Is it a killer? DNS v. s LAN

After running for a period of time, the LAN Based on Windows NT4.0 finds that the whole network runs slowly: running the office automation system and the WWW homepage in the Access Board is obviously slower than before, especially accessing the internal homepage.

A. Disconnection during testing

After confirming that there is no transmission problem, you can use the ping command to test and find that not only is it broken when you ping the internal homepage, but also the LAN port (10.10.0.254) of the router.

B. Traffic Analysis

We need to analyze the traffic. We decided to use the network monitor of Windows NT Server 4.0 to monitor the running status of the network. We monitored the bandwidth used by the network, the peak usage, and the data frame being transmitted, analyze whether or not network congestion is caused and the causes of network congestion by monitoring.

Microsoft Network Monitor is a software-based network traffic analysis tool that allows users:

1. Directly capture frames (information packets) from the network );

2. display or filter captured frames immediately or later after capturing;

3. Edit captured frames and send them to the Internet.

The Network Monitor is included in Windows NT Server 4.0 (simple version) and Microsoft System Management Server (full version). because we do not have Microsoft System Management Server, therefore, you have to install a simple version of network monitor. The installation process is: Open the Network icon in the control panel, select the service tab, click "add", and then select the Network Monitor Tool and proxy, click "OK", enter the path of the Windows NT Server 4.0 cd, and click "continue" to start the installation. After the installation is complete, restart the network monitor.

Run the network monitor and press the F10 function key to capture network traffic. By capturing the statistical data of the window, it is found that the average network utilization rate is more than 50%, and most of them are sent to the vro. Press the F11 function key to stop the capture, and then press the F12 function key to display the captured data. It is found that more than 90% of the data frames are sent by the DNS service. It is unimaginable to have so many DNS data frames on a network, so it is basically determined that the fault is caused by DNS.

C. Re-configure DNS

The DNS is reconfigured to restore the high-speed OA server (10.10.0.1) and act as the domain name system server (DNS). The DNS of all LAN clients directs to 10.10.0.1, that is, when a client requests to resolve the host name to an IP address, it sends a query request to the 10.10.0.1 host. After carefully checking the DNS configuration, it is found that the forwarder is selected in the server attribute. The host 10.10.0.5 is entered in the list, that is, when the server cannot parse the domain name request of the client, all requests are sent to another DNS server: 10.10.0.5.

Host 10.10.0.5 is a WWW server running Windows NT Server 4.0 and serves as a Routing Server. The default gateways of all clients in the LAN direct to the host, the host communicates with an external host (not the subnetwork) and does not provide domain name resolution services.

When neither DNS server can resolve the Request Host Name, an endless loop is formed, resulting in a large amount of network traffic, affecting the overall network speed. Because the default gateway of the WWW server 10.10.0.5 is the LAN port of the Cisco 2621 router (10.10.0.254), a large number of data frames are forwarded to the router, causing network congestion.

Solve the problem in this way: unmount the DNS service temporarily installed on the WWW server (10.10.0.5) and disable the forwarding of the DNS server (10.10.0.1), which significantly improves the network speed, the communication has also recovered.