Kurt - that was our finding as well, the client has a firebox and we were seeing odd latency going through the t1 , so even though clients are using the cable for their gateway rebooting the firebox seemed to fix our issue.
Thanks everyone. -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Friday, May 27, 2011 4:14 PM To: NT System Admin Issues Subject: Re: Slow dns lookups? I had a similar issue with my firewall in the past couple of weeks. The base issue *looked* like DNS problems, and they were, sorta... We found that the real issue was a state table on the firewall, limiting UDP sessions. It was set at a max of 2500, and when I looked at the table, it was sitting at 2499 or 2500 for extended periods of time. So, I doubled the limit, monitored it for a while, then found it was hovering between 4500 and 5000 quite a bit, so doubled it again to 10000. The timeout for sessions was also set to 300 seconds, and I turned that down to 60 seconds. Those actions cleared my problem - don't know if it's the same issue for you, but it might be worth looking at. On Fri, May 27, 2011 at 09:34, Level 5 Lists <[email protected]> wrote: > I have a client with a t1 and cable as a backup for about 50 users and > 9 servers. > > > > The past week their internet became amazingly slow, we pulled opendns > out, we pulled the proxy filter out and still same thing. > > > > Reviewing onsite it seems like when we goto a webpage we get a lot of > website found waiting for reply for several seconds. > > > > I switched gateways between t1 and cable and seemed to have no effect. > You eventually get there, but I cant seem to pinpoint whats causing it. > > > > We tried removing the opendns forwarders, then no forwarders, then > some forwarders to some public DNS servers. Always the same thing. > > > > Internally dns seems fine, no errors, ad replication is functioning > okay etc etc .. Kind of at a loss as to where to look next. > > > > Speedtest/pingtest are showing speeds as expected on both connections, > latency everything there seems pretty normal (16dn/6up on cable, A > rating on > pingtest) > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
