slow gui after upgrade from 2.6 to 2.7 on proxmox.
-
Hi, after many days of investigation I discovered that all the DNS I try to reach via browser from my home PC are slow.
I am referring to these DNS that I respond to my home assistant, pfsense., and others.I have a dynamic DNS with my own domain and with the use of Ha Proxy they are reached from the WAN.
in practice if for example I try to reach my Home assistan from the local PC via browser example:
Https://ha.mydomain.com
this is slow, but pfsense is also very slow to reach with an example domain https://firewall.mydomain.com
while all these DNS reached from the outside are very fast.
what can I do according to you?
the strange thing is that all this has happened since I moved from pfsense 2.6.0 to 2.7.0.
if I go back to version 2.6.0 from local all domains respond quickly.what can I do?
-
Can we assume you're using pfSense for DNS locally? And you are using that as the dyndns client?
Normally I would suggest using split-dns but if everything is going through haproxy that should be OK.
If you access any of those resources by IP directly do they respond normally?
The first step here is to determine what is actually slow, is it DNS resolution or HAProxy?
Steve
-
@stephenw10
yes of course, I forgot to write it before.
pfsense is configured with Client DDNS
if I access locally via IP it's very fast, everything gets complicated when I use DNS in fact. -
OK, so how is DNS configured locally? Is pfSense resolving? Forwarding? Does it resolve to an IPv6 IP that has to time-out?
-
@stephenw10 said in slow gui after upgrade from 2.6 to 2.7 on proxmox.:
OK, so how is DNS configured locally? Is pfSense resolving? Forwarding? Does it resolve to an IPv6 IP that has to time-out?
only ipv4 .
DNS Forwarder disabled!
-
Is there a delay when resolving though?
Is Unbound (the resolver) set in resolving mode? Is DNSec enabled?
-
@stephenw10
yes:
-
Ok that should be fine. It resolves to your external IP I assume? And HAProxy is listening there so it should respond.
As a test you could add a host override on a client device dircetly so it doesn't have to resolve it. If that is then fast then it's a DNS problem. If it's still slow then it's an HAProxy issue.
-
@stephenw10
as this example ?
-
No add it to the hosts file on the test client behind pfSense directly. Doing that will mean it doesn't have to resolve against pfSense so any DNS delay would be removed.
-
ok.When I get home I'll edit the Windows hosts file and update you.
Thank you so much for your support!but I have to add the local IP of the server that responds to the DNS ?
-
@stephenw10
but inwindows host file I have to add the local IP of the server that responds to the DNS ? -
No you would add, for example, firewall.mydomain.com and point that towards whatever IP it should resolve to. So probably your WAN IP or whatever HAProxy is listening on.
-
@stephenw10
ok but I have wan Dynamic Ip... -
It only has to work once in order to test. I assume the IP doesn't change that quickly.
-
@stephenw10 I tried with the host file, it's still slow
-
Ok, so it's almost certainly an HAProxy issue. Is that logging anything? Hard to know what might have changed between 2.6 and 2.7 but the haproxy package was updated.
-
@stephenw10
for my metero server, in Ha proxy I added the following security headers, could these be?
-
I don't use HAProxy, I couldn't really say how that might affect it. But anythijng that applied to I would expect to equally affect traffic from external IPs and it is not. The only significant difference there is the source IP used which I guess some of those might see. But I wouldn't expect a delay, it would just reject it instantly.
Just how 'slow' is it from internal clients?
