DNS Redirector
 Return to FAQ List

FAQ 65: Best practices for speedy DNS resolution

Category: Troubleshooting | Updated: 04/25/2013 4:39 PM

1) If the LAN has the potential for a large number of clients it is suggested that you run a "real" DNS server locally, so the response is always from a quick/local cache rather than an ISP/external server. You could use Microsoft's DNS service (included in Windows server) to do this. This service can co-exist on the same server running DNS Redirector, see FAQ 91. You then configure the "real" DNS server to forward queries out to your ISP's DNS servers.

2) Use a fast and reliable "real" DNS server, your ISP's DNS servers may not always be the best choice. Use a benchmark tool as described here to determine the fastest DNS servers from your connection.

3) When looking at the DNS Redirector daily logs you may notice query timeouts, occasionally this is OK/expected. The upstream DNS server could be down, unavailable, overwhelmed, or just took too long. In some cases the DNS record doesn't exist; you'll often see these when someone comes to your network with their laptop from work, which might be an Active-Directory domain member. The work laptop tries to resolve internal domain/server names, but because it's not on the company network it's OK/normal that these don't resolve and timeout. Another case is reverse DNS lookups; (rdns, queries ending in .in-addr.arpa) which are often made by Macintosh/Apple clients for no discernible reason at all, it's OK/normal that these timeout and does not break any client functionality.

4) Keep in mind DNS Redirector only manipulates DNS service. It's unlikely that DNS Redirector has an impact on the speed or throughput of the Internet connection; time to load a website after the initial resolve, time to download a file, or affect the use of voice/video over IP products, etc. It's more likely the free/public Internet access you're offering has become overly popular, or there are users who are abusing it with large downloads, thereby maxing out the throughput of the wireless access point, the firewall/router, and/or your ISP connection. You might try implementing additional blocked keywords to prevent certain high-bandwidth sites or services, or use a router with QoS or packet shaping capabilities. For a definitive answer run a bandwidth graphing program, software such as MRTG or PRTG can be configured to monitor the perimeter firewall/router WAN port and plot a graph of utilization over time.

5) If your blocked site is slow, not responding, or stuck in a redirect loop; this can cause some websites to load slower than expected. It is NOT a good idea to run the DNS Redirector blocked site on a workstation OS, use a server OS, see IIS- OS Version Limits

Related articles
FAQ 126  Best practices for public networks

DNS Redirector | Legal Information | 2003-2017