i7 4GHz CPU + 128GB RAM, still slow when I load a large list in DNSBL
-
@BBcan177
For testing, sure, I'm turning it off now and will try again. But generally speaking, I have to keep the DNS over TLS. Will test and let you know soon. -
@iTestAndroid Why do you "have to keep" DNS over TLS? Don't trust your ISP with your DNS traffic?
Just wondering...
Jeff
-
@akuma1x
Yep, I'd rather hand all my DNS data to CloudFlare than to my ISP. -
This is off topic; however, curious about how much of your 128GB RAM do you use? I got 16GB and using 17% of it.
-
@BBcan177
I tried without DNS over TLS, used 8.8.8.8 and 4.4.4.4 DNS servers and had same results. It goes smoothly most of the time, but every here and there it gets stuck@NollipfSense Same, pfSense barely uses 16GB. I also enable/disable ntopng here and there to analyze and monitor activities in network. I just turned an old PC I had into firewall for my home net, so didn't really take out anything.
-
Hi @iTestAndroid - I have a couple clarifying questions:
- Is DNS performance acceptable if you temporarily disable pfBlockerNG?
- Can you confirm your DNS settings for us? What do you have checked for DNS Query Forwarding under the DNS Resolver Settings? Do you have DNSSEC checked or unchecked?
- What DNS Servers listed in the Dashboard System Information widget?
- If you ping Google's DNS or Cloudflare's DNS servers, is the packet RTT acceptable?
Thanks in advance.
-
Are you using ramdisks for /var and /tmp?
System/Advanced/Miscellaneous -
-
Yes. Actually, with pfBlocker and list of around 400-500k, it works flawlessly, its super fast and blocks most ads. When I turn on all lists I have, the total count adds up to ~1.4M and that's when things start to go south. Otherwise both DNS resolver and pfBlocker works fine. So when 1.4M entry is added to pfBlocker, things get slow and some DNS requests hangs.
-
DNS Query Forwarding -> Enabled
Use SSL/TLS for outgoing DNS queries -> Enabled
Custom Options:
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 9.9.9.9@853
server:include: /var/unbound/pfb_dnsbl.*conf
-
These are the DNS server addresses listed there
1.1.1.1
1.0.0.1
9.9.9.9 -
I have gigabit internet, RTT is acceptable:
ping cloudflare.net
PING cloudflare.net (104.16.208.90) 56(84) bytes of data.
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=1 ttl=57 time=2.73 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=2 ttl=57 time=2.60 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=3 ttl=57 time=2.43 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=4 ttl=57 time=2.37 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=5 ttl=57 time=2.53 ms
@provels
Yes, I have both enabled and each of them have size of 4096MB (4GB) -
-
@iTestAndroid said in i7 4GHz CPU + 128GB RAM, still slow when I load a large list in DNSBL:
-
Yes. Actually, with pfBlocker and list of around 400-500k, it works flawlessly, its super fast and blocks most ads. When I turn on all lists I have, the total count adds up to ~1.4M and that's when things start to go south. Otherwise both DNS resolver and pfBlocker works fine. So when 1.4M entry is added to pfBlocker, things get slow and some DNS requests hangs.
-
DNS Query Forwarding -> Enabled
Use SSL/TLS for outgoing DNS queries -> Enabled
Custom Options:
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 9.9.9.9@853
server:include: /var/unbound/pfb_dnsbl.*conf
-
These are the DNS server addresses listed there
1.1.1.1
1.0.0.1
9.9.9.9 -
I have gigabit internet, RTT is acceptable:
ping cloudflare.net
PING cloudflare.net (104.16.208.90) 56(84) bytes of data.
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=1 ttl=57 time=2.73 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=2 ttl=57 time=2.60 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=3 ttl=57 time=2.43 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=4 ttl=57 time=2.37 ms
64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=5 ttl=57 time=2.53 ms
@provels
Yes, I have both enabled and each of them have size of 4096MB (4GB)Hi @iTestAndroid - do you see any difference if you take out 9.9.9.9 and just use Cloudflare's 1.1.1.1 and 1.0.0.1 servers? Do you have DNSSEC checked or unchecked? I'm still not quite convinced this is a pfBlockerNG issue -- 1.4M is really not that big and you have got some pretty powerful hardware too.
Hope this helps.
-
-
This post is deleted!
