Slow DNS resolution due to DNS Filter

Question

I noticed in the last few weeks that Chrome would pause a lot with "Resolving Host...". Of course, I blamed Chrome, addons, my machine, etc.

But eventually I realized it wasn't me. Our DNS servers were seeing this slowness. Occasionally nslookup would timeout with the DNS server not returning a response in time, because it wasn't receiving one in time. What I finally tracked it down to is our Fortigate. We have DNS filtering turned on for our Internet policy, and are using category filtering. Once I turned that off, everything returned to normal fast operation, including no slowness with nslookup/dig. Is this normal when this filter is enabled? Our DNS servers are set to use Google's DNS as their forwarders. Don't know if it would help to change that to something else making it easier for Fortigate to see the requests faster. Thanks

ThunderSpartan · Answer

We were having this issue as well, and thanks to your post I turned off the “FortiGuard category based filter” on the DNS filter, and our page loading is much better, we would get time-outs at times loading pages and I have been making changes to our DNS to try and resolve. Hopefully one of the gurus on this forum can explain.  Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded