NSLOOKUP vs. Sophos WS1000
My struggling with NSLOOKUP and DNS, covered in other posts, relates back to a problem with our Sophos WS1000 web appliance. I'm now after some help with this source problem.
At the moment our main Internet connection is provided by the CC. All staff go directly through this, whereas students first go through the WS1000. Around 2-3 weeks ago, but possibly longer*, the Internet for students started performing oddly e.g. in a class of 30 some could open pages, and half often not at all.
After some troubleshooting it was identified that the WS1000 was part of the problem, as redirecting the Internet to go directly to the CC connection resolved the performance issue. After a week or so of toing and front with Sophos Support it was identified that NSLOOKUP on the WS1000 is very slow, often taking several seconds to resolve a single address. Sophos Support said the problem is with our DNS, hence for us to resolve.
The problem is that to get our CC Internet connection to work we have to go through a proxy, which is of course bypassing the internal DNS anyway, therefore isn't testing it. To try and get my head around where the problem lies I have used a command line programme called Dig (from BIND BIND | Internet Systems Consortium ) to carry out a timed NSLOOKUP from my PC, and the speed appears to be very quick (milliseconds). I also pointed the WS1000 gateway at a secondary connection we have on-site (a simple BT connection) and it was still problematic using our DNS server. I then switched it to Google DNS, and it was fine.
I'm now stuck as to what to test further to try and resolve where the problem is. Sophos are saying it's us, yet it isn't clear whether our DNS is definitely at fault (Dig suggests not).
Anyone have any ideas?
*Teachers were a bit slow in reporting this, so I'm wondering if it dates back to Christmas. Over the Christmas holidays our old physical DNS servers were shutdown and replaced by a virtual server. I'm not sure whether this is related. Also none of our student PCs (coincidentally all those affected) are appearing in reverse lookup, albeit the DHCP lease was set to 8 days. Today I changed this to 1 day.