Hello all,
I was wondering if someone could help me.
Currently I have an issue where if I attempt to access a website via wingate I get extremely slow response time.
However if I were access that site via IP address thru Wingate, its lightning fast.
Currently Im running version 5.1
Now, my setup is slightly different to most.
Currently Wingate is sitting on my LAN. Its ONLY used for FTP and WWW and its Cascading via another Unix Proxy server (which is not in my control). ALL Services (including DNS) are turned off. The only services that are running are FTP and WWW
Wingate is simply used as a method of passing the proxy information to the cascading proxy server.
Its been running fine for some time, yet suddenly this issue has arisen.
Im a little stumped. Has anyone got any ideas of what it could be?
Thanks for your help. Im really pulling my hair out here.
Regards,
Matt
A Problem with DNS lookups :(
Moderator: Qbik Staff
12 posts
• Page 1 of 1
by jamesc » Nov 09 05 9:51 pm
1. Has this happened since installing the KAV plugin (Kaspersky AntiVirus for WinGate)?
2. If you connect directly to the cascading proxy, does it still happen?
3. Does stopping and starting the WinGate engine make the browsing faster through the proxy?
4. a) You have not indicated anything about slow DNS lookups; can you see this happening in the WinGate Activity screen; what do you see?
4. b) Where does WinGate get its DNS from
4. c) Are you in a Active Directory Environment?
2. If you connect directly to the cascading proxy, does it still happen?
3. Does stopping and starting the WinGate engine make the browsing faster through the proxy?
4. a) You have not indicated anything about slow DNS lookups; can you see this happening in the WinGate Activity screen; what do you see?
4. b) Where does WinGate get its DNS from
4. c) Are you in a Active Directory Environment?
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by mrees » Nov 10 05 11:43 am
Thanks for your reply James
To answer your questions:
1. No, absolutely NO plugins are installed
2. If I connect direct to the cascading proxy everything is fine
3. Stopping the Wingate engine, does not speed the browsing up.
4a: In the wingate actrivity screen, I see t he requests as they should be. A PC requests information, Wingate retreives that information. However you can see that it is very slow in its requests. For example: Its taking over 3 mins to load www.metallica.com via Wingate.
4b: Wingate is nothing but a proxy redirecting requests to another proxy. I would assume that the DNS requests are being forwarded to the cascaded proxy (I can confirm that the cascading proxy does see the requests come through).
4c: We do havce many Active Directory domains, however Wingate is not a part of these. The way we do access control currently on Wingate is by source IP address. That feature is currently turned off right now whilst Im trying to troubleshoot
Any ideas?
To answer your questions:
1. No, absolutely NO plugins are installed
2. If I connect direct to the cascading proxy everything is fine
3. Stopping the Wingate engine, does not speed the browsing up.
4a: In the wingate actrivity screen, I see t he requests as they should be. A PC requests information, Wingate retreives that information. However you can see that it is very slow in its requests. For example: Its taking over 3 mins to load www.metallica.com via Wingate.
4b: Wingate is nothing but a proxy redirecting requests to another proxy. I would assume that the DNS requests are being forwarded to the cascaded proxy (I can confirm that the cascading proxy does see the requests come through).
4c: We do havce many Active Directory domains, however Wingate is not a part of these. The way we do access control currently on Wingate is by source IP address. That feature is currently turned off right now whilst Im trying to troubleshoot
Any ideas?
- mrees
- Posts: 10
- Joined: Nov 09 05 6:23 pm
by adrien » Nov 11 05 11:29 am
Hi
If you are making a proxy request to WinGate, it will want to look up the IP address of the site you are connecting to, so WinGate's DNS resolver would need to be running properly for this.
For HTTP, if you aren't doing any policy stuff or caching on WinGate, you are better off using a TCP mapping proxy on port 80 instead of the WWW proxy, then no DNS lookups would be required for HTTP.
For FTP, you would still need to use an FTP proxy, since the data channels negotiated by the control connection would need to be set up properly.
If you look in the DNS resolver log file, do you get any indication of errors happening?
Adrien
If you are making a proxy request to WinGate, it will want to look up the IP address of the site you are connecting to, so WinGate's DNS resolver would need to be running properly for this.
For HTTP, if you aren't doing any policy stuff or caching on WinGate, you are better off using a TCP mapping proxy on port 80 instead of the WWW proxy, then no DNS lookups would be required for HTTP.
For FTP, you would still need to use an FTP proxy, since the data channels negotiated by the control connection would need to be set up properly.
If you look in the DNS resolver log file, do you get any indication of errors happening?
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by mrees » Nov 11 05 3:24 pm
Adrien,
Thanks for your response.
The strange thing is that DNS has never been activated before (not that I know of) and yet things were running perfectly up until recently.
If I was to activate DNS and get Wingates DNS to resolve the URLs, what IP do I enter as the DNS server? The cascading proxy? Im sure Ive tried before and had no luck.
Yes I am getting errors in DNS. The error Im receiving is:
11/09/05 23:51:00 Request: request [01a3da98] A lookup "au.download.windowsupdate.com."
11/09/05 23:51:00 Error: bounce request [01a3da98]<1> to try 3 (no specific and cannot select)
Any ideas?
Thanks for your response.
The strange thing is that DNS has never been activated before (not that I know of) and yet things were running perfectly up until recently.
If I was to activate DNS and get Wingates DNS to resolve the URLs, what IP do I enter as the DNS server? The cascading proxy? Im sure Ive tried before and had no luck.
Yes I am getting errors in DNS. The error Im receiving is:
11/09/05 23:51:00 Request: request [01a3da98] A lookup "au.download.windowsupdate.com."
11/09/05 23:51:00 Error: bounce request [01a3da98]<1> to try 3 (no specific and cannot select)
Any ideas?
- mrees
- Posts: 10
- Joined: Nov 09 05 6:23 pm
by adrien » Nov 11 05 3:28 pm
Hi
there are 2 parts to DNS in WinGate - the DNS server (which provides DNS to clients on your LAN), and the DNS resolver (which WinGate itself uses whenever it needs to look up an IP address).
In this case, the problem is in the DNS resolver. WinGate often needs to look up an IP address.
In general, wingate will use the same DNS server to do lookups as the host operating system uses - i.e. the settings from your network adapters, or if you use DHCP, then that. Sometimes you need to manually specify which DNS server to use if the OS ones aren't suitable for WinGate (i.e. they may be an AD server for use only for the AD, rather than being able to resolve internet names).
So you need to find a DNS server that WinGate can use for these lookups.
Adrien
there are 2 parts to DNS in WinGate - the DNS server (which provides DNS to clients on your LAN), and the DNS resolver (which WinGate itself uses whenever it needs to look up an IP address).
In this case, the problem is in the DNS resolver. WinGate often needs to look up an IP address.
In general, wingate will use the same DNS server to do lookups as the host operating system uses - i.e. the settings from your network adapters, or if you use DHCP, then that. Sometimes you need to manually specify which DNS server to use if the OS ones aren't suitable for WinGate (i.e. they may be an AD server for use only for the AD, rather than being able to resolve internet names).
So you need to find a DNS server that WinGate can use for these lookups.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by mrees » Nov 11 05 3:36 pm
Thanks Adrien for your speedy repose (Im really keen to get this issue sorted out)
The part that I find strange is that I had absolutely no issues for several years until now. Things worked perfectly until last week.
Could it be assumed that the DNS can be disabled (in the server context) and DNS resolver active? Or does the DNS server need to be active iin order to pass the information to the resolver or clients?
Thanks again for your help,
Matt
The part that I find strange is that I had absolutely no issues for several years until now. Things worked perfectly until last week.
Could it be assumed that the DNS can be disabled (in the server context) and DNS resolver active? Or does the DNS server need to be active iin order to pass the information to the resolver or clients?
Thanks again for your help,
Matt
- mrees
- Posts: 10
- Joined: Nov 09 05 6:23 pm
by adrien » Nov 11 05 5:09 pm
The two are independent. You can't disable the resolver, it is used internally. Sounds like you don't need the service though.
Things that may have changed recently:
1. Your computer's TCP/IP settings changed? DHCP perhaps allocated a different (or no) DNS server?
2. The DNS server you were previously using may have become unavailable, or the server it was using upstream may have become unavailable etc.
Adrien
Things that may have changed recently:
1. Your computer's TCP/IP settings changed? DHCP perhaps allocated a different (or no) DNS server?
2. The DNS server you were previously using may have become unavailable, or the server it was using upstream may have become unavailable etc.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by mrees » Nov 11 05 6:40 pm
Thanks adrien,
I find it strange though that Wingate needs to do DNS lookups when cascading.
I would have thought when in cascading mode, it simply passes all information on that port onto the cascading proxy and let it resolve any requests. Isnt that the concept of cascading proxies?
Man this problem is really starting to aggrevate me. :(
I find it strange though that Wingate needs to do DNS lookups when cascading.
I would have thought when in cascading mode, it simply passes all information on that port onto the cascading proxy and let it resolve any requests. Isnt that the concept of cascading proxies?
Man this problem is really starting to aggrevate me. :(
- mrees
- Posts: 10
- Joined: Nov 09 05 6:23 pm
by mrees » Nov 15 05 4:32 pm
Adrien,
After a bit of packet capturing, it appears the proxy is attempting to resolve all DNS requests via our local DNS servers and not via the cascading proxy.
Any ideas why?
I have the proxy requests being redirected to a cascading proxy. I can only assume that Wingate is meant to pass on those requests to the cascading proxy and NOT attempt to resolve them itself.
Any help or direction would be greatly appreciated
Thanks and regards,
matt
After a bit of packet capturing, it appears the proxy is attempting to resolve all DNS requests via our local DNS servers and not via the cascading proxy.
Any ideas why?
I have the proxy requests being redirected to a cascading proxy. I can only assume that Wingate is meant to pass on those requests to the cascading proxy and NOT attempt to resolve them itself.
Any help or direction would be greatly appreciated
Thanks and regards,
matt
- mrees
- Posts: 10
- Joined: Nov 09 05 6:23 pm
by adrien » Nov 15 05 5:53 pm
Hi Matt
WinGate's DNS resolver uses the DNS server specified in your OS settings - i.e. in your adapters TCP/IP properties.
If you want WinGate's DNS resolver to use the cascading proxy for DNS (this machine therefore would need to be running a DNS server), you would need to add that IP to the list of servers in WinGate's DNS resolver configuration.
If you don't want WinGate to even need to do such resolution, replace the WWW proxy with a TCP mapping proxy on port 80 piped through to the upstream proxy.
Regards
Adrien
WinGate's DNS resolver uses the DNS server specified in your OS settings - i.e. in your adapters TCP/IP properties.
If you want WinGate's DNS resolver to use the cascading proxy for DNS (this machine therefore would need to be running a DNS server), you would need to add that IP to the list of servers in WinGate's DNS resolver configuration.
If you don't want WinGate to even need to do such resolution, replace the WWW proxy with a TCP mapping proxy on port 80 piped through to the upstream proxy.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
12 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests