random web page swirling.. slow DNS resolution?

  • I have been having this intermittent problem when loading a new web page that I haven't been to before will swirl and swirl for 15 to 30 seconds. It feels like an eternity when you're trying to get something done. It seems like a DNS issue because while it's happening with a new site, I can go to sites I always use and they snap right up. I can run a speedtest.net and it'll be perfect QoS and bandwidth. When I try other browsers they seem to have the same behavior. So that's why I'm thinking DNS.

    Initially I thought it was McAfee so I uninstalled that but it is still happening. I am also suspecting pfSense or Comcast, but my gut is telling me it is Windows 10 since it seems to only happen with my Surface Pro 4. Although it still could be Comcast I guess since I recently switched to Comcast service and don't have a baseline of expectations for their service yet. As far as I can determine, I haven't made any changes to the DNS setup in pfSense.

    I know.. why post to pfSense if I think it's actually a Windows or Comcast problem? Cuz y'all know your networking s**t and I haven't ruled out pfSense yet.

  • LAYER 8 Global Moderator

    if you believe its a dns related problem, then validate/test with some dns testing.

    Simple dig or nslookup to what you think is having a problem.. Use of browser tools web developer in firefox can show you were there is hold up in a page load.

    Are you IPv6 user? Your delay could be related to trying IPv6 it failing and waiting for the browser to switch over to IPv4..

    While happy to help you troubleshoot where the issue is.. Really going to need more info.. Sniff on the traffic will pretty much show you what the problem is.. Since you would see all the dns request and responses, and when the client/browser sends the get for the http site, etc. If your sending ipv6 and or ipv4, etc.

    To your dns concerns - are you using resolver out of the box? You forwarding, using cloadflare via tls, etc.. Are you running any other packages. pfblocker, snort? proxy?

  • Thanks for the feedback and suggestions!

    I am a home user and don't have any need for IPv6. Is there an easy way to disable this to remove more variables? I'll check to see if I can steer things in favor of IPv4 through DHCP. My guess that's the simple way of doing it.

    Next time I experience the issue I'll try an nslookup to see if it really is a DNS issue. That's a great suggestion that I hadn't thought of. I'll also try the network trace tools in the browser debuggers to see how far it gets on the request.

    The part that sucks is that it's very intermittent. It could be a week before it happens again. Thankfully I'm the only one complaining about it. If it were my wife's computer and it was intermittent like this..... (shiver) I hate to think how that would go down. :)

  • LAYER 8 Global Moderator

    Did you setup ipv6 in pfsense? Ie track interface setup, wan dhcpv6? sort of thing. Your client could be using some sort of transition method, teredo for example if windows.

    Simple ipconfig /all would show you if it has some transition ipv6 address or a dual stack ipv6 address. In your browser if firefox you could also disable IPv6 so it would not use that.


    Set that to true.

    I take it your not using any other packages and just using unbound out of the box on pfsense - so its resolving and your clients are only talking to it for dns.. You have not setup your client to use any other dns have you?

  • I'm not 100% positive yet, but I think I have isolated the issue to the CryptSvc. When the swirly of death happens, I run a "net stop CryptSvc" and it seems the pages just pop right up after that. So this is feeling like a client side issue to me and not networking at all. I'm still not positive, but that's where I'm at after about a day of that work around.

  • Fairly confident it wasn't networking at all and is the Chrome CryptSvc issue. This comment with suggested fix appears to have fixed it for me. I know this has nothing at all to do with pfSense but figured I'd follow up just in case someone else was having similar problems and didn't know where to look. https://bugs.chromium.org/p/chromium/issues/detail?id=838707#c134