When taking a trace file, the following information can be found (the values below vary depending on the environment)
Total time added: 12345 ms
Total latency to first byte: 12345 ms
Request latency: 12345 ms
OCS connect time: 12345 ms
Response latency (first byte): 12345 ms
Response latency (last byte): 12345 ms
We can also tell when we face this issue by looking at the time that takes place between the checkpoints client-in and server-out. This is because the DNS query takes place right before the proxy sends the request out to the destination.
client-in: start 10 elapsed 0 ms server-out: start 12345 elapsed 0 ms
In general DNS lookup is needed for policy evaluation and forwarding to the right IPs. In a reverse proxy scenario, a forward DNS lookup is not required due to the fact that the client is the one performing the DNS queries resolving to a public IP. So in this case, we need to add special entries in the proxy to tell it not to perform DNS lookups for the sites we are having issues with. There are some cases in which this lookup may be required in reverse proxy deployments. More information on this can be found in article TECH242768.
If the DNS Lookups are performed, they can sometimes take too long to reply back, making the proxy unable to move onto the next step (HTTP/HTTPS request). This can cause a high latency issue.
Access the Management Console
Go to Configuration > Policy > VPM (Visual Policy Manager) > Configuration > DNS Lookup Restrictions
Click on "Listed host patterns"
Add and type in the name of the domain that's having issues as shown below:
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.