now access the Internet. But instead we got big problems with our domain. It took forever to login and communications with the server was very slow.

There are 2 possible problems as I see it:
1. Between the server and the main switch, we have a 1000 Mbps connection. When using the router as gateway, maybe all traffic goes through the router and then to the server, creating a bottle neck at the router, which is only 100 Mbps. But it feels like the speed should be enough anyway.

2. The domain controller wants to be primary default gateway and cannot function properly unless it is the default gateway.

The solution that comes to my mind is that all clients should go to the server first. If the address or name is not found there, the server should redirect them to the router and internet DNS servers. The problem is that I don’t know how to implement this.

Any help or small ideas would be appreciated!

Regards, Jeremia

 

When you changed ISP's the DNS forward lookup zone on the server is now incorrect.

The clients need to be pointed to the local server for DNS but can still have the router as the default gateway.

The server needs to know where to look for it's DNS info and gateway.

 

Thank you for your answer!

How do I tell the server where to look for "it's DNS info and gateway "?

/ Jeremia

 

Switch back to using DHCP on the server (switch off DHCP at the router).

In DHCP on the server update the scope option 003 Router to the IP address of your router.

Your client PCs will get the new setting on a reboot or you can use these commands at the command prompt to force the system to update its TCP/IP settings:

Code:

ipconfig /release
ipconfig /renew

 

One problem left

Thanks for your answer!

I got a reply from someone else saying to set the following settings in the DHCP server:

003 Router: 192.168.2.2 (Internet gateway
006 DNS Servers: 192.168.2.1 (Server), ISP's primary DNS, ISP's secondary DNS

I tried setting these settings manually on a client before testing on the whole domain. With these settings the internal network worked fine and the client could access the internet, but did not use the ISP's DNS servers. That means that I could not ping www.google.com, but I could ping google's IP (64.233.189.104).

For me that says that the second and third DNS server is only used if the first is unavailable. In that case I need to set the DNS server on the server to forward all unknown name lookups to the ISP's DNS servers. Does anybody knows how I can do this?

Regards, Jeremia

 

I found the solution

Hi!
I found the solution. The solution is the following:

1. Use the server as DHCP server (because it's mostly easier to set the settings from here).

2. In the DHCP server set the following options:
003 Router: [Internet router IP]
006 DNS Servers: [Win server IP], [ISP DNS server 1], [ISP DNS server 2]

(Adding the ISP DNS servers here lets the clients access the internet even if the server is down, but the network and router is up)

3. In the DNS server on the Win server:
- Right click on the server
- Choose tab "Forwarders "
- Click "Enable forwarders "
(If this is not possible, see point 4 below)
- Add the ISP's DNS servers to the IP address list

4. If you can not "Enable forwarders" on the server DNS in point 3:
The problem is that the DNS server thinks it is a ROOT (top) DNS server which do not need to ask anyone above for help with DNS lookups. This is mostly not the case, why we need to tell the DNS server that it isn't a ROOT DNS server.
- Expand the Win server
- Expand "Forward Lookup Zones "
- Delete the folder named with a dot ( ". ")
- Restart the DNS server and try to follow the instructions in point 3 again.

Thank you for helping me to find the solution!

Best regards, Jeremia

 

Glad to hear you've sorted it. I had a similar problem on my network years ago and forwarders were the solution. At the time I was still doing my MCSE and had not learnt about forwarders. Took me ages to figure out.

 

Yep that was what I was telling you to do but did not have time to follow up. Sorry about that.

FYI, A client will never use the secondary unless the primary is not avaible.