Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow DNS after 22.05

    DHCP and DNS
    31
    270
    132.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jax @rcoleman-netgate
      last edited by

      @rcoleman-netgate Okay, I restarted the DNS Resolver and have set the DNS Resolution Behavior back to use local DNS with fallback to remote. We'll see how this goes.

      1 Reply Last reply Reply Quote 1
      • Cool_CoronaC
        Cool_Corona
        last edited by

        Do you run Suricata by any chance??

        J 1 Reply Last reply Reply Quote 0
        • J
          Jax @Cool_Corona
          last edited by

          @cool_corona No, I don't.

          1 Reply Last reply Reply Quote 0
          • J
            Jax @rcoleman-netgate
            last edited by

            @rcoleman-netgate Goes back to lousy performance. I've set it back to using remote DNS.

            Cool_CoronaC 1 Reply Last reply Reply Quote 0
            • Cool_CoronaC
              Cool_Corona @Jax
              last edited by

              @jax Do you have any DNS specified in general settings??

              J 1 Reply Last reply Reply Quote 0
              • J
                Jax @Cool_Corona
                last edited by

                @cool_corona No, no specified DNS servers. It's just using the default, the upstream WAN DHCP-assigned server.

                Cool_CoronaC 1 Reply Last reply Reply Quote 0
                • Cool_CoronaC
                  Cool_Corona @Jax
                  last edited by

                  @jax Can you pls. uncheck it

                  c685d12f-9bc8-4dfa-86df-a5ac8f143816-billede.png

                  No DNS server overrides and test again.

                  R J 3 Replies Last reply Reply Quote 0
                  • R
                    rcoleman-netgate Netgate @Cool_Corona
                    last edited by

                    @cool_corona What package(s) are installed?

                    Ryan
                    Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                    Requesting firmware for your Netgate device? https://go.netgate.com
                    Switching: Mikrotik, Netgear, Extreme
                    Wireless: Aruba, Ubiquiti

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      Jax @Cool_Corona
                      last edited by

                      @cool_corona Trying it unchecked with local + fallback.

                      1 Reply Last reply Reply Quote 1
                      • J
                        Jax @rcoleman-netgate
                        last edited by

                        @rcoleman-netgate no packages installed, just the default Netgate installation

                        1 Reply Last reply Reply Quote 0
                        • J
                          Jax @Cool_Corona
                          last edited by

                          @cool_corona Testing with no dns server overrides as you suggested seems to give me the same good performance that was only achieved previously by bypassing the pfSense resolver.

                          Can you explain this a little bit, please?

                          Cool_CoronaC J 2 Replies Last reply Reply Quote 0
                          • Cool_CoronaC
                            Cool_Corona @Jax
                            last edited by

                            @jax It overrides the WAN DHCP DNS provided by your ISP provider and that can take some speed out of the equation.

                            You dont have to handshake and verify the DNS by the ISP and oes directly to the 13 root DNS servers.

                            1 Reply Last reply Reply Quote 1
                            • J
                              Jax @Jax
                              last edited by

                              Hmm, there still seems to be weird intermittent slowness in name resolution.
                              I dunno. This may be beyond my personal ability to debug.

                              J 1 Reply Last reply Reply Quote 0
                              • J
                                Jax @Jax
                                last edited by

                                The slowness seems to be mostly focused on cdn services.

                                J 1 Reply Last reply Reply Quote 0
                                • J
                                  Jax @Jax
                                  last edited by

                                  This is really quite frustrating, I'm not getting anywhere debugging this slowness problem.

                                  bmeeksB A 2 Replies Last reply Reply Quote 0
                                  • bmeeksB
                                    bmeeks @Jax
                                    last edited by bmeeks

                                    @jax said in Slow DNS after 22.05:

                                    This is really quite frustrating, I'm not getting anywhere debugging this slowness problem.

                                    The first step in troubleshooting is to isolate the problem. Since you've tried a number of things on pfSense itself, why not take pfSense's DNS completely out of the picture?

                                    1. Do this -- in the SYSTEM > GENERAL SETUP page, down in the DNS Settings area, put 8.8.8.8 (the Google DNS server IP) in the DNS Servers box. Save that change.

                                    2. Next, go to SERVICES > DHCP SERVER and in Servers in the DNS Servers box also put 8.8.8.8. This will tell the DHCP server to give your LAN clients the Google DNS server for name resolution.

                                    Now pfSense is out of the picture unless you have created any DNS related firewall rules previously. See how things behave with this test setup. If things are good, then you can assume you are having issues with unbound on your box when using the default settings. Those default settings configure the DNS Resolver to "resolver mode" and hand out the address of the pfSense box as the DNS server for your DHCP clients.

                                    If things are still poor, then pfSense it likely not at fault here (assuming you don't have a firewall rule in the way), and you need to look elsewhere for the problem.

                                    If you have any DNS related firewall rules, make sure you are allowing both UDP and TCP for port 53 as some DNS lookups will need to use TCP.

                                    1 Reply Last reply Reply Quote 0
                                    • V vaidas referenced this topic on
                                    • V
                                      vaidas
                                      last edited by vaidas

                                      I am too having problems after 22.05 upgrade with dns resolves timing out completely
                                      unbound logs does not show any problems.
                                      config haven't changed from 22.01 where dns worked perfectly.
                                      running bare metal
                                      plugins: openvpn client export, nut service for ups, watchdog that's it.

                                      lohphatL 1 Reply Last reply Reply Quote 2
                                      • J
                                        Jax
                                        last edited by

                                        @bmeeks I took your suggestion and this morning things seem to be working better.
                                        We'll see how things go on later in the day, thanks for your help.

                                        J 1 Reply Last reply Reply Quote 0
                                        • J
                                          Jax @Jax
                                          last edited by

                                          @bmeeks of course this very much suggests pfSense DNS is indeed the problem.

                                          bmeeksB 1 Reply Last reply Reply Quote 0
                                          • bmeeksB
                                            bmeeks @Jax
                                            last edited by

                                            @jax said in Slow DNS after 22.05:

                                            @bmeeks of course this very much suggests pfSense DNS is indeed the problem.

                                            But it's not a widespread problem or the forum here would be overflowing with posts about it. There are only a few. Not saying there can't be a problem, but it's not affecting everyone it seems.

                                            It's entirely possible your virtualization environment could be at fault here as well. There could be an issue with the latest pfSense (FreeBSD) version and Proxmox.

                                            J 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.