A colleague of mine had a problem with a Windows Server 2008 R2 today: After configuring the server as the DNS server for the local domain, name resolution on a Debian client was extremely slow. A ping returned the correct IP and only took a few milliseconds but between each single ping a few seconds passed:
When adding -n (disable address resolution) to the list of ping‘s options everything worked fine. So it had to be a problem with the DNS server. Volker Helms seemed to have the same problem and his blog post lead me towards the right solution.
Apparently, the problem was the DNS server trying to forward each DNS request to a root server on the internet which it could not reach (due to firewall settings) although the client tried to resolve a host in the DNS server’s own DNS domain. However, after adding the root zone (.) to the DNS server, the ping worked just fine. But because I thought that this was a bad solution, I searched for a better one and found the following setting: Properties – Advanced – Server options – Disable recursion (see Microsoft’s explanation here: Disable Recursion on the DNS Server). After enabling the setting the ping worked as expected.