PfBlockerNG DNSBL Latency?



  • Hi,
    I was wondering if someone else has had this issue before? Recently users been complaining about slow internet speeds. Right now its configured as windows server DNS root are pointed to pfSense and the DNS on pfSense are 8.8.8.8. So Im guessing it might be a DNS issue for the request. I checked the unbound DNS cache and seems to be allright, What i also been noting at times on chrome shows that the page connection is not private but if i reload it again it shows normal the website. My question is there to troubleshoot the issue by checking DNS speed from pfBlockerNG to the roots of the windows server?

    Thank you



  • I've had this problem on occasion.  Do you have the watchdog add-on / plugin installed and have your services in it to watch like PFBlocker, SNORT, Unbound, etc in it to automatically restart them if they crash?

    I think you have the proper config:  client > Windows DNS Server > PFSense > 8.8.8.8 <– however I'd revert back to your DNS server from your ISP if possible as the times are quicker to resolution OR use a secure DNS server from Comodo or OpenDNS...you can even tier them.  8.8.8.8 and 8.8.4.4 isn't as safe as Comodo or ODNS in my view.

    One more thing you can adjust is the response time on the Windows side.  By default it's a 3 ms response, I like putting it at 2 ms ;)

    https://technet.microsoft.com/en-us/library/ff807396(v=ws.10).aspx

    ...that's as low as you can go and it's quite possible you need to bump it up if you're using Google's DNS.  I have mine at 2 ms because I use my ISP's DNS's but if I use Comodo or ODNS...I bump it up to 4 just to be safe and you'll get less time outs.


  • Moderator

    @killmasta93:

    Hi,
    I was wondering if someone else has had this issue before? Recently users been complaining about slow internet speeds. Right now its configured as windows server DNS root are pointed to pfSense and the DNS on pfSense are 8.8.8.8. So Im guessing it might be a DNS issue for the request. I checked the unbound DNS cache and seems to be allright, What i also been noting at times on chrome shows that the page connection is not private but if i reload it again it shows normal the website. My question is there to troubleshoot the issue by checking DNS speed from pfBlockerNG to the roots of the windows server?

    Thank you

    If browsing is slow it could be one of two things generally…

    1. You Lan segments cannot access the DNSBL VIP address... to test, try to ping the DNSBL VIP address, and try to browse to the DNSBL VIP address from each of your LAN Segments. If that doesn't work then ensure that you have selected the DNSBL Permit option to allow those subnets to access the DNSBL VIP address... You can also check your NAT/Limiter rules to see if something is interfering with the access...

    When a LAN segment cannot access the DNSBL VIP, it will timeout the browser as its still looking to access the blocked domain.

    1. One of the blocked domains is causing the browser to timeout...

    Your LAN devices should have there DNS settings set to your MS AD/DNS Server only. Then the AD/DNS should have its Forwarders set to pfSense which will then be filtered via DNSBL.

    Another thing to keep in mind, is that when you try to open a web page that is blocked via DNSBL via HTTPS, the browser will show a certificate error since the browser sees that the DNSBL certificate does not match the Domain that was blocked.... Its safe to ignore...