When taking a trace file, the following information can be found (the values below vary depending on the environment)
Total time added: 12345 ms
Total latency to
byte: 12345 ms
Request latency: 12345 ms
OCS connect time: 12345 ms
Response latency (first byte): 12345 ms
Response latency (last byte): 12345 ms
We can also tell when we face this issue by looking at the time that takes place between the checkpoints client-in and server-out. This is because the DNS query takes place right before the proxy sends the request out to the destination.
client-in: start 10 elapsed 0 ms
server-out: start 12345 elapsed 0 ms
In general DNS lookup is needed for policy evaluation and forwarding to the right IPs. In a reverse proxy scenario, a forward DNS lookup is not required due to the fact that the client is the one performing the DNS queries resolving to a public IP. So in this case, we need to add special entries in the proxy to tell it not to perform DNS lookups for the sites we are having issues with. There are some cases in which this lookup may be required in reverse proxy deployments. More information on this can be found in article TECH242768.
If the DNS Lookups are performed, they can sometimes take too long to reply back, making the proxy unable to move onto the next step (HTTP/HTTPS request). This can cause a high latency issue.