Link to home
Create AccountLog in
Avatar of Dustin Saunders
Dustin SaundersFlag for United States of America

asked on

Speed up DNS resolution

On one of our domains, our customer's website loads very slow the first time.  After that, it loads at a normal speed for the remainder of the time the user is logged in.  All other users also have slow loads the first time, and when they log out and back in, slow loads the first time.

It looks like an issue with DNS resolution on the first load, and in all the other domains it works just fine.  Is there a good way I can speed up this resolution without manually setting the DNS<>IP in the event the site changes location?
Avatar of Manuel Flores
Manuel Flores
Flag of Spain image

Other possibility is that the pictures of that domain are not optimized and the first time until they are cached is slower.  It is possible to know what the website is?.
Avatar of Kimputer

Highly improbably it's a DNS issue (since a computer only needs to query the DNS server once, meaning logging in and out shouldn't have been slow, since it already know the IP address). Not only that, with a slow DNS resolution, the site would still be responding well after the initial pause. It shouldn't be slow throughout the whole first login procedure.
 Better look at other options (as described above). Could be bandwidth of the server, caching, session settings.
OK.  You could add a local entry into hosts file in a given PC to test.  So no external DNS resolution is needed.  This is just to test.

IP       host

The hosts file is in Windows/sytem32/drive folder.  Open it with adminitrator access.

If still slow I think it is other issue.  If works fine, you could try to change to another DNS servers... just to test.

Avatar of Dustin Saunders


I tried adding a host file entry, but it's still slow.  So it's likely not a DNS issue.  But the page ( ) is literally just a few lines of text.  It's ONLY slow on one domain, and on every computer on that domain.  Any computer on any other domain, no issue.  Disjoin a computer from one domain, move to the other, no issue.
Maybe a connection problem... any bad performance proxy or web cache?... the router itself?
What is "very slow"?
"very slow" = ~15-20 seconds.  Subsequent loads are instantaneous.

All computers and domains are behind the same firewall, no web proxies.
Avatar of Manuel Flores
Manuel Flores
Flag of Spain image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
15-20... too much...
any domain policy?... a traffic shapping rule into the firewall for that network?... very strange indeed.  If done properly, the hosts config would be enough to discard the DNS problem, however you could change to another DNS server to test.
No traffic shaping on the firewall, testing on another DNS server same results.  I'm not sure what else it could be?  All other websites seem to behave normally.
Different internet explorers... mozilla, chrome, etc. ?
If you have a secondary simple router/adsl, I would try to conect it as a second gateway and try to use it to compare.  Or better replace disconnect the firewall and use the second router instead... same internal IP

I would suspect on the firewall... some rule with content filter enabled for that domain, or similar...
Hi.  Did you test anything more?.

1.  I was thinking if maybe the domain force the user profile cache or roaming cache to some network share.  I suppose the internet explorer cache is emptied on each logoff so every logon the cache must be hit and filled.  Maybe any network timeout on this point is the cause.

2.  Also a group policy restriction on your local domain for websites or internet clients which prevent from load the website until something timeouts.

3.  You can get some clue from the firewall log, filtering when the DNS request is done, when the http connects and maybe other hidden activity that may throw some light.

Anyway, to diagnose so weird issue it is necessary to try change something until the issue is gone so we can focus on that element, try other ISP if you can, other router, different firewall or a new clean rule specific for this case.

1. Doesn't seem to be the issue.
2. I tried a user excluded from all GPO, but first launch is still slow.
3. Nothing unique in the firewall that indicates an issue to those computers.  (All computers in all other domains behind the same firewall).

I can't change the firewall/switches as this is a production RDP server-- but it's a virtual server on a physical host that has VMs on the other domains too.  Since only one domain has the issue it doesn't seem to be a global hardware/firewall rule.
Related issue.  I know... very far but related to terminal servers environments and certificate.  Your site uses a https access... maybe something relate with certificates and roots AC validation.



The fix is simple, make the following changes in your group policy:

Computer Configuration --- Policies --- Administrative Templates --- System --- Internet Communication Settings

Configure the setting for "Turn off Automatic Root Certificates Update" set it to ENABLED
Hmm.. well, it doesn't hurt to test so I'll try this during the maintenance window tonight.
Even, maybe, publish that web to use http instead of https.  Just to test.  It is accessible without ssl?
Not sure what the problem was but it seems to have resolved itself after a couple of days.  Thanks for looking at this.