none
Problem with proxy and DNS RRS feed

  • Question

  • Hello,

    in our company we use Internet Explorer 8... (i know...) We also have a proxy and 4 DNS servers. Last weekend we suddenly had an issue where internet pages could not be loaded. When we did some testing with Wireshark we saw that it took a long time to query www.google.com or www.microsoft.com. The query went from the first DNS server to the second and so on. This behaviour was shown on Windows 2008 R2 servers with Citrix and also the workstations and laptops with Windows 7.

    When we deleted the DNS servers from the network settings and set the proxy ip-adres in the browser the problem was solved. So the problem had to be in DNS.

    After that we deleted the list of Root Hints and the problem seemed to be solved. However, when we look in wireshark we still see that external addresses are queried againts our local DNS servers. In internet explorer we have a policy active where the proxy is set. We have two proxies and the problem exists with both of them.

    So the question is, why does IE8 still query all four DNS servers even when we have a proxy? Why is there a lot of delay there?

    Thanks!

    Wednesday, May 14, 2014 1:22 PM

Answers

  • Hi,

    Generally, if you configure IE with an explicit proxy:

    1.User types an address

    2.The address is checked for string matches against the IE proxy exceptions list

    a. If matching a bypassed entry, DNS is used to resolve the name, and the client connects directly to the target IP address on port 80 (assumed), then sends a request like:

    GET /something.htm HTTP/1.1

    Host: fulldomainame.example.com

    b. If non matching, continue

    3.The client connects to its configured proxy and sends a request of the form:

    GET http://fulldomainname.example.com/something.htm HTTP/1.1

    (this use of the FQDN in the URL is one way you can tell that a client thinks it's talking to a proxy instead of a real web server)

    4.The proxy resolves the name, connects to the target site, etc, etc

    So what’s your configuration of proxy?


    Alex Zhao
    TechNet Community Support

    Thursday, May 22, 2014 5:12 AM
    Moderator

All replies

  • Hi,

    We already set up a test environment to help you find the root cause, and we will give you a result after that.

    This post is just to tell you we have been trying to solve this and give you an update .

    Regards


    v-yamliu

    Friday, May 16, 2014 10:17 AM
  • So the question is, why does IE8 still query all four DNS servers even when we have a proxy? Why is there a lot of delay there?

    How much delay?  I keep imagining that there are vestiges of  AutoScan  hanging around in both  IE and the OS.   <eg>

    There never has been any (obvious) way of tweaking timeout for lookups.  So, if you had a very slow dial-up service or slow DNS on a LAN you would see weird symptoms like this.  The stupidest ones were when dial-up was used with Never dial.  Then it seemed that the timings were LAN settings, not ones which would be appropriate for setting up PPP or perhaps now even PPPoE.

    Actually, I just remembered seeing last year that someone had published something related to this...

    http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx 

    (BING search for
        DNS timeout lookup modify
    )

    I not sure that's the one I was remembering but it has similar detail.

     

    FYI



    Robert Aldwinckle
    ---

    Friday, May 16, 2014 2:14 PM
    Answerer
  • Hi,

    Generally, if you configure IE with an explicit proxy:

    1.User types an address

    2.The address is checked for string matches against the IE proxy exceptions list

    a. If matching a bypassed entry, DNS is used to resolve the name, and the client connects directly to the target IP address on port 80 (assumed), then sends a request like:

    GET /something.htm HTTP/1.1

    Host: fulldomainame.example.com

    b. If non matching, continue

    3.The client connects to its configured proxy and sends a request of the form:

    GET http://fulldomainname.example.com/something.htm HTTP/1.1

    (this use of the FQDN in the URL is one way you can tell that a client thinks it's talking to a proxy instead of a real web server)

    4.The proxy resolves the name, connects to the target site, etc, etc

    So what’s your configuration of proxy?


    Alex Zhao
    TechNet Community Support

    Thursday, May 22, 2014 5:12 AM
    Moderator
  • Hi Kenny,

    Just wanted to check if you were able to fix this issue as I am having the same issue when using zscaler webproxy IE 11 crashes and goes slow.

    Thanks

    Wednesday, January 27, 2016 1:01 AM
  • Hi, Since we upgraded to IE11 after finally having app support from Oracle we haven't had any issues. Sorry but i am unable to help you. Good luck!
    Wednesday, January 27, 2016 9:26 AM