IIS Website VERY slow when accessed via DNS name; fast when accessed via IP

Posted on 2009-06-30
Medium Priority
Last Modified: 2013-12-14
I have a website that is running on IIS 6. The site is built in Visual Studio 2008 using the Crystal Reports plug-in.

When I access it via the DNS A-record, it runs at least 10 time slower than when I access it via the IP address.

When I resolve the A-record with nslookup or something, it resolves quickly, so it is not actually a DNS resolution problem.

I am completely stumped as to what could be causing this. Any ideas?

Question by:netmergence
  • 3
  • 2
LVL 39

Expert Comment

ID: 24751967
Slow on all computers or just one?

Expert Comment

ID: 24752716
Do you have more than one IP address? Do you have more than one interface? If so, what interface\IP is in DNS?

Author Comment

ID: 24828327
In response to the first comment, it is slow everywhere outside of the building. I do not have login access to any other internal machines, so I cannot test it from within their LAN.

The server technically has two IP addresses, because it has it's own private IP, then it has the public IP where 80 and 443 are just forwarded to it. However, the server itself only has the one, private IP assigned to its interface. There is just that one interface, and each IP address is only registerred in its corresponding DNS. (Internal DNS resolves the internal IP; external DNS shows the external IP.)

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.


Accepted Solution

netmergence earned 0 total points
ID: 24828424
I figured it out...

It was the "Integrated Windows Authentication" that was causing problems outside the building. I don't fully understand why it would work, but just be very, very slow, but as soon as I disabled Integrated Authentication and instead enabled Basic Authentication, it started working at the normal speed.

How on earth authentication is tied to the DNS name vs. the IP address is beyond me. I'll award the poitns to anyone who can come up with a plausible explination!
LVL 39

Expert Comment

ID: 24870266
Will you close the question and refund yourself points by accepting

07/10/09 02:13 PM, ID: 24828424

as your answer.

I am glad to see this is fixed for you. I am now reviewing IWA to see the ramifications of it.
LVL 39

Expert Comment

ID: 24870286
I also wanted to tell you from what I read, by disabling IWA, you are going to NTLM and LM hash authentication. This is an outdated protocol. We are now on NTLMv5 (Kerberos). So, I can't figure out for the life of me, why enabling the older authentication protocols works best for you.


Featured Post

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question