Hello All,

We've been using BorderManager for several years and just recently
started having apparent problems with DNS name resolution.

We are running the following:

=> BorderManager Enterprise Edition 3.6 with SP2A and BM36C02

=> NetWare 5.1 with SP6 and TCP583Jrev2 (TCP.NLM v5.93o, 128-bit
encryption, TCPIP.NLM v5.93j domestic)

Note that NW51SP6 and TCP583Jrev2 were installed after we began to
experience problems; but they don't appear to have changed anything.

The BorderManager server private interface is to our switched 100Mbps

Ethernet LAN; public interface is at 10Mbps to a 10Base-T hub, and
there to a Cisco router and T-1 to the ISP. (Again, all of this has been working fine for years and has not changed.)

The BorderManager server is configured to use three external DNS name

servers provided by our ISP (MCI). The status of these servers in the

Proxy Console DNS Statistics page goes up and down throughout the day.

They all respond to PING in typically 20-70ms. The DNS Proxy is using

UDP, and UDP request statistics are showing approximately 50% of
requests "timed out". In NetWare Administrator, on the BorderManager

Setup details page, the DNS settings are:

Transport Protocol: UDP
DNS Resolver Timeout: 3 minutes
Negative DNS Lookup: 1 minute
Maximum DNS Entry TTL: 1 day
Minimum DNS Entry TTL: 2 minutes
Maximum DNS Entry Threshold: 2500

Symptoms at the workstation browser end are mainly very slow load
when the first page of an external website is accessed, often with DNS

failure notices from BorderManager; usually clicking Refresh or Reload

will bring up the page. Subsequent pages from the same site usually come up much faster and more reliably.

On the face of it, it would appear that the external name servers are

not responding promptly. Our ISP says that these are the most
responsive and least overloaded of the name servers they have
for their customers.

Is there anything that might be wrong at our end, anything to check
or change, before I conclude that the problem is with the ISP's name servers?

Doug Percival, CNE
LAN Administrator
World Resources Institute
Voice: 202-729-7614
Fax: 202-729-7610
Email: dougp@wri.org