DNS Resolver random timeout

vrugaitis

Hello,

I have a pfSense 2.4.2 running with DNS Resolver, but I experience timeouts. This is very strange, since the timeouts occur randomly. Please find nslookup output below.

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	pfsense.org
Address: 208.123.73.69

I have also checked dig and traceroute, the commands sometimes just timeout. What else could I test? What could I analyze?

Kind regards and thank you in advance!
![Bildschirmfoto 2017-12-28 um 19.32.53.png](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.53.png)
![Bildschirmfoto 2017-12-28 um 19.32.53.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.53.png_thumb)
![Bildschirmfoto 2017-12-28 um 19.32.37.png](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.37.png)
![Bildschirmfoto 2017-12-28 um 19.32.37.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.37.png_thumb)
![Bildschirmfoto 2017-12-28 um 19.32.20.png](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.20.png)
![Bildschirmfoto 2017-12-28 um 19.32.20.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2017-12-28 um 19.32.20.png_thumb)

chpalmer

Do you have any other devices on your network you could test with to rule out the laptop?

Birke

if the timeouts occur, does a nslookup with an external dns server work (for example "nslookup pfsense.org 8.8.8.8")?
do you see the timeouts on normal internet traffic too?
do you see anything in the system logs that mitght be related (for example paketloss)?

first i would check with a parallel "ping 192.168.1.1 -t" and "ping 8.8.8.8 -t" if the timeouts occur in your network or outside.

vrugaitis

Hello,

thank you for the fast reply!

Do you have any other devices on your network you could test with to rule out the laptop?

First I have ruled out the notebook by using a PC via LAN cable directly connected to the pfSense router. So the problems also occur.

if the timeouts occur, does a nslookup with an external dns server work (for example "nslookup pfsense.org 8.8.8.8")?

Works like a charm!

do you see the timeouts on normal internet traffic too?

Because the DNS entries are slowly or rather not (timeout…) translated into IP addresses, the web surfing also is disturbed. But when the connection is established, everything works just fine (video streaming, downloading files etc.)

do you see anything in the system logs that mitght be related (for example paketloss)?

The log displays a lot of errors with /rc.newwanipv6.

Dec 30 13:44:48	php-fpm	42079	/rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:44:48	php-fpm	42079	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:44:52	php-fpm	42079	/rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:44:52	php-fpm	42079	/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:52	php-fpm	42079	/rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:52	check_reload_status		Reloading filter
Dec 30 13:44:53	php-fpm	57332	/rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:44:53	php-fpm	57332	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:44:58	php-fpm	57332	/rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:44:58	php-fpm	57332	/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:58	php-fpm	57332	/rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:58	check_reload_status		Reloading filter
Dec 30 13:45:00	php-fpm	72599	/rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:45:00	php-fpm	72599	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:45:04	php-fpm	72599	/rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:45:04	php-fpm	72599	/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:45:04	php-fpm	72599	/rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:45:05	check_reload_status		Reloading filter

I am right to assume, the the connection between pfSense and the modem is causing the issue? That the pfSense tries to connect via IPv4 and IPv6 randomly and this is the cause of the timeouts?

Here is my simplified diagram of my setup. The router/modem is on top of pfSense, since my internet comes via television cable and not DSL. Just as an additional question, are there any PCI-E cards for television cable? So that I could add the PCI card to pfSense and get rid of the proprietary router/modem?

Modem/Router@192.168.0.1 <–- LAN ---> pfSense@192.168.1.1 <-- LAN/ WLAN --> Clients

Kind regards,
vrugaitis

vrugaitis

As far as I can see, disabling IPv6 solves the issue. No more system logs and no more timeouts.

But why is it the case? I have seen different posts in this forum to the IPv6 problem, but I could not really find the cause of the issue? If it is possible, I would like to keep IPv6 enabled.

Thank you in advance!

vrugaitis

No ideas?

FUNTOWNE

Throwing my hat in to the ring for this issue.

I have found that disabling registering static leases in the DNS forwarder / resolver seems to stop the crashes (unticking both relevant tick boxes, dhcp registration and static dhcp). A reboot seems to also be necessary after making this change.

I assume that your expectations were similar to mine, that the resolver could handle both local lookups and 'remote' lookups with IPv6 and IPv4 both enabled.

edit

The issue in this thread seems actually quite similar to what was discussed this thread: https://forum.pfsense.org/index.php?topic=89589.0 - my suggestions above don't appear to help at all.

The thread I linked above doesn't appear to have any 'final' fix other than to disable IPv6 for now.

FUNTOWNE

A temporary workaround that seems to be working so far is to use the BIND package. IPv6 seems to work OK, I've yet to test some static assignments and pinging those. It is promising so far.