Slow DNS after 22.05
-
@domnado said in Slow DNS after 22.05:
Unbound started acting up again, same error messages. I did make a change to the DNS Resolver settings, but only to the Network Interfaces section. I had to halt the system and unplug power for it to operate normally again.
I think you tickled a clue there -- "make a change to the DNS Resolver settings, but only to the Network Interfaces section."
What specifically did you change there? What setting was working versus what setting you changed it to that resulted in the error message?
-
At first "Network Interfaces" was set to ALL, first I changed it to everything but ALL (LAN, WAN IPv6 Link-Local, LAN IPv6 Link-Local, and Localhost), then I just changed it to LAN and Localhost. I also turned off both Prefetch options in Advanced Settings when I selected LAN and Localhost interfaces. Both changes were fine after a halt and power cord pull. The errors only started after clicking the Apply Changes button.
-
I'm having the same problem with slow DNS after 22.05.
I've had my setup (Netgate 2100) for over a year, everything has been fine.
Suddenly DNS queries are timing out.
No, I didn't change anything, other than to install the upgrade when prompted to do so.
Any suggestions? -
@jax I moved to a virtualized OPNsense instance since the start of the thread. For now, having a better experience. No problems resolving DNS.
-
@mihaifpopa said in Slow DNS after 22.05:
virtualized OPNsense instance
That's good. I'm on a Netgate device and I'd like it to go back to working correctly!
-
@jax What are you seeing when you go to the Diagnostics->DNS Lookup page?
-
First try: about a 9 second wait followed by the correct answer.
Second try: about a 22 second wait followed by the correct answer.The pfSense display shows that 127.0.0.1 is timing out.
I have no idea why the Netgate device is querying itself.
As soon as it queries the next device upstream it gets an answer.Name server Query time 127.0.0.1 938 msec 192.168.xx.xx 48 msec -
Ha! In General Setup -> DNS Resolution Behavior I chose "Use remote DNS servers, ignore local DNS" and things look better now. We'll see if that fixes it.
-
@jax Sounds like DNS Resolver is stopped.
Go to the Service->DNS Resolver page and click the "start" icon in the header, of Status->Services and click it there.FWIW reliance on the ISP DNS servers may result in being handed misleading DNS records. Remember when ISPs would resolve unresolving IPs and pass you to a search page? This helps you avoid that, among other things.
-
@rcoleman-netgate Okay, I restarted the DNS Resolver and have set the DNS Resolution Behavior back to use local DNS with fallback to remote. We'll see how this goes.
-
Do you run Suricata by any chance??
-
@cool_corona No, I don't.
-
@rcoleman-netgate Goes back to lousy performance. I've set it back to using remote DNS.
-
@jax Do you have any DNS specified in general settings??
-
@cool_corona No, no specified DNS servers. It's just using the default, the upstream WAN DHCP-assigned server.
-
-
@cool_corona What package(s) are installed?
-
@cool_corona Trying it unchecked with local + fallback.
-
@rcoleman-netgate no packages installed, just the default Netgate installation
-
@cool_corona Testing with no dns server overrides as you suggested seems to give me the same good performance that was only achieved previously by bypassing the pfSense resolver.
Can you explain this a little bit, please?
