cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jsanchez
Level 7
Report Inappropriate Content
Message 1 of 5

WPAD/Proxy.pac - IE 10/11 Slowness When Using dnsResolve(host)

Quick question....has anyone experienced slowness/lag in IE when using dnsResolve(host) in their wpad/proxy.pac files?  It doesn't seem to affect Chrome/Firefox, but it does IE.  I have to say performance is still A LOT better now then when I  used ( isInNet(host function in the wpad/proxy.pac file.  instead calling dnsResolve(host) in a variable - HOWEVER, there is still noticeable lag when using IE.  After stripping down the PAC file, I narrowed it down to that function causing lag.  Here's an example of my PAC file:

Function FindProxyForURL(url,host)

{

var myip = myIpAddress();

var ipbits = myip.split(".");

var myseg = parseInt(ipbits[3]);

var resolved_ip = dnsResolve(host);

//Is destination host just the machine name (no dots)? -- Default to DIRECT

if (isPlainHostName(host)) return "DIRECT";

//Internal Destination Directives - Default to DIRECT

if (isInNet(resolved_ip,"127.0.0.1", "255.255.255.255")) return "DIRECT";

if (isInNet(resolved_ip,"10.0.0.0", "255.0.0.0")) return "DIRECT";

if (isInNet(resolved_ip,"192.168.0.0", "255.255.0.0")) return "DIRECT";

//Load Balancing Code - Find the 4th octet - Check to see if the 4th octect is even or odd

  if (myseg==Math.floor(myseg/2)*2)

  return "PROXY proxy-01:9090; PROXY proxy-02:9090"; //all IPs ending in even numbers go here

  else

  return "PROXY proxy-02:9090; PROXY proxy-01:9090"; //all IPs ending in odd numbers go here

4 Replies
otruniger
Level 10
Report Inappropriate Content
Message 2 of 5

Re: WPAD/Proxy.pac - IE 10/11 Slowness When Using dnsResolve(host)

Just a thought: it's not needed for the client to resolve external hostnames because the proxy handles that. To make it more efficient only resolve names for internal domains.

jsanchez
Level 7
Report Inappropriate Content
Message 3 of 5

Re: WPAD/Proxy.pac - IE 10/11 Slowness When Using dnsResolve(host)

What about if I have entries like this?  Is there a better way to do it?

//IPSEC Tunnel Destination Sites -- Blah

if (isInNet(resolved_ip,"2.2.2.2", "255.255.255.255")) return "DIRECT";

if (isInNet(resolved_ip,"3.3.3.3", "255.255.255.255")) return "DIRECT";

if (isInNet(resolved_ip,"4.4.4.4", "255.255.255.255")) return "DIRECT";

jsanchez
Level 7
Report Inappropriate Content
Message 4 of 5

Re: WPAD/Proxy.pac - IE 10/11 Slowness When Using dnsResolve(host)

What about if I have entries like this?  Is there a better way to do it?

//IPSEC Tunnel Destination Sites -- Blah

if (isInNet(resolved_ip,"2.2.2.2", "255.255.255.255")) return "DIRECT";

if (isInNet(resolved_ip,"3.3.3.3", "255.255.255.255")) return "DIRECT";

if (isInNet(resolved_ip,"4.4.4.4", "255.255.255.255")) return "DIRECT";

Regis
Level 12
Report Inappropriate Content
Message 5 of 5

Re: WPAD/Proxy.pac - IE 10/11 Slowness When Using dnsResolve(host)

Oh dear lord have I lived this hell, Microsoft escalation and all that jazz.

I've cut down and redacted and hopefully didn't typo this  from our optimized stuff.   I hope this saves you the month I spent on this issue.

if ( 

    isPlainHostName(host) ||

    (host == "blah.example.com") ||

// Domain based -- say you have a direct connection to them that doesn't involve the proxy or you have your company stuff hosted in your own building and want it to

// go direct but don't want a few subdomains that are on cloud infrastructure to go direct ...

    dnsDomainIs(host, ".someothercompany.example.com") ||

   dnsDomainIs(host, "mycompanycom") &&

   !localHostOrDomainIs(host, "outsourcedsite.mycompany.com") &&

   !localHostOrDomainIs(host, "outsourcedsite2.mycompany.com") &&

   !localHostOrDomainIs(host, "outsourcedsite3.mycompany.com") ||

// RFC 1918

    isInNet(resolvedhost, "10.0.0.0",  "255.0.0.0") ||

    isInNet(resolvedhost, "172.16.0.0",  "255.240.0.0") ||

    isInNet(resolvedhost, "192.168.0.0",  "255.255.0.0") ||

    isInNet(resolvedhost, "127.0.0.0",  "255.0.0.0")

) {

       return "DIRECT";

}

References


Proxy PAC debug tools - see in a glance from a list of urls in a text file with a bunch of test cases which ones are causing you slowdowns on DNS :

PACdbg: https://chentiangemalc.wordpress.com/2013/09/30/pacdbg-custom-proxy-browser-set-proxy-cmd-line-tool/ (very helpful; I’d not seen this one before)

Pacparser: http://findproxyforurl.com/official-toolset/ (also useful from a different perspective)

Registry keys for increasing IE 9/10/11  connection limits to proxies (have seen that when connection limits get reached when rendering very busy sites, that IE will hang as we’ve seen):

https://support.microsoft.com/en-us/kb/282402

            http://blogs.msdn.com/b/jpsanders/archive/2009/06/29/understanding-connection-limits-and-new-proxy-c...


JavaScript or JScript Auto-Proxy Example Files

https://technet.microsoft.com/en-us/library/dd361950.aspx

Using Proxy Selection and Proxy Bypass Lists

https://technet.microsoft.com/en-us/library/dd361953.aspx

Browser Is Slow to Respond When You Use an Automatic Configuration Script  (suggests potential issues with isInInet() PAC directives which some  JRE’s ignore anyway)

https://support.microsoft.com/en-us/kb/315810

PAC file best practices

https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx

PAC functions reference

http://findproxyforurl.com/pac-functions/

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community