A
A
Artem2016-01-18 10:20:15
Domain Name System
Artem, 2016-01-18 10:20:15

Why do some sites open for 15-20 minutes Mikrotik?

The bottom line is this: they replaced the old kerio with a brand new RB2011UiAS-RM.
Fire config for microt is standard.
Domain network, DNS is used on the DC.
Some sites (for example, rbc.ru www.delikateska.ru) began to open for 40 minutes.
What was done:
1. "Played with browser settings" (because the page code is downloaded, the display occurs after 15 minutes, I thought it was in one machine, but no, the whole office)
2. Disabled the antivirus (Casper 6.0 WS)
3. Substituted Google DNS
4. VPN was outside on microt, on a home computer through VPN everything opened normally.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
V
Vladimir Dubrovin, 2016-01-18
@gangz

Set the correct MTU values ​​(most likely they are now set higher than the real ones) on the link with the provider and on the interface to the local network + check if ICMP fragmentation needed packets are being cut.

W
Walt Disney, 2016-01-18
@ruFelix

The site cannot open for so long, the browser will throw a window that the site is not available.
So the browser thinks it's displaying the site. Accordingly, we assume that the site is blocked by the asynchronous loading of some external resource in a cycle, respectively, we can assume that these are some kind of buttons / plugins of social networks or some kind of advertising networks or blockers of advertising series or counters, etc.
Try f12 in chrome on the networks tab to see what the process is hanging on.
ps For a long time, when delivering a project at the customer's office, I had the experience that content filtering in the browser in Kaspersky cannot be disabled, he cut the js code in the site admin panel, and when the module was disabled or closed, the filtering Internet remained active.

O
oldbro, 2016-01-18
@oldbro

I would start by updating the firmware, deleting the default microt config. From scratch, I set up only a minimum (switch, local network and nat). Without firewall and dns (register by hand on the machine).
If it does not fix, then:
I would check if there are two DHCP servers (on Mikrotik and in AD, for example, they suddenly forgot whether there is a dhcp server from the provider). I would check the tracing to problem sites, comparing it with the tracing of normally working sites. I would set up a firewall to prohibit the entire LAN, except for my computer, from accessing the Internet (a tougher option would be to disable all physical switches from the microtic, leaving a direct cable to my computer). Well, there, already further to dance.

A
alexxandr, 2016-01-18
@alexxandr

Since they were written by oblique web macaques. JS for 15 megabytes is the norm. And best of all - if on shared hosting.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question