• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Slow DNS after 22.05

DHCP and DNS
31
270
132.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mvikman @johnpoz
    last edited by Aug 16, 2022, 10:41 PM

    @johnpoz

    I have IPv6 disabled and I don't have IPv6 address, my ISP doesn't support it.

    The current unbound config file doesn't have that custom options section, because I haven't set any custom options.
    But I tested adding the custom options and it does add them in the config file.

    Just curious about that unbound's "do-ip6" is set to "no" without using custom options to set it.

    pfSense Plus 24.11-RELEASE (amd64)
    Dell Optiplex 7040 SFF
    Core i5-6500, 8GB RAM, 2x 240GB SSD (ZFS Mirror)
    HPE 561T (X540-AT2), 2-port 10Gb RJ45
    HPE 562SFP+ (X710-DA2), 2-port 10Gb SFP+

    J 1 Reply Last reply Aug 16, 2022, 11:29 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @mvikman
      last edited by Aug 16, 2022, 11:29 PM

      @mvikman said in Slow DNS after 22.05:

      "do-ip6" is set to "no" without using custom options to set it.

      pretty pointless to do IPv6 if you don't have IPv6..

      i unchecked that box and yes if you save a config on unbound then it sets that to no..

      [22.05-RELEASE][admin@sg4860.local.lan]/root: cat /var/unbound/unbound.conf
      ##########################
      # Unbound Configuration
      ##########################
      
      ##
      # Server configuration
      ##
      server:
      
      chroot: /var/unbound
      username: "unbound"
      directory: "/var/unbound"
      pidfile: "/var/run/unbound.pid"
      use-syslog: yes
      port: 53
      verbosity: 1
      hide-identity: no
      hide-version: no
      harden-glue: yes
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      M 1 Reply Last reply Aug 17, 2022, 12:14 AM Reply Quote 0
      • M
        mvikman @johnpoz
        last edited by Aug 17, 2022, 12:14 AM

        @johnpoz said in Slow DNS after 22.05:

        @mvikman said in Slow DNS after 22.05:

        "do-ip6" is set to "no" without using custom options to set it.

        pretty pointless to do IPv6 if you don't have IPv6..

        i unchecked that box and yes if you save a config on unbound then it sets that to no..

        Yeah, that makes sense.

        While reading this thread, I just somehow got stuck with the thought that to "fully disable" IPv6, that in addition to unchecking "Allow IPv6" in advanced settings, you would need to set the "do-ip6: no" to custom options. XD

        pfSense Plus 24.11-RELEASE (amd64)
        Dell Optiplex 7040 SFF
        Core i5-6500, 8GB RAM, 2x 240GB SSD (ZFS Mirror)
        HPE 561T (X540-AT2), 2-port 10Gb RJ45
        HPE 562SFP+ (X710-DA2), 2-port 10Gb SFP+

        J 1 Reply Last reply Aug 17, 2022, 2:28 AM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @mvikman
          last edited by Aug 17, 2022, 2:28 AM

          @mvikman You don't have to disable IPv6 - you just need to keep unbound from using it as a transport.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          V 1 Reply Last reply Aug 21, 2022, 2:02 AM Reply Quote 0
          • V
            vbredjp @johnpoz
            last edited by Aug 21, 2022, 2:02 AM

            having problems on 22.05 when DNS sometimes just stop resolving, but only certain domains (sometimes obscure domains) so it is hard to notice, as other domains are resolved ok.
            do-ip6:no did not solve the problem.

            1 Reply Last reply Reply Quote 0
            • S
              serbus
              last edited by Aug 21, 2022, 4:27 AM

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • V
                vbredjp
                last edited by vbredjp Aug 22, 2022, 5:41 PM Aug 22, 2022, 5:39 PM

                This problem is getting unbearable, considering rolling back to previous version, what is the schedule for new pfsense+ release? as it may have newer unbound version with problem fixed..
                I think I am being impacted by this bug
                https://github.com/NLnetLabs/unbound/issues/670

                but setting do-ip6: no does not solve problem for me.

                S 1 Reply Last reply Aug 22, 2022, 7:06 PM Reply Quote 0
                • S
                  SteveITS Galactic Empire @vbredjp
                  last edited by Aug 22, 2022, 7:06 PM

                  @vbredjp said in Slow DNS after 22.05:

                  what is the schedule for new pfsense+ release

                  The next version will be 22.11, so presumably at least 3-4 months away.

                  I admit to not reading every post in detail, but for those seeing this, when it happens does restarting the DNS Resolver service clear it?

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote 👍 helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • B
                    bmeeks
                    last edited by bmeeks Aug 23, 2022, 12:45 AM Aug 22, 2022, 11:22 PM

                    I believe there is more than a single unbound bug at work here. When you look at the commit history on the unbound GitHub repo and in the Change Log, you see a number of changes that are now rolled up into the latest 1.16.2 version of unbound.

                    It's a bit of an unfortunate timing thing that resulted in the current version of CE (2.6.0) having a much older unbound package (1.13.2) that is not impacted by the current bugginess of 1.15.0 (the version currently packaged with pfSense Plus 22.05).

                    So the issue appears to be first limited to just pfSense Plus installations, but certainly not all of them. CE users are running a much older unbound package and appear to not be suffering from this bug.

                    One thing the Netgate team could consider is bringing the current 1.16.2 version of unbound into their 22.05 FreeBSD Ports tree and thus making it available for manual installation (or upgrade) for those users impacted by the bug. Or put the older 1.13.2 version into the pfSense Plus 22.05 package repo. That would be a more complicated "update" for users, though, as they would likely need to manually remove the unbound package and then add it back as pkg would not normally see 1.13.2 as an "upgrade" for 1.15.0.

                    V A 2 Replies Last reply Aug 31, 2022, 1:46 PM Reply Quote 2
                    • V
                      vbjp
                      last edited by Aug 23, 2022, 1:21 AM

                      @steveits
                      I have this problem really hard to troubleshoot as it impacts only certain domains not resolving at sporadic times. Restarting unbound service solves the problem for a while, but it's not sustainable as only yesterday I had to restart unbound 4 times.

                      1 Reply Last reply Reply Quote 0
                      • V
                        vbjp @bmeeks
                        last edited by Aug 31, 2022, 1:46 PM

                        @bmeeks said in Slow DNS after 22.05:

                        One thing the Netgate team could consider is bringing the current 1.16.2 version of unbound into their 22.05 FreeBSD Ports tree and thus making it available for manual installation (or upgrade) for those users impacted by the bug. Or put the older 1.13.2 version into the pfSense Plus 22.05 package repo. That would be a more complicated "update" for users, though, as they would likely need to manually remove the unbound package and then add it back as pkg would not normally see 1.13.2 as an "upgrade" for 1.15.0.

                        This would be great people who don't have any problems could stay on default unbound version, and these with problems could manually install latest.
                        I unfortunately live in Japan and here lots of users like yahoo.co.jp from my observations this is worst offender, breaks 1 to 5 times a day, also other sites in co.jp break way more than com, net etc. Yesterday had amazon.co.jp break but amazon.com working perfectly. rebooting unbound everyday is getting a chore. Waiting 2-3 months until 22.11 release would be hell.

                        1 Reply Last reply Reply Quote 0
                        • Y
                          yellowRain
                          last edited by yellowRain Sep 12, 2022, 4:43 PM Sep 12, 2022, 4:41 PM

                          I have major issue with unbound on PfSense Plus latest stable version :

                          DNS lookups are slow because unbound (the DNS Resolver) frequently restarts

                          I do not know what to do, as system logs show no useful information

                          I'm with unbound 1.15.0.

                          I see strange hotplug events regarding igc0 in the General tab simultaneously, which may cause new dhcp lease and unbound restart.

                          Should I open a ticket, is it yet another intel nic driver / hardware issue ?

                          (SG-6100)

                          Y GertjanG 2 Replies Last reply Sep 12, 2022, 6:18 PM Reply Quote 0
                          • Y
                            yellowRain @yellowRain
                            last edited by Sep 12, 2022, 6:18 PM

                            @yellowrain EDIT : I do not use the igc0 port anymore.
                            Just realized ix0 is smoother. Too bad I did not do that earlier.

                            1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @yellowRain
                              last edited by Sep 13, 2022, 5:21 AM

                              @yellowrain said in Slow DNS after 22.05:

                              I see strange hotplug events regarding igc0 in the General tab simultaneously, which may cause new dhcp lease and unbound restart.

                              igc0 is your WAN ?
                              That would be a very valid reason for unbound, actually any process, that uses interfaces.
                              3 things to test : the cable. The interface on the other side, the igc0 from your 6100.
                              The cable test is easy ;)
                              You could use another WAN interface on your 6100, it has plenty of interfaces ;)
                              Testing the other side : use another NIC, if ythe upstream device has more then one, or put a switch between your WAN (igc0) and your upstream device. This will hide the problem, you still have to check why the upstream device pulls its interface down. If this is a modem type device, it does so because your uplink went down.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              Y 1 Reply Last reply Sep 19, 2022, 4:29 PM Reply Quote 0
                              • S SteveITS referenced this topic on Sep 13, 2022, 10:10 PM
                              • GertjanG Gertjan referenced this topic on Sep 14, 2022, 6:26 AM
                              • GertjanG Gertjan referenced this topic on Sep 14, 2022, 6:26 AM
                              • S scottlindner referenced this topic on Sep 14, 2022, 2:26 PM
                              • S scottlindner referenced this topic on Sep 14, 2022, 2:26 PM
                              • S scottlindner referenced this topic on Sep 14, 2022, 2:27 PM
                              • S scottlindner referenced this topic on Sep 14, 2022, 2:27 PM
                              • Y
                                yellowRain @Gertjan
                                last edited by Sep 19, 2022, 4:29 PM

                                @gertjan my current config was igc0 for LAN. ix2/ix3 for WAN.
                                I had time to fully investigate all logs this summer.

                                the interface on the other side has been rock stable (trusty business grade switches Zyxel XG1930-10).

                                2.5gbps on igc0 is still not as stable as I would wish, based on my experience. (connection lost even at max power, green ethernet not working, short cable setting unreliable. That makes unbound restart and the restart process takes time)

                                Cable may be one reason, you're right, I had Cat 6A, though even another fully compatible 10gbps cable make the igc0 exhibit same symptoms (maybe less, but I rushed thoses tests...).

                                So at the end, for today, I use only ix0 for LAN, ix2/ix3 for WAN. Those interfaces are server-level Intel chipsets based. Other interfaces I have in my homelab are almost all X550 (NAS, server), and that works well. Only one exception is one aquantia thunderbolt 3 interface for my laptop, which is great also for this type of device.

                                I also fully investigated the wireless part, thanks to openwrt on wrt3200acm (6ghz wifi routers are still not widely available here in Europe). There I found some IoT smart plugs screwing 2.4Ghz network, on which devices land sometimes. I had to add a separate 2.4Ghz radio to isolate thes IoT devices. 5ghz was already optimized, but the latest 22.03 OpenWRT build brought long uptime stability (or at least uncluttered the logs).

                                That way, confcalls over Teams, voWifi calls and DNS resolution are now stable.

                                1 Reply Last reply Reply Quote 0
                                • S SteveITS referenced this topic on Sep 22, 2022, 2:08 PM
                                • A
                                  anthonys @bmeeks
                                  last edited by anthonys Sep 25, 2022, 9:02 AM Sep 25, 2022, 8:54 AM

                                  This post is deleted!
                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    Akr42 @Jax
                                    last edited by Oct 1, 2022, 9:00 AM

                                    This post is deleted!
                                    1 Reply Last reply Reply Quote 0
                                    • I
                                      istacey
                                      last edited by istacey Oct 8, 2022, 7:47 AM Oct 8, 2022, 7:47 AM

                                      I installed BIND on my 3100 given the issues I'm still having with Unbound, expecting it to be able to behave as a resolver on my network.

                                      However, devices using DHCP are issued with the IP addresses of DNS servers set in the "general settings" rather than the IP address of the 3100 itself as happens when you use the native DNS Resolver (Unbound). This means any locally set DNS records (and I only have one that I use) are ignored as all devices are going out to Google's DNS.

                                      Appreciate this might be considered slightly off-topic, but based on my reading, BIND should offer a viable alternative to Unbound as a resolver.

                                      GertjanG 1 Reply Last reply Oct 8, 2022, 9:39 AM Reply Quote 0
                                      • GertjanG
                                        Gertjan @istacey
                                        last edited by Oct 8, 2022, 9:39 AM

                                        @istacey said in Slow DNS after 22.05:

                                        BIND should offer a viable alternative to Unbound as a resolver.

                                        Like unbound, bind doesn't need "8.8.8.8". Both are resolvers.
                                        8.8.8.8 is a DNS resolver where you can forward to.

                                        If you wan to deal with 8.8.8.8 because you have to give them your private DNS requests, use the forwarder (dnsmasq), you won't be needing any local resolver.

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        I 1 Reply Last reply Oct 8, 2022, 10:00 AM Reply Quote 0
                                        • I
                                          istacey @Gertjan
                                          last edited by Oct 8, 2022, 10:00 AM

                                          @gertjan I don't want 8.8.8.8 issued via DHCP to devices, but it is and I can't see how/where this is set. Switching back to Unbound goes back to what I'd expected/wanted, that is DHCP issuing 192.168.1.2 as the DNS server).

                                          I can't see how I stop a BIND setup doing this.

                                          GertjanG 1 Reply Last reply Oct 8, 2022, 11:47 AM Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.