Slow DNS resolution with PfBlocker/DNSBL



  • Hi,
    I have posted the same question at this place, not sure if it's a DNS or a PfBlocker/DNSBL issue:

    https://forum.pfsense.org/index.php?topic=130696.0

    In fact my issue seems to be new with 2.3.4 and PfBlocker/DNSBL: when a computer woke from a standby mode, the DNS is very slow and take 30s until it finally work. With PfBlocker/DNSBL, it's much more fast.

    Any idea?
    Thanks!


  • Moderator

    Not sure what you mean by "Standby"?  If you are using RAMdisks then the /var folder is wiped on reboot which can cause issues… Check the system and Resolver and pfBlockerNG logs for additional clues...



  • Hi!
    Sorry I do not explain myself very well… Let me take a deep breath and start over :)

    • I have 2 laptops connected to my pfsense router.
    • I have activated pfblockerng
    • I never shutdown my laptops, only close the laptop screen so it enters in a standby mode.
    • If I "wake up" my laptop by opening the screen (I do not know if this is the right term, sorry...), then in few seconds, I got my internet connexion up again and can surf the net quite quilcky.
      Now
    • I add the dnsbl option to pfblockerng
    • I put my laptop in standby mode
    • wake up my laptop again
    • The connexion is up again but not the dns resolution. It takes 20 to 30 secs to have it working.

    If I disable the dnsbl option then, dns resolution is much more faster when my laptop exit from standby mode and try to connect.

    If it's still ne clear, please let me know!

    Thanks!
    Romain


  • Moderator

    Do you see the following domain listed in the Alerts Tab?

    msftncsi.com

    You could also try to grep to see if its listed in DNSBL:

    grep "msftncsi.com" /var/db/pfblockerng/dnsbl/*

    If its listed, Whitelist that Domain and see if that fixes your issue…

    Otherwise, review the pfBlockerNG Alerts tab for blocked domains that might be causing issues for you...



  • I know this thread is 3+ months old, but I stumbled upon it and think I know what the issue was. I had stumbled upon this Reddit thread and added the WindowsTelemetry hostslist. After I added to a DNSBL feed and forced an update, DNS resolution slowed to a crawl. After removing it, forcing another update and then rebooting pfSense via CLI, everything was resolved.