Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver with DNS forwarding x2 slower than DNS Forwarder

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 553 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      winklevos
      last edited by

      pfsense 2.4.5-RELEASE-p1 (amd64)

      So I had pfsense DNS Resolver configured with forwarding enable to upstream DNS servers but had been noticing slow page loads. So switched over to DNS Forwarder with significant improvements.

      I used namebench to test against the top 2000 sites (alexa)
      Resolver 50% of queries under 110ms
      Forwarder 50% of queries under 30ms
      Overall average fell ~130ms

      While I understand the Unbound resolver would be slower even with forwarding enable the performance gap here is more significant than I would expect. It could be something specific to my resolver config, which I've included at the bottom

      DNS Resolver with Forwarding
      b3b9c319-5818-4c94-9f93-bb21758aa6c8-image.png

      DNS Forwarder
      00f40888-f765-4f7b-9edf-f4067cc2bf1b-image.png

      DNS Resolver Config
      Listen Port: 53
      Enable SSL/TLS Service: False
      Network Interfaces: All
      Outgoing Network Interfaces: All
      System Domain Local Zone Type: Transparent
      DNSSEC: True
      Python Module: false
      DNS Query Forwarding: True (no SSL/TLS)
      DHCP Registration: True
      Static DHCP: True

      Advanced config
      Hide Identity: True
      Hide Version: True
      Query Name Minimization: True
      Strict Query Name Minimization: False
      Prefetch Support: True
      Prefetch DNS Key Support: True
      Harden DNSSEC Data: True
      Serve Expired: False
      Message Cache Size: 50MB
      Outgoing TCP Buffers: 10
      Incoming TCP Buffers: 10
      EDNS Buffer Size: 4096

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        When forwarding - using the resolver Unbound or dnsmasq (the other DNS forwarder) you could - should for timing issues ? - de activated DNSSEC.
        As DNSSEC makes no sense when forwarding.

        When you are forwarding, you might as well stop using unbound - the Resolver, and go for dnsmasq (the Forwarder).

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • D
          dkyarnogarn
          last edited by

          Following. We are looking for solutions as well. We are having issues with DNS in https://www.yarno.dk

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @dkyarnogarn
            last edited by Gertjan

            @dkyarnogarn said in DNS Resolver with DNS forwarding x2 slower than DNS Forwarder:

            We are having issues with DNS in https://www.yar....

            Like no SOA. That's bad.
            DNS forwarding, Resolving, whatever, if your DNS zone is bad things become messy.
            edit : correction :
            There it is :
            dig yar??.dk SOA +short
            logan.ns.cloudflare.com. dns.cloudflare.com. 2034779557 10000 2400 604800 3600

            No DNSSEC neither ? I thought that in the north things were done seriously these days ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.