How to handle DNS Queries / Or switch Topology

[Mayo132]

Hey everyone,

at the moment iam dealing with some sporadic DNS problems (timeouts, or answering at the second request).

• Webpages sometimes take about 3 seconds to load. 
• But the Bandwith of the internet connection is not the limitation ( about 50% load)

So it seems to me that there could be a limitation in DNS Queries.

The network was first designed for about 20 people, and now from time to time more people using this network.

Attached to this post, i've added the topology of my network.

• > Cause of the size of the building - there are 2 network cabinets, connected with fiber. So i've got a bandwith of  2x 10 Gbit/s.   
• All switchtes named "V2" are located in the upper floor
• All V1 switches in the base ground.

At the moment there are about 80 people using the internet.

The ISP only offers 2 connections with each 100/40Mbit, but there is a plan to switch to a fiber internet (but this is not available at the moment)

At the Baseground (V1) is located:

• ISP connection
• Firewall
• NAS
• "Proxmox Server" (with Adgaurd)

At the OpnSense firewall iam using a traffic shaper to prioritize the "important" traffic, like Video Calls or Phone Calls.

But now, there are some timeouts in the DNS queries.
First i tried to switch all DNS Queries to the seperate DNS Server (Adgaurd) > The timeouts increases
Then i switched to "Primary AdGuard" and "Secondary Opnsense" > This is now working

Is there any recommendation (Best Practise) how, to deploy DNS Servers ?
> There is no local Active Directory Server - All Users are managed by Azure Active Directory.

Thanks a lot.

Mario

[va176thunderbolt]

I'd start with grabbing some packet captures of the DNS traffic at the firewall and see if the issue is internal or external.