Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    sites take forever to load (due to blocked domains)

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 4 Posters 1.2k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • High_VoltageH Offline
      High_Voltage
      last edited by

      So, I have an issue I'm sure somebody has figured out a solution to (or maybe not) and figure I'll inquire the collective minds of this forum, and the pfsense reddit....when using pfblockerNG along with my local pihole dns servers, I have found that sites take forever to finish loading, for the domains that are being blocked (google tag manager, c.aax.ads.com in the case of reddit, among other domains) given the site just keeps on trying to load them and waits FOREVER to not get a response from those domains that I have blocked.... anybody found a solution to make the sites load faster aka stopping them from trying to load those dead (blocked) domains?? I predominantly use Firefox and Firefox variant browsers, as well as chrome occasionally, so it would not be a problem for me if someone suggests either a Firefox or google chrome add-on, so long as it gets the job done, but preference would be to something I could do on either pfsense's side, pihole's side, or otherwise NOT browser specific, given this problem will happen for all the devices used on my network including mobile devices (android tablets and phones)

      it is worth noting, this is my network, and nobody other than myself uses it, just in case that ends up coming up (given that I use squid proxy with MITM mode FINALLY working, aka I FINALLY after around a year now, have SSL interception and decryption working, AT LONG LAST....reason for it is to scan the SSL data with clamAV as well as to use squid to cache frequently accessed data from sites static files......pain in the ass, but at long last, it seems to finally work xD)

      also will be posting this on reddit, just in case.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @High_Voltage
        last edited by

        @high_voltage

        In the beginning, these issues didn't exist, right ?
        It was unbound doing resolving, and that's it.

        Then you added a pi-hole ...... for DNS ? (why ? What does pih-hole that pfBlocker can't do ?)
        Then you added pfBlockerNG-devel-3.xxxx (which dies nothing by itself) but you applied some settings and chose your feeds.
        And now there are issues.

        To know why and what : undo everything.
        Things should start to work right away. Right ?
        Now, add what you have to add, but take a big pause between every step.
        Test !

        When the issue comes back, you know now where to look for.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        High_VoltageH 1 Reply Last reply Reply Quote 0
        • High_VoltageH Offline
          High_Voltage @Gertjan
          last edited by

          @gertjan I ended up figuring out the problem, not that I remember what it ended up being to be totally honest though. thank you!

          1 Reply Last reply Reply Quote 0
          • W Offline
            wesley33taylor
            last edited by

            I want to share my experience and, hopefully, help you with your problem. For a long time, I also faced the fact that sites loaded incredibly slowly due to domain blocking via pfblockerNG together with my local Pi-hole DNS servers. And, frankly speaking, I was already starting to think that I would have to put up with this forever. But after a little experimentation, I managed to significantly speed up page loading! The solution turned out to be simple, but brilliant - configure pfblockerNG and Pi-hole so that they return "empty" responses instead of waiting for a timeout. Thanks to this, the browser stopped constantly trying to load blocked domains, and the network speed increased noticeably. What is especially nice is that this solution worked on all devices in my network, including mobile phones and tablets, without the need to install any extensions for Firefox or Chrome. As a result, my system works smoothly: Squid caches, SSL is filtered, ClamAV checks, and sites open instantly. Setting this up was a bit of a pain, but the results exceeded all expectations - finally a feeling of complete control and stability of the network!

            High_VoltageH 1 Reply Last reply Reply Quote 0
            • High_VoltageH Offline
              High_Voltage @wesley33taylor
              last edited by

              @wesley33taylor okay, now I have to ask, just due to being especially dense today, what and how did you do that? what do others need to change, so that there is written history for anyone else that might end up finding this thread and wanting to do the same, the usefulness of archival purposes and the desire to confirm I've done the same drive me to ask this. please advise.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator @High_Voltage
                last edited by johnpoz

                @High_Voltage I don't think there is anything to do.. Pretty sure those are the defaults.. When you query pihole for something that is blocked.. By default it returns some sort of answer - I am not aware of a setting that would wait for a timeout.

                blockmode.jpg

                So I really have no idea he would of been doing.

                If something is blocked in pfblocker you would either get back the vip (so you could see a block page) or you would get all zeros.

                Same goes for pihole - I am not aware of a setting that would just time out and not send an answer if you asked for something that was blocked. The only reason pihole would time out on sending you a response is what you were asking for actually just never responded to pihole. If some fqdn you were asking for was being blocked you would get the answer almost instantly.

                If pihole was forwarding to unbound which I believe is a common sort of setup for stuff that is not blocked. Again if pfblocker was blocking it, you for sure should get a response right away of either the vip or all zeros.

                Its possible maybe pihole doing rebind protection, and pfblocker handing back the rfc1918 of your vip maybe causes pihole some sort of hangup, but normally when that happens it just returns a null to the client since it got an answer, it just not suppose to hand it back to the client.. But again no time out.

                Only time I could see a timeout issue is when unbound didn't answer the pihole, again if something unbound doesn't get an answer from how its resolving/forwarding.

                Maybe he was sending back nodata, and the client didn't take that as an answer and kept asking for the same thing until it gave up?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.