I am running 23.05 with the above mentioned ntopng package.
I have WAN / LAN IGC nics running at 1Gb and some Wireguard interfaces.
This is running on an 8 core i5-8365U with 16GB ram. AES-NI CPU and IPsec-MB are enabled for Wireguard.
ntopng is always configured to monitor LAN only and perform no DNS lookups in the settings.
After starting ntopng it takes less than 10 minutes for unbound to become slower and slower eventually DNS response times take seconds. Restarting unbound solves it for another few minutes. Eventually I stop ntopng, restart unbound and everything instantly goes back to normal with average recursion into 45-65ms mark for DNS over TLS.
I use grafana and the query rate doesn't really change from 2-5 queries per second, just the latency creeps in.
92a0bd53-402f-4c83-a3c9-a5ea8974b9ee-image.png
I have tried a number of things and nothing seems to work.
Disable hardware checksum offload on/off
DNS over TLS to Cloudflare (ipv4/ipv6)
DNS over TLS to Google (ipv4/ipv6)
Default unbound resolving to roots
Removed all packages except PFBlockerNG.
Confirmed igc5 (LAN) was not running in promisc mode before installation of ntopng - in case I was conflicting with other packages.
Are there are any system commands or actions I can take to start troubleshooting this further? This would be appreciated. Any of the unbound stats being sent to Grafana don't really show anything special apart from the increased recursion times.
I used to run ntopng just fine on 22.05, 23.01 is where I had DNS over TLS issues and removed ntopng as part of that troubleshooting exercise. Now on 23.05 and keen to get ntopng back on.
Note ntopng and other tasks run fine, just DNS appears to be affected. iperf tests on the LAN give me close to line speed.
