Improve company productivity with a Business Account.Sign Up


DNS Network Latencey, router & AD...

Posted on 2008-10-05
Medium Priority
Last Modified: 2012-05-05
Recently, while our speed tests are testing out at 3mb, the internet is really really slow.  When doing a ping, the IP address comes back instantaneously, but a tracert is taking close to 30 seconds.  I contacted our ISP and they first elevated the call, then responded as below... I have no clue what it means, and therefore no idea how to resolve it.

The network delays you experienced were most likely caused by a DNS
lookup delay. The IP has a PTR that points to and If there were a delay in the DNS server
that hosted these records, it would cause a high network latencey for
you while you were using that IP. This also explains why or tech didn't
experience the same latency, as her tests came from

I fail to understand what that means.  How can having 2 domain names resolve to a public IP address they provide which goes to my router, cause latency?  We haven't made any changes since April, but after the flooding last month, their servers lost our rdns & i had to call them to re-add it & that's when the slow downs started.  (coincidently, after Friday's call, the internet IS faster)...

I AM running AD and Exchange Server 2007 - AD does has references to the two domains I am hosting email for.  But my router's DNS addresses are pointed to the ISP and not my internal network.  Is that the problem?
Question by:enari
  • 6
  • 5
  • 2
  • +1
LVL 12

Expert Comment

ID: 22646493
To verify this, use

tracert -d x.x.x.x

which will give you the traceroute results without doing a DNS lookup on the intervening ip addresses.

This will show whether you have a real latency issue (and with which hop), or whether the delays are due to DNS resolution problems.



Author Comment

ID: 22646822
Hi Joel... I've run the command, and, I think it shows it isn't a DNS issue...  The first person at the ISP that I spoke to, told me that the "ms's"  had NOTHING to do with the time it was taking and was for 'a different purpose and that I needed to discuss it with my IT administrator. 0:) )

The time isn't exactly accurate because I had to press enter, but should it be taking 13 seconds?

I used the following line:

time && tracert -d www, && time

The current time is: 20:38:05.09
Enter the new time:

Tracing route to []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  my router
  2    <1 ms    <1 ms    <1 ms  ISP's Router
  3    12 ms     8 ms     7 ms
  4     8 ms     7 ms     8 ms
  5     9 ms     7 ms     8 ms
  6     8 ms    15 ms     8 ms
  7     9 ms     7 ms     8 ms
  8     8 ms     8 ms     7 ms
  9     8 ms     7 ms     8 ms
 10    41 ms    40 ms    39 ms
 11    40 ms    39 ms    40 ms
 12    48 ms    39 ms    48 ms
 13    40 ms    40 ms    39 ms

Trace complete.
The current time is: 20:38:18.03

A tracert to my public website from my internal computer

  1    <1 ms    <1 ms    <1 ms  theinternaaddress

Author Comment

ID: 22646826
Sorry... I pressed enter too soon...  Should I open another question, or can you help me figure out what this means?
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

LVL 12

Expert Comment

ID: 22647770
Those latencies are absolutely fine (in fact, rather good). They are in milliseconds, rather than  seconds and a 40 ms ping time to the internet is good, and people would be happy with for gaming.

What are the responses like if you do the tracert without the -d option? You'll probably find that the ping times are similar, but the response in writing the results is slower as it tries to do the reverse name DNS lookup.


LVL 16

Expert Comment

ID: 22649322
I agree.  MS response is good.  

What is doing the DNS for you?  Are you looking at an internal server or an external one?

Author Comment

ID: 22656267
I guess... while the ms are good... the thing is

This is when I started that query:      The current time is: 20:38:05.09
This is when it finished:                      The current time is: 20:38:18.03

While the MS were good... That's 13 seconds it took...

route 1 appears
wait a few seconds
route 2 appears
wait a few second
route 3
route 4
route 5
another few seconds wait
route 6
route 8
a few more seconds
and the it is finished.

So - It is literally taking 13 seconds to get the above response...
LVL 12

Expert Comment

ID: 22664444
That doesn't surprise me - some of the IP addresses are RFC1918 internal use only addresses, and so they are unlikely to resolve unless your DNS server is set up to give a response for them. Consequently, you will have to wait for the DNS query to time out.

The RFC addresses are the ones which are starting


In addition, some routers do not have a DNS name to resolve to, and so these will also time out.

The issue is not one of latency (as your ping times are looking very good).

It is possible that the DNS server you are using is not performing very well. If you are using an internal DNS server, try using an external one provided by your ISP. If you are relying on your router to provide DNS, again, try using a different DNS server provided on the internet.

One of the things which can affect DNS performance is the amount of negative caching which is used (knowing that an address does not have a resolvable answer, and so not waiting for a response to time out, but giving the cached null response).

If we come back to your original problem, what are you seeing that makes your internet experience appear slow? Your tests indicate that the connectivity is good, so what kinds of things appear slow?

What machines are you running this on? Do they appear snappy when accessing local web pages?



Author Comment

ID: 22666838
hey Joel...

I think this is quickly becoming a second question... but I'd like to give you a response here and see if I need to open a different query...

I am running both Linux and Windows machines.  I need the internal DNS for Active Directory and stuff, but on 2 machines, I switched the DNS to external - the addresses the ISP gave me... and i get the same results.

This is happening, with the machine plugged directly into my internal gigabit router, connected through the gigibit switch and connecting through the 10/100 switch.  As for what is happening - I am not really sure I can describe it...

Basically... webpages are really slow to load.  I was sharing with a friend of mine, who has DSL at home, and basically - for every site we picked -, we would press "enter" at the "same time"... and her site would be completly finished and mine still loading - by about 13 seconds.

The bottom bar says "downlading from xyz", and site there.  Then does the next one.  Then does the next one.  And finally finishes...

That's why I thought DNS?

Expert Comment

ID: 22666884
To check if the problem is indeed dns do a ping to the DNS name.
The time it takes between you press enter on "ping" and you seeing "Pinging [] with 32 bytes of data:" is the time it takes to do the actual DNS resolve. Everything afer that is just networking...

If you are using your internal DNS server this usually takes less then a second.

Also you might want to try a website you know is not used before on the testmachine recently to avoid the answer coming from cache.

Reading the different posts I don't feel like it's actually a DNS issue. Do you maybe have some kind of traffic inspection or something on your network?
LVL 16

Expert Comment

ID: 22667716
Try browsing strictly by IP address.

So, in your browser put in  , ,

If those open quickly, it's definitely a DNS issue.
LVL 12

Accepted Solution

dalesit earned 2000 total points
ID: 22700902
To debug the DNS further, try running:

nslookup -
> set debug
> set d2

This will do the dns queries in debug mode, and show you what servers are doing the lookup, and should give you more information about what is happening. It works from XP, Linux or Mac. Post the results back. Also, you could try a random address to see what happens with an address which is not cached.



Author Comment

ID: 22736879
Thank you.  I have run out of time @ the moment, I will be able to follow up in a few weeks.
I will post again with those results as a new question

Author Closing Comment

ID: 31503227
Thank you.  We just ran into our busy season.. i will open a new question, with the results, soon.
LVL 12

Expert Comment

ID: 22738841
Post a link to the question as a comment to this one - this will ensure that the work that has been done so far can be linked in (plus all who have answered so far will get a notification, so will be able to easily spot your followup question)



Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question