4 Replies Latest reply on Apr 28, 2015 2:54 AM by chvgms

    Slow browsing speed and DNS resolution

    chvgms

      Hi,

       

      I have 2 - 4500B boxes configured in cluster. Currently both are configured to internal dns (Windows) for internet sites name resolution. Recently we have upgraded the BW of our internet circuits but couldnt find any change in the browsing speed. we are suspecting the issue with DNS resolution. Being a remote site, our local windows DC's are ADC (additional DC's) where are the primary DC's are located in US with a latency of 230ms. So would like to configure our proxies with internet DNS IP's preferably 8.8.8.8 so that the DNS request from proxies exists out of my site instead of going to corporate. Alos the proxies are configured to authenticate to AD for internet access. so want to know how can i configure webgateway so that it uses the Windows DC's for LDAP/NTLM authentication and should use the external IP for DNS resolution?

       

      Thanks,

      Sridhar

        • 1. Re: Slow browsing speed and DNS resolution
          asabban

          Hello,

           

          MWG has a feature called "Conditional Forwarding" which can be configured on Configuration -> Domain Name Service. Here you can make a "split DNS" setup which will use Windows DCs for all internal domains you list and use 8.8.8.8 for everything else.

           

          Best,

          Andre

          • 2. Re: Slow browsing speed and DNS resolution
            chvgms

            Hi Andre,

             

            i have enabled split dns over the weekend but couldn't make it work as i am getting Host cannot be resolved error message. Would like to know if we need to configure Reverse lookup also in the configuration to make it work?

            • 3. Re: Slow browsing speed and DNS resolution
              asabban

              Hello,

               

              where did you see "Host cannot be resolved"? When you tried to browse a web site or somewhere else?

               

              The only thing reverse DNS might be required for is NTLM when connecting to the Domain Controller. For browsing the internet there is no need for a reverse DNS configuration in the split DNS configuration. "Host cannot be resolved" generally means that MWG was unable to talk to any of the nameservers that were configured. When you enable split DNS MWG runs its own nameserver on localhost which has the configuration to talk to specific nameservers for some domains and redirect everything else to the "forwarders" (the external name servers). Probably there was something wrong in your split DNS configuration, I think finding out what went wrong requires more troubleshooting.

               

              Did you try name resolution on the command line as well?

               

              Best,

              Andre

              • 4. Re: Slow browsing speed and DNS resolution
                chvgms

                I got the message when trying to browse post configuring split dns in webgateway. But webgateway is able to resolve sites (name to IP) when i did nslookup from CLI. Also at the same time i can see hits from webwasher to public dns in my FW & internet router on port 53, but couldn't browse internet for some reason.