Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

Speed up DNS resolution

On one of our domains, our customer's website loads very slow the first time.  After that, it loads at a normal speed for the remainder of the time the user is logged in.  All other users also have slow loads the first time, and when they log out and back in, slow loads the first time.

It looks like an issue with DNS resolution on the first load, and in all the other domains it works just fine.  Is there a good way I can speed up this resolution without manually setting the DNS<>IP in the event the site changes location?
0
Dustin Saunders
Asked:
Dustin Saunders
  • 12
  • 6
1 Solution
 
Manuel FloresCommented:
Other possibility is that the pictures of that domain are not optimized and the first time until they are cached is slower.  It is possible to know what the website is?.
0
 
KimputerCommented:
Highly improbably it's a DNS issue (since a computer only needs to query the DNS server once, meaning logging in and out shouldn't have been slow, since it already know the IP address). Not only that, with a slow DNS resolution, the site would still be responding well after the initial pause. It shouldn't be slow throughout the whole first login procedure.
 Better look at other options (as described above). Could be bandwidth of the server, caching, session settings.
0
 
Manuel FloresCommented:
OK.  You could add a local entry into hosts file in a given PC to test.  So no external DNS resolution is needed.  This is just to test.

IP       host
x.x.x.x  web.site.com

The hosts file is in Windows/sytem32/drive folder.  Open it with adminitrator access.

If still slow I think it is other issue.  If works fine, you could try to change to another DNS servers... just to test.

..MFlores..
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
Dustin SaundersDirector of OperationsAuthor Commented:
I tried adding a host file entry, but it's still slow.  So it's likely not a DNS issue.  But the page (https://docs.su-inc.com/training/HelpFile/sql/Tutorials.htm ) is literally just a few lines of text.  It's ONLY slow on one domain, and on every computer on that domain.  Any computer on any other domain, no issue.  Disjoin a computer from one domain, move to the other, no issue.
0
 
Manuel FloresCommented:
Maybe a connection problem... any bad performance proxy or web cache?... the router itself?
0
 
Manuel FloresCommented:
What is "very slow"?
0
 
Dustin SaundersDirector of OperationsAuthor Commented:
"very slow" = ~15-20 seconds.  Subsequent loads are instantaneous.

All computers and domains are behind the same firewall, no web proxies.
0
 
Manuel FloresCommented:
Makes this test sense for you?;

There are differences x10 between first and second accesses.

Test
0
 
Manuel FloresCommented:
15-20... too much...
0
 
Manuel FloresCommented:
any domain policy?... a traffic shapping rule into the firewall for that network?... very strange indeed.  If done properly, the hosts config would be enough to discard the DNS problem, however you could change to another DNS server to test.
0
 
Dustin SaundersDirector of OperationsAuthor Commented:
No traffic shaping on the firewall, testing on another DNS server same results.  I'm not sure what else it could be?  All other websites seem to behave normally.
0
 
Manuel FloresCommented:
Different internet explorers... mozilla, chrome, etc. ?
0
 
Manuel FloresCommented:
If you have a secondary simple router/adsl, I would try to conect it as a second gateway and try to use it to compare.  Or better replace disconnect the firewall and use the second router instead... same internal IP

I would suspect on the firewall... some rule with content filter enabled for that domain, or similar...
0
 
Manuel FloresCommented:
Hi.  Did you test anything more?.

1.  I was thinking if maybe the domain force the user profile cache or roaming cache to some network share.  I suppose the internet explorer cache is emptied on each logoff so every logon the cache must be hit and filled.  Maybe any network timeout on this point is the cause.

2.  Also a group policy restriction on your local domain for websites or internet clients which prevent from load the website until something timeouts.

3.  You can get some clue from the firewall log, filtering when the DNS request is done, when the http connects and maybe other hidden activity that may throw some light.

Anyway, to diagnose so weird issue it is necessary to try change something until the issue is gone so we can focus on that element, try other ISP if you can, other router, different firewall or a new clean rule specific for this case.

..MFlores..
0
 
Dustin SaundersDirector of OperationsAuthor Commented:
1. Doesn't seem to be the issue.
2. I tried a user excluded from all GPO, but first launch is still slow.
3. Nothing unique in the firewall that indicates an issue to those computers.  (All computers in all other domains behind the same firewall).

I can't change the firewall/switches as this is a production RDP server-- but it's a virtual server on a physical host that has VMs on the other domains too.  Since only one domain has the issue it doesn't seem to be a global hardware/firewall rule.
0
 
Manuel FloresCommented:
Related issue.  I know... very far but related to terminal servers environments and certificate.  Your site uses a https access... maybe something relate with certificates and roots AC validation.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/b8e58d83-3178-4490-b4f4-1c6e5542c39a/rdp-slow-initial-connection?forum=winserverTS

Basically;

THE FIX:

The fix is simple, make the following changes in your group policy:

Computer Configuration --- Policies --- Administrative Templates --- System --- Internet Communication Settings

Configure the setting for "Turn off Automatic Root Certificates Update" set it to ENABLED
0
 
Dustin SaundersDirector of OperationsAuthor Commented:
Hmm.. well, it doesn't hurt to test so I'll try this during the maintenance window tonight.
0
 
Manuel FloresCommented:
Even, maybe, publish that web to use http instead of https.  Just to test.  It is accessible without ssl?
0
 
Dustin SaundersDirector of OperationsAuthor Commented:
Not sure what the problem was but it seems to have resolved itself after a couple of days.  Thanks for looking at this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 12
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now