RV082 - Newest Firmware - V1 Hardware? - Slow DNS Lookups

Similar Messages

• For anyone who is experiencing slow DNS lookups...

  I finally worked out what was wrong with my network config last night and thought I'd share it with everyone in a simgle post in the hope it'll help someone else.
  I tried the BIND work around, but it wasn't all that much faster.
  I tried disabling IPv6, but that didn't do much...
  The solution?
  In 'System Preferences' -> 'Network'
  Go to configure the adaptor (Airport / Ethernet / etc)
  In 'DNS Servers' where you'd normally specify the DNS servers given to you by your ISP... don't do this! As crazy as it sounds don't
  Of course, if you're using newer routers you'd not be having this slow DNS lookup problem and specifying the ISPs DNS Servers would be appropriate... still
  What you want to specify here is your ROUTER's IP:
  eg. 192.168.0.1
  With this simple modifcation you'll be fine. Why? You ask?
  In Linux / OSX (I imagine in Unix as well) the way the lookups are carried out are different from Windows. I have other Windows computers on our network and they never had DNS lookup problems and they've been given the ISPs DNS IPs... anyway I think I'm talking out of my depth now heh.
  This works!
  Remember: Specify your router as the DNS Server!

  I've had this problem on a G4 PowerMac running Panther, and it still had it after a Tiger upgrade. I just replaced it with a Core Duo MacMini, 10.4.7, same problem of slow DNS lookups (i.e., slow initial start to loading a web page, then it goes quickly). Windows machines on the same subnet have no such problem. I've tried the various suggestions on various forums, none of which worked. I tried:
  - turn off IPv6 (no help)
  - directly enter my ISPs DNS servers (no help)
  - manually configure both IP and DNS (no help, went back to DHCP)
  - swear at the computer (a little help, mentally)
  After some more reading, I tried resolving some addresses using the host command from the Terminal:
  host -v www.apple.com 24.34.240.9
  where the IP address is one of the DNS servers for my ISP (Comcast). I got a no server found message! I then tried the second DNS server in the Comcast list (found from my router), also no server found. Tried the third one in Comcast's list of DNS servers, and it worked. Entered it in System Preferences -> Network as a DNS server, and now web browsing is zippy! I verified that the two DNS servers that MacOS couldn't see are also down as far as Windows was concerned (using the nslookup command in windows).
  What this tells me is that the OS X algorithm for handling unreachable or slow DNS servers is different from that in Windows. Maybe Windows remembers a bad experience with a DNS server and uses ones that it has success with, while OS X just keeps trying them in order, slowing timing them out until it finds one that works?
  This could also explain many of the puzzling symptoms people have been seeing (things work some times, other times not; some people have luck specifying the DNS server manually, others don't). It all depends on what DNS servers got distributed to the Mac via DHCP, and how far down the list you have to go to find one that is responsive.
  Anyone reading this forum with technical knowledge of both UNIX and Windows DNS lookup implementations? Is there some way to tweak in MacOS to make it perform more like Windows in this situation (like, maybe shortening the DNS server failure timeout)?

• [SOLVED] Slow DNS lookup, I think

  Hi
  I have a really annoying problem. My DNS lookup in Arch is painfully slow. I know it's not a network problem, as I don't have any problems in my Ubuntu installation. I have tried to run two simple tests to show you what I mean. The first is a simple ping google.
  ########### Ubuntu ###########
  carsten@carsten-laptop:~$ time ping -c 3 www.google.com
  PING www.l.google.com (216.239.61.104) 56(84) bytes of data.
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=1 ttl=245 time=17.4 ms
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=2 ttl=245 time=20.6 ms
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=3 ttl=245 time=11.4 ms
  --- www.l.google.com ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2002ms
  rtt min/avg/max/mdev = 11.465/16.529/20.641/3.809 ms
  real 0m2.290s
  user 0m0.000s
  sys 0m0.004s
  ########### Arch ###########
  carsten ~/Desktop $ time ping -c 3 www.google.com
  PING www.l.google.com (216.239.61.104) 56(84) bytes of data.
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=1 ttl=245 time=12.3 ms
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=2 ttl=245 time=10.7 ms
  64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=3 ttl=245 time=12.4 ms
  --- www.l.google.com ping statistics ---
  3 packets transmitted, 3 received, 0% packet loss, time 2007ms
  rtt min/avg/max/mdev = 10.776/11.867/12.476/0.778 ms
  real 0m15.305s
  user 0m0.013s
  sys 0m0.007s
  Ubuntu: 0m2.290s vs. Arch: 0m15.305s.
  In the second test I tried to fake a pacman update by downloading the .db files from my primary server. On both Ubuntu and Arch I used this simple script
  repos=( core extra community )
  time for repo in ${repos[@]}
  do
  wget http://archlinux.unixheads.org/$repo/os/i686/$repo.db.tar.gz
  done
  When I run it in, I get this result
  ########### Ubuntu ###########
  carsten@carsten-laptop:~/Desktop$ ./updatetest
  --2008-11-10 07:58:23-- http://archlinux.unixheads.org/core/os/i686/core.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 32515 (32K) [application/x-gzip]
  Saving to: `core.db.tar.gz'
  100%[=============================================================>] 32.515 --.-K/s in 0,1s
  2008-11-10 07:58:23 (331 KB/s) - `core.db.tar.gz' saved [32515/32515]
  --2008-11-10 07:58:23-- http://archlinux.unixheads.org/extra/os/i686/extra.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 422622 (413K) [application/x-gzip]
  Saving to: `extra.db.tar.gz'
  100%[=============================================================>] 422.622 242K/s in 1,7s
  2008-11-10 07:58:25 (242 KB/s) - `extra.db.tar.gz' saved [422622/422622]
  --2008-11-10 07:58:25-- http://archlinux.unixheads.org/community/os/i686/community.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 369845 (361K) [application/x-gzip]
  Saving to: `community.db.tar.gz'
  100%[=============================================================>] 369.845 206K/s in 1,8s
  2008-11-10 07:58:27 (206 KB/s) - `community.db.tar.gz' saved [369845/369845]
  real 0m3.837s
  user 0m0.016s
  sys 0m0.036s
  ########### Arch ###########
  carsten ~/Desktop $ ./updatetest
  --2008-11-10 08:01:33-- http://archlinux.unixheads.org/core/os/i686/core.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 32515 (32K) [application/x-gzip]
  Saving to: `core.db.tar.gz'
  100%[==============================================================================>] 32,515 --.-K/s in 0.1s
  2008-11-10 08:01:47 (303 KB/s) - `core.db.tar.gz' saved [32515/32515]
  --2008-11-10 08:01:47-- http://archlinux.unixheads.org/extra/os/i686/extra.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 422622 (413K) [application/x-gzip]
  Saving to: `extra.db.tar.gz'
  100%[==============================================================================>] 422,622 253K/s in 1.6s
  2008-11-10 08:02:02 (253 KB/s) - `extra.db.tar.gz' saved [422622/422622]
  --2008-11-10 08:02:02-- http://archlinux.unixheads.org/community/os/i686/community.db.tar.gz
  Resolving archlinux.unixheads.org... 204.152.186.174
  Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 369845 (361K) [application/x-gzip]
  Saving to: `community.db.tar.gz'
  100%[==============================================================================>] 369,845 262K/s in 1.4s
  2008-11-10 08:02:17 (262 KB/s) - `community.db.tar.gz' saved [369845/369845]
  real 0m44.153s
  user 0m0.047s
  sys 0m0.017s
  Ubuntu: 0m3.837s vs. Arch: 0m44.153s
  I get the same update time whenever I update pacman normally.
  I have googled a lot to figure out an answer, but nothing helps, so I was hoping somebody could help me figure this out, as it's very annoying. My hosts file looks like this
  hosts:
  # /etc/hosts: static lookup table for host names
  #<ip-address> <hostname.domain.org> <hostname>
  127.0.0.1 localhost.localdomain localhost arch
  # End of file
  rc.conf:
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # HARDWARECLOCK: set to "UTC" or "localtime"
  # USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="en_US.utf8"
  HARDWARECLOCK="UTC"
  USEDIRECTISA="no"
  TIMEZONE="Asia/Singapore"
  KEYMAP="dk"
  CONSOLEFONT=
  CONSOLEMAP=
  USECOLOR="yes"
  # HARDWARE
  # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
  # MOD_BLACKLIST: Prevent udev from loading these modules
  # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
  # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
  MOD_AUTOLOAD="yes"
  #MOD_BLACKLIST=() #deprecated
  MODULES=(e100 mii iwl3945 fuse acpi-cpufreq cpufreq_ondemand cpufreq_conservative cpufreq_powersave loop !pcspkr !snd_pcsp)
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
  HOSTNAME="arch"
  # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
  # Interfaces to start at boot-up (in this order)
  # Declare each interface then list in INTERFACES
  # - prefix an entry in INTERFACES with a ! to disable it
  # - no hyphens in your interface names - Bash doesn't like it
  # DHCP: Set your interface to "dhcp" (eth0="dhcp")
  # Wireless: See network profiles below
  #eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
  eth0="dhcp"
  INTERFACES=(!eth0 !wlan0)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  # - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(!gateway)
  # Enable these network profiles at boot-up. These are only useful
  # if you happen to need multiple network configurations (ie, laptop users)
  # - set to 'menu' to present a menu during boot-up (dialog package required)
  # - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network.d
  # This now requires the netcfg package
  #NETWORKS=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  # - prefix a daemon with a ! to disable it
  # - prefix a daemon with a @ to start it up in the background
  DAEMONS=(syslog-ng !network hal !netfs crond fam wicd cups laptop-mode oss gdm)
  SPLASH="splashy"
  Thanks in advance!
  Last edited by Sharpeee (2008-11-15 10:39:42)

  Just tried to remove the "search..." line from my /etc/resolv.conf file, but nothing! It's okay if I remove the line after it connects right? Wicd overwrites the file anyways if I reconnect.
  I don't really think changing to a different network-manager will help me. It works perfectly fine in Ubuntu with both network-manager and wicd, do don't think that's the problem. It must be a configuration file somewhere.
  #### EDIT ####
  I just tried to disable wicd and enable the wired network in /etc/rc.conf. After a reboot and it's still the same, even on the wired, so it's got be some other settings somewhere that's messing things up!
  Also, for some reason my theme, in Gnome, isn't loaded after I disabled wicd? I have to manually run "gnome-appearance-manager"??
  Last edited by Sharpeee (2008-11-11 05:01:46)

• Wireless Intermittent Super Slow DNS lookup bug in 10.6.4

  I don't normally post things on forums these days, as usually I can find just about any solution by searching long enough, but this issue has perplexed me to the point I actually had to come on here.
  Believe me, that's a big deal, I don't give up easily.
  I have spent -countless- hours searching, on here, on google, on any "solutions" or "technical" sites I could find, and the closest I can find to a solution are countless people complaining about the EXACT SAME PROBLEM that I have observed and, repeatedly, reproduced again and again, which in every single case boil down to this:
  You had 10.6.x (x being 3 or less) with a wireless connection on your home network and all is well.
  You upgraded to 10.6.4 and all seemed fine for maybe 24 hours or so... then it happens. You go to load a website, and it's "looking for site" or "waiting for site" in your status bar... hmm, maybe it's just this site you say, so you try another, or a few others in other tabs, but they all have the same problem.
  You try to ping the sites, but the network utility can't resolve the domain to even ping them.
  Your roommate, all the while, is surfing and gaming just fine on the exact same router you are on, so no, it's not the network hardware, it's not your ISP, hmm, what could it be?
  All of a sudden, ALL of the sites you had in like 20 tabs load up at screaming speeds, "WOW" you say, "guess there must have just been some gunk in the wires or something" (notice the irony of the situation: no wires)... anyway, all seems fine again suddenly, surfing is fine for a few minutes, you're back to normal... and it happens again, suddenly NO site will resolve, NO dns will resolve, you can't check email or ping any domain... and so the cycle begins. Of course, you can just plug an ethernet cable straight into the router, but doesn't that kind of defeat the purpose of having wireless networking in the first place?
  It continues like this, indefinitely, and it all starts roughly 24 hours after 10.6.4 has been installed.
  I have read reports of people on macbooks, people on imacs, people on all sorts of different wireless hardware, but the symptoms are the same.
  I know the problem is with the OS update, it's purely software. I know that it has nothing to do with hardware because simply reverting to 10.6.3 solves the problem -every single time- and then "upgrading" to 10.6.4 causes the problem to come back within 24 hours -every single time- (have been reverting using Time Machine to simplify this testing process), so no, where the problem is isn't what perplexes me; what perplexes me is that there are posts that started almost a few days after 10.6.4 came out, and so far there's STILL no fix? Are you freaking serious? Does the Apple programming team not have access to anything other than Apple-Branded Airport Extreme Base Stations to perform wireless network QA testing on?
  Get a Linksys guys, grab a D-Link, go get some of the hardware people actually USE and test it on that and see what happens, it doesn't take long to see what's happening.
  I blame the programmers because I am one myself and know how easy it is to screw up a rock-solid system with one little typo. Heck, which patch was it, 10.5.7 or 10.5.8 I think? Can't remember exactly, but it was supposed to be such a great "bug fix" patch... and it came with the config file for Apache set to DENY ALL INCOMING EXTERNAL CONNECTIONS by default (in a hidden file that can only be modified by the root user mind you... so much for the average user running a personal web server on THAT version), so yeah, one tiny mistake and it has huge consequences, my question is: what's taking so long to track down what's going on in 10.6.4 and fix it? Can we at least get a patch or something?
  I find it really lame and really such a cop-out to see so many irrelevant "solutions" offered, "try specifying different DNS servers" (doesn't matter, whatever causes this bug doesn't care which servers you have specified, it simply sits there and does NOTHING for 2-3 minutes, and THEN when it actually DOES do a dns lookup, it gets the results in the time expected: instantly), to more extreme matters, like resetting hardware, which again has absolutely nothing to do with this bug.
  Here is why anyone can see this is an obvious bug that the programming team needs to admit, investigate and correct:
  A. happens immediately after the software update
  B. happens to EVERYONE who uses traditional wireless routers for internet use
  C. is 100% repeatedly reproducible
  D. occurs on all different models of computers and all different ISP's and with all different DNS servers specified.
  E. has the same symptoms on every system (lightning fast internet for 2-3 minutes, then "waiting for site" for 1-3 minutes)
  F. affects EVERY network-using program on the computer (email, network utility, firefox, safari) SIMULTANEOUSLY
  G. does not affect surfing to or interacting with IP addresses directly, only with trying to perform DNS lookups from ANY program with ANY dns server (or no dns server) set in network preferences.
  Come on guys, just read it through, think about it for a few minutes, for anyone that has worked with and knows the underlying source code, and what changes went in between 10.6.3 and 10.6.4 specifically to networking, should have a light bulb pop up over their head and say "oh YEAH, we never uncommented that one line..." or something to that effect.

  I see a very similar issue, but it's been occurring on my laptop for 4 or 5 months, which must be way before 10.6.4. My roommate and friend's laptops all work fine on my network. And my laptop works fine on anyone else's network. But MY laptop on MY network always gives the abysmal DNS performance as described in the original post: 40% of requests time out. Wireless or wired, it doesn't matter. Exact same behavior.
  It also doesn't matter whether I use my Netgear router as DNS server, or my ISP, or OpenDNS, or Google. Exact same behavior.
  When I do a network trace, it looks like most DNS requests my computer sends out simply never get responded to. (Could they be malformed when they hit the wire? I don't even see an error reply) A few make it through. And when there's a IPv6 (AAAA) record sent, my computer returns a "port unreachable" ICMP message. A screenshot of all of this dialogue is here:
  http://img545.imageshack.us/i/screenshot20100913at114.png/
  I recently had opportunity to cancel my cable service, and reinstate it for a lower price. They came out, tested the line (strong signal), gave me a new cable box. Yet the issue persists. Exact same behavior.
  Firewall is disabled. I've deleted the network interfaces and added them back. Nothing helps.
  (As I recall, this issue may even have been present before I reinstalled 10.6 over 10.5, so I'm not too confident a total reinstall would help.)
  Any help? I'm about ready to buy a new laptop to fix this damned problem. Web browsing is nearly impossible, as is.

• Issue with very slow DNS lookup. SBS 2008 R2.

  (Preface: sorry if this is the wrong forum...new at this! X-posted from Reddit)
  I'm stumped with this one. Last week, the server installed a few updates, no problem, a handful of security stuff. Since then, I've been having issues with DNS lookups on every computer on the network. It will hang on "looking up <domain>.com..."
  and then after 20-30 seconds, it will show a "can't find the server" error. BUT THEN! When you click try again, it loads right up. And then it works fine. For a day or so. Then, the next day, or maybe just a few hours later, sometimes while browsing
  the same site, it will do the same thing. It's like the DNS server just forgets the lookups it's already done after a time.
  Things I've tried:
  restarting server (duh)
  rolling back updates
  reinstalling said updates
  restarting all network hardware from the gateway outwards
  restarting the service itself while the server is running
  The only thing the event log shows is a single error during startup - event ID 4015. The text reads:
  "The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is ' '."
  This error has only occurred once that I saw and did not occur on the most recent startup, but the issue is still present
  Active directory seems to be fine. No errors or warnings in it and no info from the event log is showing anything that seems to be helpful.
  I've looked around the KB but every article seems to be troubleshooting a much more specific problem or a different problem altogether, such as a misnamed, stuck, or incorrect DNS zone, or a DNS lookup that fails to complete altogether.

  Hi Craigglesofdoom,
  Would you please let us know current situation of this issue? Did you refer to above suggestions and solve this problem? If any update, please feel free to let us know.
  Please also run SBS BPA tool and check if find relevant issues.
  For Event ID 4015, please refer to following article and check if can help you.
  Event ID 4015 — DNS Server Active Directory Integration
  -->The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly.
  Please use dcdiag command-line tool. Any find?
  Domain Controller Diagnostics Tool (dcdiag.exe)
  Dcdiag for DNS: Test details explained
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Slow DNS lookup

  For the past two days, my internet has really slowed down.  The problem appears to be a "pokey" DNS server.  In many cases, it would take longer for the DNS server to work, than to download the web pages.  This morning, the problem seems fixed -- DNS lookup is pretty much "instantaneous" again.  I still have my DNS settings to let Comcast determine the server.  Is it OK if I change the settings to a specific DNS Server?  If so, does anyone have any recommendations about which one to use?  TIA ---

  Try using the Google or the OpenDNS offerings. Search google for info.

• Slow DNS Lookups after connecting via PPP VPN

  I have this very annoying problem and just can't seem to find a method to resolve it.
  When I connect to my work network via a PPP VPN connection, all internet connectivity thereafter takes forever to do a DNS lookup. So when I browse the internet it takes ages before the page is displayed back.
  If I also do a ping in finder for a random URL, www.google.com for example, it sits there for nearly a minute before I get a response. If I then immediately perform the ping again, I get a response straight away. So it seems once it's resolved the domain name, it gets stored in a cache somewhere. If I try another domain name, I get the same delay and then it eventually gets through.
  As soon as I close the VPN connection, service is resumed and DNS lookups work fast.
  I've also made sure I've unchecked the option to "Send all traffic over VPN connection".
  I've also set my 'Service Order' to have my wireless Airport connection in the No #1 position.
  The other thing I've tried is deleting the default route (via Terminal) and adding one manually that points to my wireless router, again without success.
  Does anyone have any other ideas I could try? I've also recently re-installed a fresh copy of Leopard in case something was stuffed up, but the problem is still there after installation.
  Hoping someone has an easy solution!
  Many thanks

  I seem to have found a work-around. There is probably a neater way of doing this but here goes.
  Here is my setup:
  Airport Wireless to my home router
  PPP VPN connection to my office windows network
  3G connection via mobile phone
  My aim was to be able to connect to my office network via wireless at home or via my cellular data connection, but continue to route all non-work traffic via the main connection (wireless/3G).
  The #1 problem I had once I connected to my office VPN on either wireless or 3G, was that DNS lookups to general internet sites took forever. So to get around this, I created TWO VPN connections to my office network in Network Preferences and in both connections I made sure the option to send all traffic over VPN was left UNCHECKED.
  The first connection I then designated for use when connecting wirelessly at home. Here I manually added the IP address of my home router as a DNS entry.
  The second connection I did the same by adding a new DNS entry, except here I used the DNS server of my cellular data connection, in this case T-Mobile UK.
  When connecting to my office network I just use either of the above connections depending on whether I am connecting wirelessly at home or via my mobile phone.
  It seems a bit long winded I grant you, but after literally months of trying to resolve this annoying problem, this appears to be the only fix that works.
  The downfall of this would be that DNS resolution to any servers on your office network might not work, but that isn't a problem for me since I manually add any servers I use at work to my local hosts file. This negates any need for DNS lookups and actually speeds up access to my work servers.
  In amongst this I did several reboots, so you give your machine a reboot once you've completed the above steps, just in case.
  The 3G connection won't work for you if your provider changes the DNS server every time you connect, but this is unlikely.
  If anyone's got any comments, I'd love to hear them.
  Cheers
  Phil

• DNS lookup very slow after using VPN

  Hi everyone smarter than me!
  I've recently started using a VPN. I set it up using a program called Viscosity. The VPN works fine, and when I'm connected internet is fine and browsing is as expected.
  However whenever I disconnect the VPN connecting to a webpage takes forever. I'm talking 30-seconds type forever. I'm thinking the DNS lookup is slowing things down. Bandwith tests show no difference in bandwith, no difference in ping. Every other computer on the network has normal connection.
  Things not working:
  - Restarting
  - Killing the Viscosity program
  - Trying different browsers
  - Randomly looking at .conf files I don't understand to look for a fault:)
  Would really apreciate some help!

  From the menu bar, select
   ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS
  Under DNS Servers you should have one or more numerical addresses, such as “192.168.1.1” or “10.0.0.1”. What are those addresses?

• E4200 - DNS Lookup Is Extremely Slow

  Pros: Sometimes, it times out. I don't know what's wrong. I'm thinking of returning the unit. I'm using Comcast and everything was super fast with my trusty old Linksys WRT-54GL. Nothing good about this unit. Cons: DNS Lookup Is Extremely Slow. Sometimes, it times out. I don't know what's wrong. I'm thinking of returning the unit. I'm using Comcast and everything was super fast with my trusty old Linksys WRT-54GL

  If I relate your issue then the above mentioned solution justifies the troubleshooting steps to be taken, however, in addition to that I would also like to suggest you to try and install your Linksys E4200 router using the Cisco Connect Software just in case, if you are not using it....
  Installation disc that came along with your router would help you in installing this router using the Cisco Connect Software, using which you can expect this router to offer you best throughput with both wired and wireless connectivity.....
  To set up your router using the Cisco Connect Software, you can use:
  http://www6.nohold.net/Cisco2/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=e30f926604334d5386685...
  Also, try re-installing your router using the Cisco Connect Software, and it should help your cause....Just in case required, you can use the above mentioned troubleshooting steps.....

• DNS lookups slow in some (console) applications

  pacman, wget, abs (rsync) and many applications have issues getting DNS information. Since 3 months this is bugging me now, but at least I finally seem to have found out that these programs all do ipv6 DNS lookups, although I disabled ipv6 support (and the module).
  When I use "curl" in pacman for fetching packages, it is super fast, also when I call "wget -4", to explicitly tell it to use ipv4. Firefox is fast, too, because I set it to disallow ipv6.
  How can I tell all the other programs to use ipv4 only?
  I want to use yaourt, pacman and co without having to wait for ages to download a package.
  And why are only a few (console) applications affected? Do they use a common lib that tries to use ipv6 all the time?

  Hello, ppl. Been having the same problem for over 6 months, and i never thought it was a bug, until it stumbled in this post. And i solved it thanks to Nezmer's tip about adding 'options single-request', which didn't work at first, but it got me searching the web. And here it is the result: Since /etc/resolv.conf is rewritten in every boot, simply create /etc/resolv.conf.tail with the following:
  options rotate
  options single-request
  This file's content will be automatically added at the end of /etc/resolv.conf in every boot, et voilá, enjoy pacman, yaourt, etc without pauses...

• Slow DNS web resolution

  I've noticed the DNS resolution for web services on our network has become a little slow.
  The log is showing the below (for example):
  success resolving 'www.jamesallenonf1.com/A' (in 'jamesallenonf1.com'?) after reducing the advertised EDNS UDP packet size to 512 octets
  Any ideas what this could be caused by and if it would explain the slowing of web page resolution?
  Thanks

  Thanks - that was useful as was the below quote:
  Quote by: MacTroll
  Your DNS server is attempting to use DNS-SEC, for validated DNS lookups. This requires a larger UDP packet size, >512 bytes, than your firewall seems to like. It then has to wait to both decide it needs to reduce packet size /and/ to get a negative result on the lookup.
  I would imagine that the DNS resolver on OS X client doesn't bother to do a DNS-SEC lookup, and hence no issue.
  This was evident in another line of the log:
  host unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.0#53
  I created a rule in the hardware firewall to forward port 53 to the SLS and its running fine now with no errors.

• Airport Extreme DNS lookups stalling; creating page load delays

  As of the last few days, maybe a week, I've noticed my Airport Extreme (the most recent version, tall squarish one) has been getting slow at random times. Nothing on the network locally would be causing it. The slowness appears to be in DNS lookups... you know, that bit the browser does behind the scenes to turn google.com into 173.194.37.4. At first I thought it was just a slow DNS server setup we had configured in the Airport (8.8.8.8 and 8.8.4.4) but I've switched them to something that performs a bit better (if you can call 12 ms vs 14 ms lookups, "better", lol).
  The issue manifests itself over wired and wireless computers connected to the Airport.
  We also have a airport express (the short squarish one, newest model) that is setup for the purposes of creating a roaming network. Another thought was maybe it flipped over to try to issue IPs, so I looked to ensure it was on the proper settings, and it is.
  The software on the airport management client (in windows) and the airport extreme + express are updated. I have already tried to reset them from scratch and reconfigure, to no avail.
  Interestingly, what leads me to believe it's related to DNS Lookups is, when I am experiencing the issue, if I download a file - say a really large file, just to test, the download speed is as it should be from my ISP. But if you try to browse to any ole page, apple.com, google.com, arstechnica.com, or sites that are generally really quick, like msn.com or wsj.com, it would be faster to tap it out in stone.
  We're experiencing this on a interesting set of devices, Windows 7 and 8 computers, an iPad, a Android tablet, android phone, iPhone, and a Windows phone.
  Does anyone have any suggestions? I've found a few older threads with similar issues, but they are outdated and/or seem to chalk it up to a bug and Apple needs to fix via update. This is just super frustrating.

  Hi tbonecopper,
  If you feel you are having DNS-related slowness on your Airport Extreme, you may find the following article helpful (it is written with a computer focus, but the same principles should also apply at the router):
  Non-responsive DNS server or invalid DNS configuration can cause long delay before webpages load
  http://support.apple.com/kb/ts2296
  Regards,
  - Brenden

• WLC 5508 and WPA/WPA2 causes client DNS lookups to fail

  Hi all, we just recently received a brand new 5508 with 6.0.199.4 firmware.  We currently have three LAP-1250s that associate just fine to the WLC.
  For testing purposes only, we enabled WPA2 with both types of encryption TKIP and AES with an ASCII PSK.   The clients are able to connect, authenticate and get an IP address from our local (same subnet) DHCP server.  They also get the DNS info from our DHCP server.   However, the problem is that they are not able to do any DNS lookups.   I haven't run wireshark yet to confirm, but it sounds very familiar to this problem: https://supportforums.cisco.com/message/3202369
  I've even had clients use nslookup with both of my DNS servers and they are not able to resolve.  I'm not sure if the request or the reply is being blocked/dropped, but I can find out tomorrow.
  Now the strange part - if I turn off WLAN security altogether, it works!   That's right, I just disable L2 security for the WLAN and re-connect the clients and they are able to do full DNS lookups.
  AND - if I leave L2 security configured (WPA2 with PSK), and enable L3 Passthrough security - the clients get to the auth web page, click the "accept" button and are then able to do full DNS lookups too.
  What could be the problem here?   There's nothing I see configured for the L2 or L3 security settings that could be the culprit.  We're using default (from Cisco) configuration, so there's no ACLs configured or anything like that to block DNS.
  Another strange thing here which may or not be related - during initial configuration the setup asked for a virtual IP - so I gave it one - 1.1.2.2.   Now when I do an ipconfig /all on the client, I see this 1.1.2.2 address listed as the DHCP server.  Why is this?   It's definitely getting an IP address and DNS info from the correct DHCP server, so not sure why this is showing up.
  Thanks, Matt

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Hi Matt,
  Just wanted to jump in, and also mention it may be worth attempting to disable the fastpath feature on the 5508, and test your failing client again.  You may be hitting CSCti34667.
  debug fastpath cfgtool --fc.disable
  This command can be run via Telnet/SSH.  Please keep in mind that fastpath will automatically re-enable periodically, so we recommend disabling every 10 minutes as a workaround for any known fastpath issues.  You can do so by running the following Macro in TeraTerm:
  :mainloop
     sendln "debug fastpath cfgtool --fc.disable"
     pause 600
  goto mainloop
  If you find that disabling fastpath resolves your concern, you can reach out to TAC for an Escalation Image with the fix for this one.
  Best,
  Drew

• DNS lookups to VPN hijacked by WRVS4400N (fw v1.1.13)?

  I have a WRVS4400N on the latest firmware offered by Cisco.  After a whole run of problems with previous firmware, this one seems to be almost perfect except for this odd issue I've been encountering now (that I hadn't encountered on previous firmware).
  It seems as though DNS lookups through the WRVS4400N are being redirected through a different DNS from the one set on the client (presumably, the router is taking all outbound UDP DNS queries and 'fixing' them to direct at the WAN DNS).
  I've verified this by using the 'host' command in UNIX (where 192.168.2.140 is the DNS server on the remote VPN network):
  1) Using a standard UDP DNS lookup from the LAN (192.168.1.0) to the VPN
  $ host test.intranetdomain.com 192.168.2.140
  Using domain server:
  Name: 192.168.2.140
  Address: 192.168.2.140#53
  Aliases:
  Host test.intranetdomain.com not found: 3(NXDOMAIN)
  2) Using a TCP DNS lookup from the LAN to the VPN
  $ host -T test.intranetdomain.com 192.168.2.140
  Using domain server:
  Name: 192.168.2.140
  Address: 192.168.2.140#53
  Aliases:
  test.intranetdomain.com has address 192.168.2.5
  3) Using a standard DNS lookup to an unassigned IP on the local LAN
  $ host test.intranetdomain.com 192.168.1.250
  ;; connection timed out; no servers could be reached
  4) Using a standard DNS lookup to a nonsense internet IP
  $ host test.intranetdomain.com 254.254.254.254
  Using domain server:
  Name: 254.254.254.254
  Address: 254.254.254.254#53
  Aliases:
  Host test.intranetdomain.com not found: 3(NXDOMAIN)
  These tests are pretty revealing:
  Test #1 shows a standard DNS query as a client system would typically perform it.  It's querying the server and the server is returning that the address I've asked it for is not known.  This is unexpected behaviour as the server at that IP address definitely knows test.intranetdomain.com exists.
  Test #2 shows that if queried using TCP instead of UDP, the DNS does know test.intranet.domain.com exists.  So, is the host command in Test #1 actually talking to my server?  It doesn't seem so.
  Test #3 is a demonstration of the expected response when host cannot talk to a remote DNS or that server doesn't exist. In this case, I'm using host to query an IP on my LAN that doesn't have anything on it.  This should be the response I get when I try to query a nonexistent server on the internet as well.
  Test #4 shows that in spite of the expected responses in Test #3, the WRVS4400N doesn't act as expected.  It shows the same type of response we saw in Test #1 even when querying non-existent IPs.
  In summary, the tests show that the WRVS4400N in firmware 1.1.13 is capturing all standard UDP DNS queries regardless of the IP they're directed to, and forwarding them to another DNS (I assume the WAN DNS).
  This seems like it may have been thrown in as an unmentioned 'feature' and is behaviour I might expect from a 'home' routing solution but not a small office solution such as this.  My company VPN requires DNS to be resolved by our servers inside the office network so this is not acceptible.
  Configuration Details:
  WAN: DHCP, dynamic IP, dyndns
  LAN: defaults for everything, static DNS set to use servers across the VPN
  VPN: IPSec tunnel to remote network 192.168.2.x
  IPS: Disabled
  Firewall: Defaults
  Any assistance or commentary from someone in-the-know would be appreciated.  Also, any comments from those also experiencing variations on this issue.
  Message Edited by litui on 03-10-2009 06:25 PM

  I've experienced the same DNS hijacking unable to use OpenDNS features unless I set the outside interface to static which is really DHCP by my cable provider. Of course, this is only a temporary work-around. Linksys/Cisco could allow for selectable DNS on the outside interface to resolve this problem, but they won't even look at a code change... unless EVERYONE complains. I requested this almost a year ago via a TAC case & their reaction was development almost never update unless they get many requests.

• DNS Lookup fail

  I have a 20inch iMac that I connect wirelessly in my home network. I never had any problems with the wireless connection until a few months ago.
  For the past few months, DNS lookups have been failing when browsing the web. I see "looking up cnn.com" as an example in the status bar. I have to wait for it to fail and then hit reload and then the page will load. Sometimes, certain parts of the page will not load if it has to do a lookup to a new domain e.g. images.cnn.com.
  I have several other computers on my network [notebooks wired and wireless as well as wired pcs] with no issues.
  Today, I moved my iMac to my office where my router is and plugged it in via an ethernet cable. Looks like there are no issues and I can browse any site without any lookup failures.
  I have read a lot of posts about slow wifi, so I'm not sure if this is related. Anyone else have a similar issue? Looks like I'm going to have to run a cable to my kitchen since the wireless is just too flaky.

  HI--
  I guess it's better, but not 100% fixed.
  If you're using a router, I'd suggest putting your router's address into the DNS field in your TCP/IP settings. I've found, especially when running an Airport base station behind my Netgear router, that helps out quite a bit. In my case, I couldn't get get internet access from my wireless laptop without that.
  I didn't try the 4.xxxx DNS suggestion. No offense,
  but that sounds really hokey.
  No, Eric's right, that's a great way to get around poor ISP DNS performance. I use those servers when my ISP has trouble keeping their DNS servers running.
  Also, you can time different servers if you want, using the dig utility in the Terminal application:
  <pre class="command">dig [email protected]</pre>You should get the query time near the bottom of the output. There are lists of publicly accessible DNS servers on the internet. Run some time tests and see if you can find some faster ones. Here's what I got:
  <pre class="command">; <<>> DiG 9.3.2 <<>> [email protected]
  ;; global options: printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12531
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;www.apple.com\@4.2.2.1. IN A
  ;; AUTHORITY SECTION:
  . 900 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006120100 1800 900 604800 86400
  ;; Query time: 37 msec
  ;; SERVER: 192.168.1.1#53(192.168.1.1)
  ;; WHEN: Fri Dec 1 17:05:21 2006
  ;; MSG SIZE rcvd: 114</pre>
  charlie