DNS server is overloaded??
-
I at times can’t connect to websites when connected to my home network. I can easily access them if I’m outside of my network or if I turn off wi-fi and use the LTE network. My thought is that this issue relates to either DNS server is overloaded or DNS Server refresh rate.
Any advice on how to fix this issue permanently?
I have the latest pfSense version.
-
Speculation on my part but you simply might be suffering from slow dns queries that you percieve as not connecting.
Now days many major web services have insanely low TTL values for DNS records, some are as low as just 5-10 seconds.
The problem of using your own resolver in this instance is you are not going to get many cache hits, as you are the only client.
Whilst using google dns or perhaps your isp's dns servers since there is millions of users using those dns servers then they will constantly be repopulating their own cache's and the cache hit rate will be way higher.
Unbound does have a prefetch feature, but its what I call "nice idea with bad implementation". What it does is if you do a dns lookup for a dns record in the cache, and that 10% or less of the TTL is remaining, your result will still be served from the cache quickly but at the same time unbound will refresh it's cache by carrying out a new lookup. It would have been much better to just auto refresh items in its cache when the TTL expires, or at least auto refresh everytime you do a new lookup regardless of the TTL remaining, as the 10% window is simply too small to be very effective.
-
Interesting….I’ll look into this a bit more - thanks!
I did clear browser history on both Chrome and Safari, but to no avail. I believe the issue to be within pfSense but I could be wrong. My current set up is as follows: TimeWarner Cable (now Spectrum) delivers internet to my Netgear cable modem CM600 which in turn provides the WAN address to the pfSense. From that point onward, my pfSense is responsible for issuing IP address, etc.
-
Which version of pfSense are you running, and are you using the DNS Forwarder or Resolver?
-
I at times can’t connect to websites …
Why do you think it's a DNS issue? Your post didn't give any infos to support this. Might just be a slow internet connection, routing issues, whatever.
-
@KOM - here’s what my pfSense says:
2.3.2-RELEASE-p1 (i386)
built on Tue Sep 27 12:13:32 CDT 2016
FreeBSD 10.3-RELEASE-p9 -
@Jahonix - first thanks for your reply!
My wireless internet speed according to speed test is 316.34 upload / 23.39 download - so I don’t believe this is the issue.
As far as it being a routing issue, I’m not sure. I’m don’t understand it enough to know whether it is working correctly or not. But what I do know is that I have NOT added any new equipment into my setup. The only change I know of has been when Spectrum took over TimeWarner cable. Perhaps they changed or use different DNS records?
So to answer your question, I’m not sure if is a DNS or routing issue. Any guidance would be really appreciated!
-
My wireless internet speed … is ...
Doesn't tell a thing for the moment you lose your connection.
When the connection is "misbehaving" try to trace route an outside address. Might start with 8.8.8.8 (no DNS involved yet) and if that works try it with www.google.com.
Post what you find. Happy hunting! -
The internet never goes in or out. I can visit google.com and other major websites. I have narrowed it down to when I visit websites I have on my server they don’t load correctly. Could this be a setting or issue from my server? As a note, if I turn off my wifi and use LTE then I can visit those sites quickly and consistently - never any issues. Only when I use my home network. This is why I was thinking it had something to do with the pfSense because it controls the DNS and cache.
-
Uhm… Search this forum for "split DNS" (or "NAT reflection" if you insist; yuck).
-
Thank you to everyone who contributed…..I found the solution. I’ll post it here in case someone else encounters a similar issue.
The reason why I was unable to view websites hosted on a self-managed dedicated server from my home network was NOT because of anything to do with pfSense but rather because my ip address got blocked by denyhosts program.
Again, thanks to all those who posted...without your questions, I wouldn’t have been able to figure out the core issue.
-
Well; denyhosts and similar stuff is serious evil.
