asked on Speed up DNS resolution
On one of our domains, our customer's website loads very slow the first time. After that, it loads at a normal speed for the remainder of the time the user is logged in. All other users also have slow loads the first time, and when they log out and back in, slow loads the first time.
It looks like an issue with DNS resolution on the first load, and in all the other domains it works just fine. Is there a good way I can speed up this resolution without manually setting the DNS<>IP in the event the site changes location?
It looks like an issue with DNS resolution on the first load, and in all the other domains it works just fine. Is there a good way I can speed up this resolution without manually setting the DNS<>IP in the event the site changes location?
DNSWindows Networking
Last Comment
Dustin Saunders
Other possibility is that the pictures of that domain are not optimized and the first time until they are cached is slower. It is possible to know what the website is?.
Highly improbably it's a DNS issue (since a computer only needs to query the DNS server once, meaning logging in and out shouldn't have been slow, since it already know the IP address). Not only that, with a slow DNS resolution, the site would still be responding well after the initial pause. It shouldn't be slow throughout the whole first login procedure.
Better look at other options (as described above). Could be bandwidth of the server, caching, session settings.
Better look at other options (as described above). Could be bandwidth of the server, caching, session settings.
OK. You could add a local entry into hosts file in a given PC to test. So no external DNS resolution is needed. This is just to test.
IP host
x.x.x.x web.site.com
The hosts file is in Windows/sytem32/drive folder. Open it with adminitrator access.
If still slow I think it is other issue. If works fine, you could try to change to another DNS servers... just to test.
..MFlores..
IP host
x.x.x.x web.site.com
The hosts file is in Windows/sytem32/drive folder. Open it with adminitrator access.
If still slow I think it is other issue. If works fine, you could try to change to another DNS servers... just to test.
..MFlores..
ASKER
I tried adding a host file entry, but it's still slow. So it's likely not a DNS issue. But the page (https://docs.su-inc.com/training/HelpFile/sql/Tutorials.htm ) is literally just a few lines of text. It's ONLY slow on one domain, and on every computer on that domain. Any computer on any other domain, no issue. Disjoin a computer from one domain, move to the other, no issue.
Maybe a connection problem... any bad performance proxy or web cache?... the router itself?
What is "very slow"?
ASKER
"very slow" = ~15-20 seconds. Subsequent loads are instantaneous.
All computers and domains are behind the same firewall, no web proxies.
All computers and domains are behind the same firewall, no web proxies.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
15-20... too much...
any domain policy?... a traffic shapping rule into the firewall for that network?... very strange indeed. If done properly, the hosts config would be enough to discard the DNS problem, however you could change to another DNS server to test.
ASKER
No traffic shaping on the firewall, testing on another DNS server same results. I'm not sure what else it could be? All other websites seem to behave normally.
Different internet explorers... mozilla, chrome, etc. ?
If you have a secondary simple router/adsl, I would try to conect it as a second gateway and try to use it to compare. Or better replace disconnect the firewall and use the second router instead... same internal IP
I would suspect on the firewall... some rule with content filter enabled for that domain, or similar...
I would suspect on the firewall... some rule with content filter enabled for that domain, or similar...
Hi. Did you test anything more?.
1. I was thinking if maybe the domain force the user profile cache or roaming cache to some network share. I suppose the internet explorer cache is emptied on each logoff so every logon the cache must be hit and filled. Maybe any network timeout on this point is the cause.
2. Also a group policy restriction on your local domain for websites or internet clients which prevent from load the website until something timeouts.
3. You can get some clue from the firewall log, filtering when the DNS request is done, when the http connects and maybe other hidden activity that may throw some light.
Anyway, to diagnose so weird issue it is necessary to try change something until the issue is gone so we can focus on that element, try other ISP if you can, other router, different firewall or a new clean rule specific for this case.
..MFlores..
1. I was thinking if maybe the domain force the user profile cache or roaming cache to some network share. I suppose the internet explorer cache is emptied on each logoff so every logon the cache must be hit and filled. Maybe any network timeout on this point is the cause.
2. Also a group policy restriction on your local domain for websites or internet clients which prevent from load the website until something timeouts.
3. You can get some clue from the firewall log, filtering when the DNS request is done, when the http connects and maybe other hidden activity that may throw some light.
Anyway, to diagnose so weird issue it is necessary to try change something until the issue is gone so we can focus on that element, try other ISP if you can, other router, different firewall or a new clean rule specific for this case.
..MFlores..
ASKER
1. Doesn't seem to be the issue.
2. I tried a user excluded from all GPO, but first launch is still slow.
3. Nothing unique in the firewall that indicates an issue to those computers. (All computers in all other domains behind the same firewall).
I can't change the firewall/switches as this is a production RDP server-- but it's a virtual server on a physical host that has VMs on the other domains too. Since only one domain has the issue it doesn't seem to be a global hardware/firewall rule.
2. I tried a user excluded from all GPO, but first launch is still slow.
3. Nothing unique in the firewall that indicates an issue to those computers. (All computers in all other domains behind the same firewall).
I can't change the firewall/switches as this is a production RDP server-- but it's a virtual server on a physical host that has VMs on the other domains too. Since only one domain has the issue it doesn't seem to be a global hardware/firewall rule.
Related issue. I know... very far but related to terminal servers environments and certificate. Your site uses a https access... maybe something relate with certificates and roots AC validation.
https://social.technet.mic
Basically;
https://social.technet.mic
Basically;
THE FIX:
The fix is simple, make the following changes in your group policy:
Computer Configuration --- Policies --- Administrative Templates --- System --- Internet Communication Settings
Configure the setting for "Turn off Automatic Root Certificates Update" set it to ENABLED
ASKER
Hmm.. well, it doesn't hurt to test so I'll try this during the maintenance window tonight.
Even, maybe, publish that web to use http instead of https. Just to test. It is accessible without ssl?
ASKER
Not sure what the problem was but it seems to have resolved itself after a couple of days. Thanks for looking at this.