perhaps we are looking down the wrong path at this point enabling debug logging found a 5 second ldap delay see below
[2015-12-08 14:31:21,496][13346][140328807311296][DEBUG][ldap3:84] BASIC:instantiated Tls: <Tls(validate=0)>
[2015-12-08 14:31:21,496][13346][140328807311296][DEBUG][ldap3:84] BASIC:instantiated Server: <Server(host=u'
company.com', port=636, use_ssl=True, tls=Tls(validate=0), get_info='NO_INFO')>
[2015-12-08 14:31:21,496][13346][140328807311296][DEBUG][ldap3:84] BASIC:instantiated <SyncStrategy>: <ldaps://
company.com:636 - ssl - user: CN=vcadminr,OU=Service Accounts Exemption,OU=Support Resources,DC=company,DC=com - unbound - closed - <no socket> - tls not started - not listening - No strategy - async - real DSA - not pooled - cannot stream output>
[2015-12-08 14:31:21,497][13346][140328807311296][DEBUG][ldap3:84] BASIC:instantiated Connection: <Connection(server=Server(host=u'
company.com', port=636, use_ssl=True, tls=Tls(validate=0), get_info='NO_INFO'), user=u'CN=vcadminr,OU=Service Accounts Exemption,OU=Support Resources,DC=company,DC=com', password='passwd2', auto_bind='NONE', version=3, authentication='SIMPLE', client_strategy='SYNC', auto_referrals=False, check_names=True, read_only=False, lazy=False, raise_exceptions=False)>
[2015-12-08 14:31:21,497][13346][140328807311296][DEBUG][ldap3:84] NETWORK:opening connection for <ldaps://
company.com:636 - ssl - user: CN=vcadminr,OU=Service Accounts Exemption,OU=Support Resources,DC=company,DC=com - unbound - closed - <no socket> - tls not started - not listening - SyncStrategy>
Here is the 5 seconds …. Here relating to ldap though but perhaps that is the problem and why db connection pooling and dns changes aren’t affecting the time pulling keys
[2015-12-08 14:31:26,508][13346][140328807311296][DEBUG][ldap3:84] BASIC:address for <ldaps://
company.com:636 - ssl> resolved as <[2, 1, 6, '', ('10.234.20.99', 636)]>
[2015-12-08 14:31:26,509][13346][140328807311296][DEBUG][ldap3:84] BASIC:address for <ldaps://
company.com:636 - ssl> resolved as <[2, 1, 6, '', ('10.234.20.97', 636)]>
[2015-12-08 14:31:26,510][13346][140328807311296][DEBUG][ldap3:84] BASIC:address for <ldaps://
company.com:636 - ssl> resolved as <[2, 1, 6, '', ('10.234.20.98', 636)]>
[2015-12-08 14:31:26,510][13346][140328807311296][DEBUG][ldap3:84] BASIC:address for <ldaps://
company.com:636 - ssl> resolved as <[2, 1, 6, '', ('10.11.28.21', 636)]>
[2015-12-08 14:31:26,511][13346][140328807311296][DEBUG][ldap3:84] BASIC:address for <ldaps://
company.com:636 - ssl> resolved as <[2, 1, 6, '', ('10.22.244.103', 636)]>
[2015-12-08 14:31:26,511][13346][140328807311296][DEBUG][ldap3:84] BASIC:obtained candidate address for <ldaps://
company.com:636 - ssl>: <[2, 1, 6, '', ('10.234.20.99', 636)]> with mode IP_V6_PREFERRED
[2015-12-08 14:31:26,511][13346][140328807311296][DEBUG][ldap3:84] BASIC:obtained candidate address for <ldaps://
company.com:636 - ssl>: <[2, 1, 6, '', ('10.234.20.97', 636)]> with mode IP_V6_PREFERRED
[2015-12-08 14:31:26,511][13346][140328807311296][DEBUG][ldap3:84] BASIC:obtained candidate address for <ldaps://
company.com:636 - ssl>: <[2, 1, 6, '', ('10.234.20.98', 636)]> with mode IP_V6_PREFERRED
[2015-12-08 14:31:26,512][13346][140328807311296][DEBUG][ldap3:84] BASIC:obtained candidate address for <ldaps://
company.com:636 - ssl>: <[2, 1, 6, '', ('10.235.28.21', 636)]> with mode IP_V6_PREFERRED
[2015-12-08 14:31:26,512][13346][140328807311296][DEBUG][ldap3:84] BASIC:obtained candidate address for <ldaps://
company.com:636 - ssl>: <[2, 1, 6, '', ('10.225.244.103', 636)]> with mode IP_V6_PREFERRED
[2015-12-08 14:31:26,512][13346][140328807311296][DEBUG][ldap3:84] BASIC:try to open candidate address [2, 1, 6, '', ('10.234.20.99', 636)]
[2015-12-08 14:31:26,520][13346][140328807311296][DEBUG][ldap3:84] NETWORK:socket wrapped with SSL for <ldaps://
company.com:636 - ssl - user: CN=vcadminr,OU=Service Accounts Exemption,OU=Support Resources,DC=company,DC=com - unbound - closed - <local:
10.234.25.133:35511 - remote:
10.234.20.99:636> - tls not started - not listening - SyncStrategy>
[2015-12-08 14:31:26,521][13346][140328807311296][DEBUG][ldap3:84] NETWORK:connection open for <ldaps://
company.com:636 - ssl - user: CN=vcadminr,OU=Service Accounts Exemption,OU=Support Resources,DC=company,DC=com - unbound - open - <local:
10.234.25.133:35511 - remote:
10.234.20.99:636> - tls not started - listening - SyncStrategy>