A few customers have asked me recently about ‘slowness’ on their web gateway.  After troubleshooting, it boiled down to a slow DNS server.

 

How do I know or check this you ask?  Well, on the web gateway dashboard, there is a DNS response time.  Ideally DNS should be <50ms, hopefully even faster.

 

Notice this screen shot below.  This DNS server is taking over 1.5 seconds to reply (taken from a real customer's MWG device).  This is going to cause your users to complain loudly (which they were).

 

So the next time someone asks you why the internet is slow, check the Performance Tab on your web gateway dashboard.  Your DNS server might be the cause.

 

Here is a great tool to help you figure out the best DNS server to use.

http://code.google.com/p/namebench/

 

You may find that an external DNS is faster than your own organization's DNS server.  If this is the case, you may need to use split DNS (installing Bind on MWG), or modify etc/hosts to accomodate for your internal Domain Controllers.  (only necessary if using windows auth)

 

slow-dns.png