Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 7487 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Websites hanging on load sometimes

jamesharper

Hi,

A customer has reported that sometimes websites don't load. The browser just sits there spinning. If he closes the browser tab and opens a new one it normally works just fine.

Nothing in the logs suggests any sort of connectivity problem, and the problem isn't reproducible on demand. It feels like a DNS issue but I can't be sure.

The endpoints are using the Sophos as the DNS server (with request routing to get connectivity to the DC for the internal domains).

I'm running a tcpdump on port 53, but that could run for days before the problem is reported again.

Sophos is 17MR2

IPS is off (never turned on)

I haven't yet tried turning off web filtering or ATP.

What should I try next?

Thanks

James



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    (I thought I already posted this but must have forgotten to click post...)

    What do you mean by "not reliable performance wise"? Is it the same as I am describing where sometimes a website just won't load initially, but then does on a subsequent attempt?

    I created the following script that loops around restarting dnsd and then doing some lookups and reporting any that take more than 1000ms:

    #!/bin/sh

    test_domains="reddit.org abc.net.au slashdot.org www.bendigobank.com.au bendigobank.com.au"

    while [ 1 ]
    do
     service dnsd:restart -ds sync
     sleep 20
     for domain in $test_domains
     do
      host -W 1 -t a $domain >/dev/null || echo failed to look up $domain
     done
    done

    Without the "sleep 20", the first request takes around 2 seconds. dnsd must need a bit of time to start up maybe?

    I ran it overnight and got 11 reports of "failure" out of 1400 iterations. This is on a 50mbit link so I wouldn't expect any dns request to take more than a second, but measuring "failure" as >1000ms is probably still a bit harsh. I will change it to 2 seconds and see if it makes any difference.

    James

  • 0 in reply to jamesharper

    Hi James,

    reliability performance wise, I found that using the XG as the primary DNS the response times varied and yes sometime the first attempt would not load, but a second browser would load quickly.

    I have the same issue with my MBP, but not on other devices my wife's MBP or iPad all load quickly first time and that is using the server as a the DNS. I am currently running v17.0.3 mr-3 and performance has improved since early yesterday morning, not sure what happened in the XG scanning updates. I didn't get a failure first thing this morning.

    Ian

     

    Extra information:- my wife used to complain about how long her European sites took to load, that is one example, then I showed her the status bar at the bottom of the web page showing 'waiting for sitexxxx to load', performing tls handshake. Changing to the server has reduced the waiting time. I also did lookup tests and traceroute to show her how far electronically the connection is to help set expectations.

    Then of course there is the big performance improvement when using the phone hotspot, no firewall to check sites visited.