Comments on: DNS Related Performance Problems for the ISA Firewall

by: Jaired Anderson

Mon, 15 Oct 2007 19:57:50 +0000

Tom-

How could one determine if DNS is the performance robbing culprit if one is configured in cache mode only? (forward proxy).

Thanks.

by: Thomas Shinder

Thu, 11 May 2006 12:30:47 +0000

Hi Don,
You bet!
Thanks!
Tom

by: DonMurphy

Thu, 11 May 2006 04:41:24 +0000

Thanks for the clarification

by: Thomas Shinder Blog » Blog Archive » General Approach to Solving Performance Issues with the ISA Firewall Part 1

Tue, 09 May 2006 11:47:58 +0000

[…] If PMTU and black hole routers are ruled out as a problem, then check the DNS settings on the ISA firewall’s NICs. I discussed that in my last post, which you can read at http://blogs.isaserver.org/shinder/2006/05/08/dns-...ewall/ […]

by: Thomas Shinder

Tue, 09 May 2006 11:06:00 +0000

Hi Don,

There’s really no reason to do this, and it could slow things down just a bit. If the first adapter query fails, there no reason to deal with waiting for the second adapter query to fail since its the same DNS server. Just remove DNS settings from all interfaces except the internal interface.
HTH,
Tom

by: DonMurphy

Tue, 09 May 2006 05:00:47 +0000

Hey Tom. Great stuff as usual.

In a 2 nic simple SBS premium config we usually specify the dns settings of our internal LAN to ourselve (which is in SBS lingo the DNS server). We agree so far. But what we also do is on the external interface we point the dns server to the internal lan NIC as well. Do you see anything wrong with this approach?