DNS lookup takes a long time with GP

Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS lookup takes a long time with GP

L1 Bithead

GlobalProtect Gateway is being used, and all traffic is being routed to the firewall except for some network.


DNS lookup takes a long time when I input the domain (website which not in the PC DNS table) that the browser accesses first while connected to a VPN

- DNS Lookup time takes about 5-10 seconds


The DNS server is using an internal server, and the network is belong to split tunneling exceptions.


I am wondering why DNS lookup processing is delayed.

Or is it correct that DNS lookup takes a long time during VPN connection?


Accepted Solutions

L1 Bithead

The issue was resolved as follows.


Cause: Querying queries to all NICs that have DNS Lookup enabled, so lookup time increases while waiting for results from VPN NIC


Resolution: Register in paloalto registry to run batch script after VPN authentication.
The script content deletes the DNS Server settings of the VPN NIC to set DNS queries to use only the primary NIC of the PC.

View solution in original post


L7 Applicator

Do you also have GP app setting to split tunnel DNS and what GP client version are you using?

GP Client version is 5.2.6-87(latest)

And Split-Tunnel Option is "Both Network Traffic and DNS" from GP-Portal-Agent-Config-App

Try removing that setting from the agent to see if that is the issue.

are you testing with a dns lookup tool/app or in the browser itself.

That option was initially "Network Traffic Only", but DNS Lookup took a long time, so I switched to "Both Network Traffic and DNS".

The test is being done on my PC, and the DNS cache table is checked with the "ipconfig /displaydns" command.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!