Description
This article describes how to identify DNS latency issues in the configuration.
When there is high latency in DNS traffic, this results in a sluggish overall experience for end users.
Scope
FortiGate.
Solution
In the DNS Settings pane, to identify DNS latency issues in the configuration is possible.
Go to Network -> DNS to view DNS latency information in the right sidebar.
If FortiGuard DNS is used, latency information for DNS, DNS filter, web filter, and outbreak prevention servers is also visible.
Point over a latency value to see when it was last updated.
To show more information about DNS server stat such as number of requests sent and number of responses received, timeouts or round-trip time value, use the following command:
To view DNS latency information using the CLI:
diagnose test application dnsproxy 3
DNS servers:
96.45.45.45:53 vrf=0 tz=0 encrypt=none req=16462790 to=10917569 res=0 rt=1494 ready=1 timer=0 probe=0 failure=2 last_failed=300
96.45.46.46:53 vrf=0 tz=0 encrypt=none req=2050940 to=1424553 res=0 rt=1494 ready=1 timer=0 probe=0 failure=7 last_failed=235
To view DNS latency information using the CLI:
diagnose test application dnsproxy 2
worker idx: 0 worker: count=1 idx=0 retry_interval=500 query_timeout=1495 DNS latency info: vfid=0
server=2001::1 latency=1494 updated=73311 vfid=0
server=208.91.112.52 latency=1405 updated=2547 vfid=0
server=208.91.112.53 latency=19 updated=91
SDNS latency info: vfid=0 server=173.243.138.221 latency=1
worker idx: 0 worker: count=1 idx=0 retry_interval=500 query_timeout=1495 DNS latency info: vfid=0
server=2001::1 latency=1494 updated=73311 vfid=0
server=208.91.112.52 latency=1405 updated=2547 vfid=0
server=208.91.112.53 latency=19 updated=91
SDNS latency info: vfid=0 server=173.243.138.221 latency=1
Note: When the DNS Server is unreachable on the output of the dnsproxy 2 will show latency = -1.
diagnose test application dnsproxy 2
worker idx: 0
worker: count=1 idx=0
retry_interval=500 query_timeout=1495
DNS latency info:
vfid=0 server=96.45.46.46 latency=-1 updated=112 <----
vfid=0 server=8.8.8.8 latency=-1 updated=163
SDNS latency info:
DNS_CACHE: alloc=0, hit=0
RATING_CACHE: alloc=0, hit=0
DNS query: alloc=26
DNS UDP: req=33833 res=0 fwd=73857 cmp=14501 retrans=46159 to=33799
cur=507 switched=2331129 num_switched=73
v6_cur=0 v6_switched=0 num_v6_switched=0
DNS FTGD: ftg_fwd=0, ftg_res=0, ftg_retrans=0
DNS TCP: req=0, res=0, fwd=0, retrans=0, to=0
worker idx: 0
worker: count=1 idx=0
retry_interval=500 query_timeout=1495
DNS latency info:
vfid=0 server=96.45.46.46 latency=-1 updated=112 <----
vfid=0 server=8.8.8.8 latency=-1 updated=163
SDNS latency info:
DNS_CACHE: alloc=0, hit=0
RATING_CACHE: alloc=0, hit=0
DNS query: alloc=26
DNS UDP: req=33833 res=0 fwd=73857 cmp=14501 retrans=46159 to=33799
cur=507 switched=2331129 num_switched=73
v6_cur=0 v6_switched=0 num_v6_switched=0
DNS FTGD: ftg_fwd=0, ftg_res=0, ftg_retrans=0
DNS TCP: req=0, res=0, fwd=0, retrans=0, to=0
