Slow web browsing, DNS lookup times slow
-
My web browsing has been insanely slow lately. I thought it was due to the amount of GeoIPs in pfBlocker I had activated along with custom block lists, but even after minimizing those lists nothing changed. So I then completely disabled squid and pfBlocker services and the problem persisted. This leads me to believe the DNS is at fault.
I have my first DNS setup as 127.0.0.1 and then my ISP DNS (2 addresses) below that.
When I do a DNS lookup for a completely new URL like pfsense.org, cnn.com, or foxnews.com the initial lookup is always very long followed by easier ones, but sometimes my ISP DNS will take 5-10 seconds to respond and sometimes the internal 127.0.0.1 with be completely unresponsive.
Also sometimes my gateway monitor widget will display 'packetloss' at random times. Maybe ISP issue?
DNS Lookup times:
foxnews.com lookups in order:
127.0.0.1: 192msec
DNS1: 14msec
DNS2: 15msec127.0.0.1: 0msec
DNS1: 17msec
DNS2: 5108msec127.0.0.1: No response
DNS1: 23msec
DNS2: 5029msecThis is just one example of the several I tried.
Any ideas?
-
Pick what you want to do - you either want to forward or you want to resolve..
Unless you setup to forward in unbound, or turned off unbound and used the forwarder your isp dns are not even used.. Unbound resolves, it doesn't forward out of the box.
But yes packet loss can cause you pain for dns lookups.
-
So why am I having bad performance and which will fix it?
Currently, 'DNS Forwarder' is not enabled but 'DNS Resolver' is - and on all interfaces, with "Enable Forwarding Mode" checked under 'DNS Query Forwarding'. DHCP res and STATIC DHCP are also checked.
Under 'System > General' DNS table I have nothing filled out and nothing selected in the 'DNS Server' and drop down fields.
-
@automatted said in Slow web browsing, DNS lookup times slow:
with "Enable Forwarding Mode" checked under 'DNS Query Forwarding'
Then your are Forwarding.. And not resolving... Get with your isp why your connection has packet loss or why their dns servers suck..
And your letting your dhcp from isp set your dns servers - ie theirs.
-
@johnpoz said in Slow web browsing, DNS lookup times slow:
@automatted said in Slow web browsing, DNS lookup times slow:
with "Enable Forwarding Mode" checked under 'DNS Query Forwarding'
Then your are Forwarding.. And not resolving... Get with your isp why your connection has packet loss or why their dns servers suck..
And your letting your dhcp from isp set your dns servers - ie theirs.
Ok so there is nothing inherently wrong with my pfsense install is what you're saying?
Is disabling forwarding (100% resolving?) going to help at all? Is letting my DHCP from ISP set the DNS good or bad?
-
If your seeing packet loss you can have issues with dns, be it forward or resolving... But you could try resolving - its possible your isp dns just sucks balls... Or forward to some other dns say google or quad9, etc.
-
@johnpoz said in Slow web browsing, DNS lookup times slow:
If your seeing packet loss you can have issues with dns, be it forward or resolving... But you could try resolving - its possible your isp dns just sucks balls... Or forward to some other dns say google or quad9, etc.
Ok, so unchecking 'Enable Forwarding Mode' could be the solution?
-
it could be - if your issue is not related to packet loss and its just that your isp dns sucks balls.
How much packet loss are you seeing, is a tiny blimp now and then where you see like maybe 1% or are you seeing it where its like 5% constant loss? Or higher?
-
@johnpoz said in Slow web browsing, DNS lookup times slow:
it could be - if your issue is not related to packet loss and its just that your isp dns sucks balls.
How much packet loss are you seeing, is a tiny blimp now and then where you see like maybe 1% or are you seeing it where its like 5% constant loss? Or higher?
My gateway monitor showed an average of 6-9% loss - which showed the standard 'Online' table column in green - but it gets as high as 13% loss which then triggers the 'Packetloss' column in the WAN gateway monitor in yellow.
-
yeah you got a serious issue and with that kind of loss then yeah your more than likely going to have all kinds of issues with resolving dns. Call your isp!
Your seeing that loss without doing anything right - your now downloading some large file filling up your pipe, or doing p2p etc.. Just not doing anything and you see that sort of loss.
-
@johnpoz said in Slow web browsing, DNS lookup times slow:
yeah you got a serious issue and with that kind of loss then yeah your more than likely going to have all kinds of issues with resolving dns. Call your isp!
Your seeing that loss without doing anything right - your now downloading some large file filling up your pipe, or doing p2p etc.. Just not doing anything and you see that sort of loss.
I restarted my router and the loss % is down to 0.0% on average right now. But still even with that my average browser tab load time on a new website is 5-7 seconds.
-
And you think your dns is taking that long? dns is ms (milliseconds) even if was 300 ms - that is .3 of second.. Your long page loads not normally related to dns..
And once its looked up once its cached. And will be like 1 ms..
-
So today I came home and my unbound resolver service was randomly stopped and non intnernet working on devices. When trying to access websites browsers said (chrome) DNS_PROBE_BAD_CONFIG just like the same error I get when my DNS is slow.
I pressed the 'play' button in my services and the internet is working again.
Here's the logs, I dont see anything that caused a 'fatal error'?
Oct 2 19:21:01 unbound 53471:0 info: 0.016384 0.032768 54 Oct 2 19:21:01 unbound 53471:0 info: 0.032768 0.065536 84 Oct 2 19:21:01 unbound 53471:0 info: 0.065536 0.131072 3 Oct 2 19:21:01 unbound 53471:0 info: 0.131072 0.262144 5 Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting Oct 2 19:21:01 unbound 53471:0 info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 2 19:21:01 unbound 53471:0 notice: Restart of unbound 1.8.1. Oct 2 19:21:48 unbound 53471:0 notice: init module 0: iterator Oct 2 19:21:48 unbound 53471:0 info: start of service (unbound 1.8.1).
Oct 2 18:59:37 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:02:13 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:02:33 php-fpm /index.php: Successful login for user '****' from: *** (Local Database) Oct 2 19:02:46 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:03:52 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:04:59 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:05:57 dhcpleases /etc/hosts changed size from original! Oct 2 19:05:57 dhcpleases Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Oct 2 19:06:00 dhcpleases kqueue error: unkown