Share via

DNS is utilizing high bandwidth

Mohd Arif 926 Reputation points
2020-10-21T10:30:13.797+00:00

I am using AD integrated DNS server. I have 6 Mbps line. Today, my bandwidth is being full utilized which is causing slowness problem. So network team helped capturing packets and they found that DNS server is one which is high utilizing the bandwidth. I have set three DNS servers one is in same office (Local DNS server) and other servers are remote. Problematic site is in hungary and Two alternative DNS servers in Germany

  1. How can I find which device is send more packets to DNS server?
  2. Any reason which may cause high bandwidth at DNS server??
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,994 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,025 questions
Accepted answer
  1. Mohd Arif 926 Reputation points
    2020-10-22T09:40:04.997+00:00

    I am using windows server 2012 R2. This server hosts role of RODC, DNS, DHCP and NPS. As I checked in server performance report, lsass.exe is utilizing high bandwidth so I suspect something related to AD service. However, we cannot ignore other roles hosted on this server so checking possible cause at DNS, DCHP and NPS level.

    1. I have verified AD sites and services, subnet is added well.
    2. Replication time is set to 30 minutes as other DCs have

    We have one AD group, member of that group do local cache of credential for RODC authentication so I added all computers in that group. Also, I captured some information from Wireshark and Network Mon tool, it shows some service accounts are sending too many Kerberos ticket this may also cause a bandwidth utilization. So those service accounts are added in a group so the credential will be added locally at computer.

    I have asked local IT team to observe the status. so far now they have not reported any problem. I will wait for few more days and update you guys.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,246 Reputation points Microsoft Employee
    2020-10-22T06:48:46.32+00:00

    @Mohd Arif Thanks for reaching out. This would need a few more details in order to troubleshoot or understand the point of failure.

    Can you help us with following ?

    1) What is the windows server version on each servers ? Earlier windows versions like 2008 and 2012 had some known DNS issues and are available with some hotfix.
    If you are still using 2008 for some reason, you might want to upgrade it as we have ended the support for it.

    2008 DNS hotfixes : https://social.technet.microsoft.com/wiki/contents/articles/30374.list-of-dns-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx
    2012 DNS hotfixes : https://social.technet.microsoft.com/wiki/contents/articles/30357.list-of-dns-related-hotfixes-post-rtm-for-windows-server-2012-rtm.aspx
    https://support.microsoft.com/en-in/help/3038024/dns-server-does-not-try-the-second-forwarder-and-other-dns-improvement

    If your scenario matches any above, you can apply the hotfixes. If you need to investigate further, you would have to collect some logs and analyze.

    1) You can enable the DNS debugging and DNS logs and understand the traffic flow and reason behind it.

    2) You can also try TcpView. Install in on DNS server and monitor the traffic as it will tell you how many ports DNS has been using and how much traffic is getting passed per port. This will give you more idea with respect to protocol (TCP/UDP) level flow.

    As this is something which needs extensive analysis and troubleshooting, you can also open a support case with Windows Active Directory team to start with.

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

    0 comments
  2. Candy Luo 12,666 Reputation points Microsoft Vendor
    2020-10-22T07:56:51.977+00:00

    Hi ,

    As vipulsparsh said, if you need extensive analysis and troubleshooting, we would suggest you open a case with Microsoft.

    Since analysis of network traffic is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments