Hello all,
First let me start by saying im by no means an expert on DNS so hopefully you will be able to understand my issues.
A bit about our setup:
We have 3 DNS Servers running 2k8R2 that are all also DCs. We have DNS forwarders pointed to our ISPs DNS Servers and UDP53 is allowed for those IPs. NSLOOKUP works ok against these servers and recursion is allowed. "use root hints is no forwarders are available" is enabled (but there's no ports in the firewall to allow DNS traffic between our DNS Servers and Root Servers)
We have migrated to o365 and seen that the OWA can take an eternity to load (upto 2 minutes) Ive viewed the wireshark logs and it looks like the following is occuring.
DNS A query for the o365 IPs as its logging on
After the A Record is recieved it them querys for the PTR record for the IP in the A Records
PTR Lookup fails with NXDOMAIN
Once this happens a NetBIOS Query is done from the client direct to the IP in the A record (which is blocked by our FW)
Since the query is blocked the client waits the 1.5s timeout before moving on. It does this for nearly all the IPs used in the login process so delays for 1.5s on each query.
If i run this from home no PTR records are requested
If i do this on the DC no PTR Records are requested
I have no idea why clients seems to be requesting PTRs after the A records?
Below is an example of what i mean (10.15.64.8 is DC/DNS, 10.15.68.201 is Client)
10.15.68.201 | 10.15.64.8 | DNS | 71 | Standard query 0xae16 A outlook.com |
10.15.64.8 | 10.15.68.201 | DNS | 327 | Standard query response 0xae16 A 157.56.238.59 A 157.56.242.187 A 157.56.242.203 A 157.56.242.235 A 157.56.242.251 A 132.245.1.139 A 132.245.1.155 A 132.245.1.187 A 132.245.1.203 A 132.245.2.11 A 132.245.2.27 A 132.245.2.59 A 132.245.2.75 A 157.56.237.251 A 157.56.238.11 A 157.56.238.43 |
10.15.68.201 | 10.15.64.8 | DNS | 86 | Standard query 0xd8e5 PTR 59.238.56.157.in-addr.arpa |
10.15.64.8 | 10.15.68.201 | DNS | 154 | Standard query response 0xd8e5 No such name |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
10.15.68.201 | 157.56.238.59 | NBNS | 92 | Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> |
Could anyone offer any advice as to why this is happening?