Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow DNS Resolver Infrastructure Cache Speed

    Scheduled Pinned Locked Moved DHCP and DNS
    11 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @Eria211
      last edited by

      @eria211

      Did you try the default Resolver mode ?
      Forwarding tends to be a couple of ms faster, but with "+700" on the scale I wouldn't bother.

      This is considers 'not fast' - even on my 23 Mbits down, 2 Megabits up ADSL type of connection :

      ec7cd279-cc60-455e-b12d-c988bc279d05-image.png

      Note : 199.9.14.201 is the k-root server. One of the 13 real Internet root DNS servers. Not a commercial one.

      Btw : it's always the ISP ! Your uplink is saturated, or, more up stream, their peering to 8.8.8.8 etc is plain bad.
      Do a buffer bloat test.

      Your " Infrastructure Cache Stats" is empty ?! Did you just restarted unbound ?
      Mine restarted a week or so ago. Keep in mind that restarts will empty the cache => all the speed benefits are gone. My cache contains several thousands of entries.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      E 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Eria211
        last edited by

        @eria211 its a bad idea to forward to NS that do different stuff.. You have opendns in there "filtering" and then you have non filtering NS as well.

        So which is it - do you want stuff filtered, or do you want stuff not filtered? Because you have no idea which one is going to get asked..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • E
          Eria211 @Gertjan
          last edited by

          @gertjan Thanks for your reply

          I will toggle a few over to default resolver mode and report back

          I have not restarted unbound since yesterday, I did think it was odd that there was nothing in the infrastructure cache but when I run

          unbound-control -c /var/unbound/unbound.conf dump_cache

          I do get output seemingly thousands of lines long

          Could this be a GUI bug on the cache or do I have a cache problem? I am getting identical behavior on multiple pfsense units

          @johnpoz I wasnt aware that 208.67.222.222 or 208.67.220.220 had filtering in place, I thought these opendns servers were the unfiltered ones

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Eria211
            last edited by

            @eria211 said in Slow DNS Resolver Infrastructure Cache Speed:

            I thought these opendns servers were the unfiltered ones

            They don't have those - unless you went into your control panel and set filtering to none for the IP doing the queries. And even if you do that, I do believe they still actually filter some stuff.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            E 1 Reply Last reply Reply Quote 0
            • E
              Eria211 @johnpoz
              last edited by

              @johnpoz Ok thank you for that, I will make the change to disable forwarding mode later when the devices arent in use

              Should I have entries in the DNS Resolver Infrastructure Cache Stats? or am I encountering a GUI bug? I do get results when I dump the cache in terminal but not when viewing it in the GUI

              johnpozJ GertjanG 2 Replies Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @Eria211
                last edited by

                @eria211 what do you think should be in in your cache stats.. It would be the NS you have talked to.. That probe delay and lame should normally would be zeros

                When you forward, the only NS listed there would be the ones your forwarding too. I have hundreds of entries because I resolve, not forward.

                If you want to forward, have at it.. I personally do not understand why someone would want to even. Unless they had a problematic internet connection, or super high latency like sat connection or something.

                Look at your recursion times.. Now look at mine, and I resolve.

                thread0.recursion.time.avg=0.077631
thread0.recursion.time.median=0.0387047
thread1.recursion.time.avg=0.101424
thread1.recursion.time.median=0.0554224
thread2.recursion.time.avg=0.080589
thread2.recursion.time.median=0.0506946
thread3.recursion.time.avg=0.075362
thread3.recursion.time.median=0.0423724
total.recursion.time.avg=0.079575
total.recursion.time.median=0.0467985

                Why anyone would send all their queries to some service (guess you trust them very much).. Now if what you wanted was their filtering - ok sure.. You trading off trust for service they provide, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Eria211
                  last edited by

                  @eria211 said in Slow DNS Resolver Infrastructure Cache Speed:

                  or am I encountering a GUI bug?

                  The GUI runs something like "unbound-control -c /var/unbound/unbound.conf dump_cache" for you and then shows what was being dumped.

                  This might answer a future question : run this :

                  grep 'start' /var/log/resolver.log

                  and you know how often unbound restarts == how often the cache gets wiped == how often your local DNS stops functioning while it is restating.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @Gertjan
                    last edited by johnpoz

                    @gertjan said in Slow DNS Resolver Infrastructure Cache Speed:

                    The GUI runs something like "unbound-control -c /var/unbound/unbound.conf dump_cache"

                    No the gui is showing you the INFRASTRUCTURE cache.. Not the actual cache.. which is not the same thing. The infrastructure cache is the the info it has about talking to NS. how fast they respond, etc. Which ones they are for domains, etc.

                    Not the cache of say www.whatever.tld..

                    The gui is showing you this
                    dump_infra show ping and edns entries

                    save.jpg

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @johnpoz
                      last edited by

                      @johnpoz
                      Oops, you're right. '_dump' isn't '_infra'.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      E 1 Reply Last reply Reply Quote 0
                      • E
                        Eria211 @Gertjan
                        last edited by

                        @gertjan @johnpoz Thank you both for your advice, things are running a lot more smoothly now

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.