Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unbound lagging

    DHCP and DNS
    3
    5
    261
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krbvroc1 last edited by

      I don't know when this started - very recently and I also very recently upgraded to 2.4.4-RELEASE-p1.

      I noticed it while looking at web browser page load times and seeing the 'waiting' or the 'dns' portion consuming 1-2 seconds before a connection was even made to the site.

      At random times there is a lag in DNS lookup - maybe 1200-2000ms. Sometimes if I run 'time dig example.com', time will report 2000ms, but the dig says the actual query was shorter. That is why I am calling it a lag. I'm don't know a whole lot about unbound so I am not sure how to troubleshoot.

      Today I switched unbound from resolver to forwarder mode and the problem appears to have gone away. I forward to a server I control which runs BIND so I know that server is fine (rather than an ISP provided server). Now all my DNS is under 80ms.

      I am curious/wanting to troubleshoot whaty is causing these delay in resolver mode, but I am not sure how to go about that.

      1 Reply Last reply Reply Quote 1
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        In resolver mode, your firewall must be able to reach the root DNS servers and other authoritative servers all over the Internet in order to resolve names. In forwarding mode, it only needs to reach its next upstream resolver. It's possible your ISP blocks or rate limits DNS traffic such that it interferes with resolver mode, we have seen that a few times before in the past.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        K 1 Reply Last reply Reply Quote 0
        • K
          krbvroc1 @jimp last edited by

          @jimp Any troubleshooting suggestions to determine if this is the case? I don't recall this happening before...I suppose Comcast could have started it recently, but I've been running pfsense for 2 1/2 years as a resolver without this lag. I will try some tcpdump on the router to see if I can identify whether there are networks delays in the queries to the root servers or name servers. But if it is unbound related (particularly the newer version in the recent pfsense update) I'm not sure what to look at next.

          BBcan177 1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You'd have to look at what DNS requests are leaving your WAN and when/how the replies come back.

            There was an issue where in some cases it would only use a single thread for queries but I haven't heard of it causing that specific behavior. See https://redmine.pfsense.org/issues/9059#note-6 for a workaround.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • BBcan177
              BBcan177 Moderator @krbvroc1 last edited by

              @krbvroc1

              In the Resolver, increase the log verbosity to "2" and check the resolver.log for clues...

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177ย  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post