Frequent DNS timeouts
-
@oopohj5oo8shieze1ree Hereβs hoping. It did for me and several others so far, despite not being a problem in prior versions.
-
Unfortunately disabling DNSSEC has not fixed my issue. I'm still getting DNS timeouts from time to time :(
-
@oopohj5oo8shieze1ree There was a post today that 'Disabling "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers"' helped that person.
-
Also there's a fix for Unbound not correctly binding to "All" interfaces on IPv6.
https://forum.netgate.com/topic/176989/problems-with-pfsense-ipv6-dns-function-does-it-exist/36
-
@steveits Thanks for pointing me to the other threads.
I'm thinking of just giving up on using forwarding. I need to figure out if my ISP limits access to DNS servers when not forwarding.
-
After turning off DNS forwarding, resolution was nearly instantaneous for a couple of days. But the random timeouts have returned.
I don't see anything in the logs to indicate something is failing.
Can someone point me to a DNS debugging guide or something that will help me figure out what the root cause is here.
Thank you.
-
@oopohj5oo8shieze1ree There are a few here:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/index.html#dnsAlso take a look through https://forum.netgate.com/category/19/dhcp-and-dns as there are other posts for 23.01.
-
Hi. Do have nearly the same issues.
But for me I don't use and DNS forwarding or anything else. Just pfSense Unbound in combination with pfBlockerNG.
Don't have any DNS fails at all. But looks like name resolution does hang after some amount of time. After that it looks like it is cached again and resolution works fine.
But I do have this issues nearly every day.Something like a cleared unbound cache - what's not the case.
-
@thundergate said in Frequent DNS timeouts:
cleared unbound cache
This can only happens when the resolver -unbound is told to stop, or restart, which is a controlled stop, to be started right afterwards.
It can take several seconds to do so.
The cache will be lost, but subsequent DNS resolving won't take long, typical is a fraction of a second.If unbound restarts happen very often, you can start to 'feel' the absence of the DNS sub system.
So, ask your pfSense how often it restarts :
grep "Restart" /var/log/resolver.logIf it's just couple of times a day (lesser == better) : this is not your issue.
-
@steveits After switching from forwarding to normal resolving I let things sit for a bit to see what would happen. It looks like unbound is restarting a lot:
Mar 15 08:01:04 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:08:33 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:12:20 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:12:45 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:13:39 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:29:45 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:34:44 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:35:41 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:42:09 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:42:34 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:49:47 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1. Mar 15 08:52:13 netgate unbound[20724]: [20724:0] notice: Restart of unbound 1.17.1.Is there a known workaround for this?
-
@oopohj5oo8shieze1ree The most common cause for restarts is having DHCP set to register DHCP leases in DNS, which triggers a restart after each and every DHCP lease. Options are to not do that, or to make the lease long enough that it renews in "days" not "hours." (renewal is 1/2 of the lease duration)
-
@steveits I believe I have that turned off (in Services -> DHCP Server -> Dynamic DNS ->
Enable registration of DHCP client names in DNS). However, it does appear to be registering DHCP host names with the DNS server regardless of this setting.I've increased the lease time and will report back.
Thank you.
-
@oopohj5oo8shieze1ree unbound starting that often is going to be problematic that is for sure..
-
Same for me - a lot of unbound restarts and I actually don't know why?!
-
@thundergate well no restarts here
[23.01-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf status version: 1.17.1 verbosity: 1 threads: 4 modules: 2 [ validator iterator ] uptime: 196553 seconds options: control(ssl) unbound (pid 56217) is running... [23.01-RELEASE][admin@sg4860.local.lan]/root:196K seconds - 54 hours... Which was when I restarted pfsense to fix my swap not showing on widget..
If unbound is restarting - especially that often, your not going to have a good time.. You need to figure out why its restarting, registration of dhcp is typical reason you would see restarts like that..
-
-
@thundergate no - it has been a known issue for years that registering dhcp restarts unbound. I only register static mappings
-
@johnpoz said in Frequent DNS timeouts:
known issue for years that registering dhcp restarts unbound
-
@johnpoz
Oh no - That's stupid?!But I do need those DHCP leases to be seen to know what device does make all those requests.... Cannot stand with IP addresses only.
Used OPNsense before - but didn't had those issues, if I remember correctly?
-
@thundergate Then until resolved, as I noted above make your lease time longer. It will restart on average every ( (lease duration/2) / # leases ).
