Many webpages frequently download without CSS -- requires F5'ing page to load

[Cerulean]

Greetings,

Running a Windows 2008 R2 x64 server (10.0.255.3). Not sure if it is just MediaCom being slow and wack, but a lot of websites that I first load do not load their stylesheets until I refresh/reload the page with F5. In addition, some 15-30 minutes ago, I couldn't pull up any website other than google.com and yahoo.com. I did nslookup and tracert on sites like orderdis.com (main company website hosted by DreamHost) and dreamhost.com, and got an error like:

C:\Users\Administrator>tracert orderdis.com
Unable to resolve target system name orderdis.com.

I'm somewhat suspicious that Windows DNS/DHCP is the culprit, or I don't know. Our pfSense router is at 10.0.255.1. DHCP tells clients that the default gateway ("Router" in Windows DHCP service) is 10.0.255.1, DNS is 10.0.255.3. Right now I can apparently browse the internet fine.

CEO sent me a complaint via e-mail about how unsatisfyingly slow and getting 404 errors on certain webpages (like aa.com [American Airlines] -- and obviously, a website for a company as big as American Airlines should not be giving 404/website not found messages in IE). I'm wondering if perhaps OpenDNS may be the culprit too; pfSense box (10.0.255.1) is configured to use 208.67.222.222 and 208.67.220.220 for DNS through WAN.

EDIT: Ok, aa.com is not coming up again. tracert sure takes its time as it tries to resolve each hop.

EDIT2: Ok, aa.com comes up like half the time, so it's really hard to get any good nslookup/tracert/ping results to indicate a problem somewhere

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup aa.com
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    aa.com
Address:  144.9.72.134


C:\Users\Administrator>tracert aa.com

Tracing route to aa.com [144.9.72.134]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.255.1
  2     7 ms     7 ms     7 ms  10.172.54.1
  3     5 ms     7 ms     7 ms  172.30.3.237
  4     7 ms     7 ms     7 ms  172.30.3.213
  5    12 ms    11 ms    11 ms  12.94.137.21
  6    24 ms    22 ms    23 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    23 ms    23 ms    23 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    78 ms    49 ms    34 ms  12.122.212.9
  9    21 ms    20 ms    21 ms  192.205.37.126
 10    23 ms    23 ms    20 ms  0.ae1.xl3.dfw7.alter.net [152.63.96.46]
 11    22 ms    23 ms    23 ms  0.xe-3-0-0.xt3.dfw9.alter.net [152.63.0.49]
 12    24 ms    22 ms    22 ms  gigabitethernet6-0-0.gw14.dfw9.alter.net [152.63
.96.65]
 13    24 ms    23 ms    23 ms  eds-planotx-gw.customer.alter.net [63.125.131.2]

 14    23 ms    23 ms    24 ms  192.85.47.241
 15    27 ms    24 ms    23 ms  192.85.58.10
 16    25 ms    24 ms    24 ms  www.aa.com [144.9.72.134]

Trace complete.

C:\Users\Administrator>ping aa.com

Pinging aa.com [144.9.72.134] with 32 bytes of data:
Reply from 144.9.72.134: bytes=32 time=23ms TTL=243
Reply from 144.9.72.134: bytes=32 time=24ms TTL=243
Reply from 144.9.72.134: bytes=32 time=24ms TTL=243
Reply from 144.9.72.134: bytes=32 time=23ms TTL=243

Ping statistics for 144.9.72.134:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms

C:\Users\Administrator>

EDIT3: I am connected with my laptop from my apartment via VPN. pfSense box (10.0.255.1) serves VPN. Here is my ipconfig and an nslookup on opendns.com

PPP adapter Data Imaging Supplies:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Data Imaging Supplies
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.255.192(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   Primary WINS Server . . . . . . . : 10.0.255.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\Qwerty>nslookup opendns.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    opendns.com
Address:  208.69.38.160

Here is the ipconfig and nslookup opendns.com from the Windows server (10.0.255.3):

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : echo
   Primary Dns Suffix  . . . . . . . : orderdis.net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : orderdis.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-14-38-BD-33-35
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.255.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 10.0.255.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter #2
   Physical Address. . . . . . . . . : 00-14-38-BD-33-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EB43A2CB-114A-4A53-B93A-940B886BB66C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E1222507-0B6C-4817-BEE2-0DB566476154}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>nslookup opendns.com
Server:  localhost
Address:  127.0.0.1

Name:    opendns.com
Address:  208.69.38.150


C:\Users\Administrator>

Why do I get different results? And is this Windows server just too slow to quickly serve DNS name resolution queries?

 

[Exavior]

What are the specs of the server?

 

[Cerulean]

What are the specs of the server?

DL380 G4 with two dual-core Xeon's at somewhere around 2.8-3.2GHz with 4GB DDR2-ECC RAM (two sticks of 2GB).

 

[dreamnid]

I would suggest using a packet sniffer such as wireshark to see if it is reporting tcp errors.

Some additional questions:

1) What is your router/switch handling the internet gateway?
2) I'm assuming your network is NATed?
3) Did this start happening recently? Anything happen that could correspond to that event?
4) Approx # of users on your network

I couldn't tell from your edits when you were connected via VPN if loading websites seems to work better during the off-hours?

My thought is that the router is getting overwhelmed with either the # of connections or has trouble opening a connection for some reason.

Hopefully you'll find something to look into between capturing packets and looking at the router status.

Good luck!

 

[Cerulean]

Greetings dreamnid,

Firstly, I appreciate your interest to help and providing me with questions for me to try help to you help me.

1) Could you rephrase/restate the question? I'm not sure I understand what you're asking
2) I know what NAT is, but I'm not sure how you mean "your network is NATed". If you mean by having an IP like 192.168.0.x and NAT being involved between that side of the network and the cable modem, then yes.
3) Seems like it has started happening recently. Last weekend I finally deployed a Windows 2008 R2 x64 server to replace their old and now dead Linux server that had served as a domain controller, WINS server, file server, time server, and e-mail server. So these problems have pretty much been due to migrating to a Windows-based domain controller from a Linux-based domain controller.
4) 4 employees total at the office, but 6 computers are used throughout the day (of course, the employees can only be at one computer at a time)

I was testing via VPN during off-hours. Under a VPN connection, the default gateway and DNS is the PPTP Server (aka the pfSense machine); the PPTP Server (or Service) serves DNS to its clients. I found that I didn't have any problems browsing the internet as a VPN client, so to test the situation I had to RDP into the Windows 2008 R2 (10.0.255.3) server and had also RDP'd into a couple workstations, and tested from those (1 server, 2-3 workstations). It seems that if the DNS server is straight pfSense machine, things go well. But putting the Windows server as the middle man between the pfSense machine and workstations for DNS, makes me suspicious that something in Windows may be the culprit or something.

I will install Wireshark on the Windows 2008 R2 server soon and see if I can find something...

 

[Exavior]

Greetings dreamnid,

Firstly, I appreciate your interest to help and providing me with questions for me to try help to you help me.

1) Could you rephrase/restate the question? I'm not sure I understand what you're asking
2) I know what NAT is, but I'm not sure how you mean "your network is NATed". If you mean by having an IP like 192.168.0.x and NAT being involved between that side of the network and the cable modem, then yes.
3) Seems like it has started happening recently. Last weekend I finally deployed a Windows 2008 R2 x64 server to replace their old and now dead Linux server that had served as a domain controller, WINS server, file server, time server, and e-mail server. So these problems have pretty much been due to migrating to a Windows-based domain controller from a Linux-based domain controller.
4) 4 employees total at the office, but 6 computers are used throughout the day (of course, the employees can only be at one computer at a time)

I was testing via VPN during off-hours. Under a VPN connection, the default gateway and DNS is the PPTP Server (aka the pfSense machine); the PPTP Server (or Service) serves DNS to its clients. I found that I didn't have any problems browsing the internet as a VPN client, so to test the situation I had to RDP into the Windows 2008 R2 (10.0.255.3) server and had also RDP'd into a couple workstations, and tested from those (1 server, 2-3 workstations). It seems that if the DNS server is straight pfSense machine, things go well. But putting the Windows server as the middle man between the pfSense machine and workstations for DNS, makes me suspicious that something in Windows may be the culprit or something.

I will install Wireshark on the Windows 2008 R2 server soon and see if I can find something...

For 1 he wanted to know what you had connection yourself to the internet. You brought up a cable modem, what does that connect to? ie a 24 port CISCO switch or a 8 port DLink...

See that you brought up Domain Controller.. Do you have that setup as a DNS server? I would have that set to forward to OpenDNS and point all your computers at that, or is that what you are doing? not sure how your active directory domain works without DNS pointing at the domain controller.

 

[Cerulean]

For 1 he wanted to know what you had connection yourself to the internet. You brought up a cable modem, what does that connect to? ie a 24 port CISCO switch or a 8 port DLink...

See that you brought up Domain Controller.. Do you have that setup as a DNS server? I would have that set to forward to OpenDNS and point all your computers at that, or is that what you are doing? not sure how your active directory domain works without DNS pointing at the domain controller.

Greetings,

Thank you for elaborating. The Domain Controller is also setup to serve DNS and DHCP (as recommended and suggested if also running ADDS). The pfSense box has its DNS Forwarder and DHCP services disabled; it is configured to use OpenDNS.

We have MediaCom as the ISP providing cable internet on a business subscription. Instead of using their modem, we're using a Motorola SB6120. This modem connects to a patch panel in the rack, which then is plugged in to what is the WAN port on the pfSense server. The LAN interface of the pfSense server is plugged into one of many ports on a HP ProCurve Switch 4000M J4121A with several banks of ports (estimating around 48 total, with around 16-24 Ethernet ports plugged in, and roughly 8-13 active). The servers are plugged into this big switch, and all the building drops end up coming back to this switch as well.

Please advise.

 

[Exavior]

what do you have your DNS server set to forward to? if that is pointing to OpenDNS have you tried to change it to Mediacom's or anyone else's DNS?

 

[Cerulean]

what do you have your DNS server set to forward to? if that is pointing to OpenDNS have you tried to change it to Mediacom's or anyone else's DNS?

Apparently this may have been the problem??? I found out about this via Google.. needed to goto the properties of the "DNS Server" in the DNS management console and add OpenDNS under Forwarding DNS.

 

[Cerulean]

Diagnostic information from a workstation:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

H:\>tracert suppliesnetwork.com

Tracing route to suppliesnetwork.com [67.133.80.98]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.255.1
  2    19 ms    19 ms    19 ms  10.172.54.1
  3    38 ms    19 ms    19 ms  172.30.3.237
  4   101 ms    25 ms    24 ms  172.30.3.213
  5    19 ms    19 ms    19 ms  12.94.137.41
  6   138 ms    38 ms    38 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7   154 ms    38 ms    38 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    38 ms    38 ms    38 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    96 ms    38 ms    38 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14    59 ms    59 ms    40 ms  67.133.80.98

Trace complete.

H:\>nslookup suppliesnetwork.com
Server:  echo.orderdis.net
Address:  10.0.255.3

Non-authoritative answer:
Name:    suppliesnetwork.com
Address:  67.133.80.98


H:\>ping suppliesnetwork.com

Pinging suppliesnetwork.com [67.133.80.98] with 32 bytes of data:

Reply from 67.133.80.98: bytes=32 time=64ms TTL=115
Reply from 67.133.80.98: bytes=32 time=62ms TTL=115
Reply from 67.133.80.98: bytes=32 time=41ms TTL=115
Reply from 67.133.80.98: bytes=32 time=53ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 64ms, Average = 55ms

H:\>tracert 67.133.80.98

Tracing route to 67.133.80.98 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.0.255.1
  2    20 ms    20 ms    20 ms  10.172.54.1
  3    20 ms    24 ms    25 ms  172.30.3.237
  4    21 ms    20 ms    20 ms  172.30.3.213
  5    20 ms    20 ms    20 ms  12.94.137.41
  6    41 ms    22 ms    40 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    41 ms    22 ms    39 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    41 ms    41 ms    22 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    21 ms    21 ms    39 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14    84 ms    63 ms    65 ms  67.133.80.98

Trace complete.

H:\>nslookup 67.133.80.98
Server:  echo.orderdis.net
Address:  10.0.255.3

*** echo.orderdis.net can't find 67.133.80.98: Non-existent domain

H:\>ping 67.133.80.98

Pinging 67.133.80.98 with 32 bytes of data:

Reply from 67.133.80.98: bytes=32 time=63ms TTL=115
Reply from 67.133.80.98: bytes=32 time=63ms TTL=115
Reply from 67.133.80.98: bytes=32 time=106ms TTL=115
Reply from 67.133.80.98: bytes=32 time=97ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 106ms, Average = 82ms

H:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : 005wks-sgf
        Primary Dns Suffix  . . . . . . . : orderdis.net
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : orderdis.net
                                            orderdis.net

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : orderdis.net
        Description . . . . . . . . . . . : SMC EZ Card 10/100 (SMC1255TX)
        Physical Address. . . . . . . . . : 00-04-E2-3E-B7-3B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.0.255.100
        Subnet Mask . . . . . . . . . . . : 255.255.254.0
        Default Gateway . . . . . . . . . : 10.0.255.1
        DHCP Server . . . . . . . . . . . : 10.0.255.3
        DNS Servers . . . . . . . . . . . : 10.0.255.3
        Primary WINS Server . . . . . . . : 10.0.255.3
        Lease Obtained. . . . . . . . . . : Tuesday, January 24, 2012 12:15:11 P
M
        Lease Expires . . . . . . . . . . : Wednesday, February 01, 2012 12:15:1
1 PM

H:\>

Diagnostic information from the Window server (10.0.255.3):

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>tracert suppliesnetwork.com

Tracing route to suppliesnetwork.com [67.133.80.98]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.255.1
  2     7 ms     7 ms     7 ms  10.172.54.1
  3     9 ms     7 ms     7 ms  172.30.3.237
  4   133 ms    60 ms     7 ms  172.30.3.213
  5    12 ms    12 ms    14 ms  12.94.137.41
  6   267 ms    23 ms    26 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    25 ms    22 ms    23 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    22 ms    21 ms    21 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    21 ms    21 ms    21 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14    66 ms    60 ms   121 ms  67.133.80.98

Trace complete.

C:\Users\Administrator>nslookup suppliesnetwork.com
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    suppliesnetwork.com
Address:  67.133.80.98


C:\Users\Administrator>ping suppliesnetwork.com

Pinging suppliesnetwork.com [67.133.80.98] with 32 bytes of data:
Reply from 67.133.80.98: bytes=32 time=56ms TTL=115
Reply from 67.133.80.98: bytes=32 time=68ms TTL=115
Reply from 67.133.80.98: bytes=32 time=99ms TTL=115
Reply from 67.133.80.98: bytes=32 time=114ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 114ms, Average = 84ms

C:\Users\Administrator>tracert 67.133.80.98

Tracing route to 67.133.80.98 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.0.255.1
  2     9 ms     9 ms     7 ms  10.172.54.1
  3     6 ms     7 ms     9 ms  172.30.3.237
  4     7 ms    20 ms     8 ms  172.30.3.213
  5    11 ms    13 ms    12 ms  12.94.137.41
  6    26 ms    26 ms    23 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    26 ms    26 ms    23 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    22 ms    21 ms    21 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    21 ms    21 ms    21 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14   109 ms    81 ms   108 ms  67.133.80.98

Trace complete.

C:\Users\Administrator>nslookup 67.133.80.98
Server:  localhost
Address:  127.0.0.1

*** localhost can't find 67.133.80.98: Non-existent domain

C:\Users\Administrator>ping 67.133.80.98

Pinging 67.133.80.98 with 32 bytes of data:
Reply from 67.133.80.98: bytes=32 time=101ms TTL=115
Reply from 67.133.80.98: bytes=32 time=101ms TTL=115
Reply from 67.133.80.98: bytes=32 time=41ms TTL=115
Reply from 67.133.80.98: bytes=32 time=97ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 101ms, Average = 85ms

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : echo
   Primary Dns Suffix  . . . . . . . : orderdis.net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : orderdis.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7782 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-14-38-BD-33-35
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.255.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : 10.0.255.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EB43A2CB-114A-4A53-B93A-940B886BB66C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>

Diagnostic information from my laptop that is at home, connected to workplace network via VPN to pfSense server (10.0.255.1):

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Qwerty>tracert suppliesnetwork.com

Tracing route to suppliesnetwork.com [67.133.80.98]
over a maximum of 30 hops:

  1    67 ms    66 ms    67 ms  10.0.255.6
  2    74 ms    79 ms    73 ms  10.172.54.1
  3    78 ms    73 ms    77 ms  172.30.3.237
  4    76 ms    73 ms    75 ms  172.30.3.213
  5    79 ms    79 ms   109 ms  12.94.137.41
  6    96 ms    89 ms   100 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    99 ms    91 ms    90 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8    89 ms    87 ms    89 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    98 ms    90 ms    88 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14   185 ms   187 ms   189 ms  67.133.80.98

Trace complete.

C:\Users\Qwerty>nslookup suppliesnetwork.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    suppliesnetwork.com
Address:  67.133.80.98


C:\Users\Qwerty>ping suppliesnetwork.com

Pinging suppliesnetwork.com [67.133.80.98] with 32 bytes of data:
Reply from 67.133.80.98: bytes=32 time=147ms TTL=115
Reply from 67.133.80.98: bytes=32 time=131ms TTL=115
Reply from 67.133.80.98: bytes=32 time=184ms TTL=115
Reply from 67.133.80.98: bytes=32 time=163ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 131ms, Maximum = 184ms, Average = 156ms

C:\Users\Qwerty>tracert 67.133.80.98

Tracing route to 67.133.80.98 over a maximum of 30 hops

  1    67 ms    83 ms    69 ms  10.0.255.6
  2    78 ms    73 ms    75 ms  10.172.54.1
  3    85 ms    75 ms    72 ms  172.30.3.237
  4    75 ms    80 ms    72 ms  172.30.3.213
  5   201 ms   183 ms    79 ms  12.94.137.41
  6    91 ms    92 ms    95 ms  cr2.kc9mo.ip.att.net [12.122.150.138]
  7    95 ms    97 ms   137 ms  cr1.dlstx.ip.att.net [12.122.28.85]
  8   127 ms   261 ms    90 ms  dlstx02jt.ip.att.net [12.122.214.245]
  9    89 ms    93 ms    90 ms  192.205.32.54
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14   151 ms   159 ms   171 ms  67.133.80.98

Trace complete.

C:\Users\Qwerty>nslookup 67.133.80.98
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com can't find 67.133.80.98: Non-existent domain

C:\Users\Qwerty>ping 67.133.80.98

Pinging 67.133.80.98 with 32 bytes of data:
Reply from 67.133.80.98: bytes=32 time=132ms TTL=115
Reply from 67.133.80.98: bytes=32 time=175ms TTL=115
Reply from 67.133.80.98: bytes=32 time=159ms TTL=115
Reply from 67.133.80.98: bytes=32 time=171ms TTL=115

Ping statistics for 67.133.80.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 132ms, Maximum = 175ms, Average = 159ms

C:\Users\Qwerty>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sierra
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Peer-Peer
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter Data Imaging Supplies:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Data Imaging Supplies
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.255.192(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   Primary WINS Server . . . . . . . : 10.0.255.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-95-7A-E2-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566MM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-1E-37-1E-CA-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2012, January 22, Sunday 12:51:29 PM
   Lease Expires . . . . . . . . . . : 2012, January 27, Friday 12:51:48 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
   Physical Address. . . . . . . . . : 00-1D-E0-34-48-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.142(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2012, January 22, Sunday 12:51:35 PM
   Lease Expires . . . . . . . . . . : 2012, January 25, Wednesday 9:26:37 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-C4-BC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6118:ca72:aa1e:6882%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 738721831
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-1C-2A-00-1E-37-1E-CA-8F

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c55:f5:27f1:7515%21(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.117.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 738218070
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-1C-2A-00-1E-37-1E-CA-8F

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c1bc:8d3f:c61:8246%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.198.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 754995286
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-1C-2A-00-1E-37-1E-CA-8F

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{207DD9E5-41BC-41D6-AC94-DD289D16880F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3094:23ef:f5ff:3f(Prefer
red)
   Link-local IPv6 Address . . . . . : fe80::3094:23ef:f5ff:3f%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{14B1AEC1-5D61-47B2-A2A9-2ADCF6290780}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{834A7F48-DBFC-4C1A-97C0-F936393065DE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{64969A6C-B498-43E1-A178-C9DA37471F7D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{957AE2A8-C8C5-412A-9CB1-F0A74DE25426}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6DC1B4DB-0D68-49BE-B95E-11B827F8034D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{00AC303D-3B41-47B8-AB67-8B625B301460}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Qwerty>

On the workstations, websites come in slowly.. like, very slowly. Took 10 minutes for one of the employees to get to, login to, and make one order (one item) from suppliesnetwork.com.
On the Windows server, websites come in much faster, closer to how fast things should be coming in for all the workstations
On my laptop connected via VPN, webpages load faster than the Windows server; how fast it should be for all machines on the network

Difference with my laptop connected via VPN is that it goes straight through the pfSense server (10.0.255.1, 10.0.255.6 for VPN default gateway/DNS). Windows server (10.0.255.3) goes straight to the pfSense server too -- but it uses 127.0.0.1 as its DNS server because it runs the DNS service for the network. Workstations go through the Windows server, and then through the pfSense server.

EDIT: In other news at http://hardforum.com/showthread.php?t=1667459, the nslookup errors that I have received earlier are now resolved and fixed.

 

[aronesz]

Bump.

 

[thefreeaccount]

Does the "bump" mean that the performance problems did not go away when you fixed the DNS?

 

[aronesz]

For 1 he wanted to know what you had connection yourself to the internet. You brought up a cable modem, what does that connect to? ie a 24 port CISCO switch or a 8 port DLink...

Connects straight to the pfSense server's NIC that is set as the WAN interface.

See that you brought up Domain Controller.. Do you have that setup as a DNS server? I would have that set to forward to OpenDNS and point all your computers at that, or is that what you are doing? not sure how your active directory domain works without DNS pointing at the domain controller.

Yes, it is setup as a DNS server. Yes, it is set to forward to OpenDNS...

DHCP scope options define the DNS to be the Windows server (DC, DNS, DHCP); Windows clients will get this:

H:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : 005wks-sgf
Primary Dns Suffix . . . . . . . : orderdis.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : orderdis.net
orderdis.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : orderdis.net
Description . . . . . . . . . . . : SMC EZ Card 10/100 (SMC1255TX)
Physical Address. . . . . . . . . : 00-04-E2-3E-B7-3B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.255.100
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.0.255.1
DHCP Server . . . . . . . . . . . : 10.0.255.3
DNS Servers . . . . . . . . . . . : 10.0.255.3
Primary WINS Server . . . . . . . : 10.0.255.3
Lease Obtained. . . . . . . . . . : Tuesday, January 24, 2012 12:15:11 P
M
Lease Expires . . . . . . . . . . : Wednesday, February 01, 2012 12:15:1
1 PM

I attempted to manually set one of the workstations to use 208.67.222.222 and 208.67.220.220 under the network connection properties for the workstation's NIC at ncpa.cpl, logged out, and attempted to login on a domain network account -- it would get stuck at something like Applying profile settings or something. Had to reboot several times in attempt to undo this change (because I was trying to login as domain network administrator account afterwards), until I simply just logged in as the local machine's Administrator account to undo the change. ;\

After that the internet speeds on that particular workstation fixed itself and websites loaded responsively and at the speed they should have from the start -- to be honest I am not sure what caused this. Then, I went into the Windows server via RDP and changed the performance thing from "Background services" (default for Server OS) to "Programs" (default for Desktop/Non-server OS). Additionally, I put Portable Chrome on that machine I tried to define different DNS in ncpa.cpl with a shortcut on desktop having the -dns-home= parameter or whatever set to use OpenDNS. I instructed the employee of that workstation to have all the other employees provide feedback on the internet performance at the end of the day; instructed this employee to continue using IE8 until her internet gets slow and impossible -- then use Chrome and report feedback on the performance if using Chrome instead of IE8.

Does the "bump" mean that the performance problems did not go away when you fixed the DNS?

Correct, although it is nice that some other problem got fixed.

 

[DragonNOA1]

Any particular reason you are using a /23 for your internal subnet? Looks like everything should still work with it but just curious since you have less then 10 employees.

Correct, although it is nice that some other problem got fixed.

What was fixed or improved?

 

[thefreeaccount]

What are the MTUs on each interface of the Windows server, Pfsense server, and cable modem? How about buffers, packet fragment counts and error counts on each of their NICs? Any evidence of packet collisions?

Is any type of ICMP being blocked at some point? Are you double NATing with that modem?

Is it impossible for some reason to set one of the ports on your switch to mirrored mode and try to take a look at what's happening?