4. Slow DNS Resolutions, actually slow everything

Slow DNS Resolutions, actually slow everything

  • J

    Hey all,
    I am having an issue that I can't quite pin down. I have a SG-3100 with unbound, suricata, and pfblocker running. Everything was running fine until lately. Now DNS resolutions (when they work) take forever, 1000ms+, and even connecting to any local host via IP, pfsense included, takes 3-5 minutes of resolving host. It seems to work for a few minutes after a reboot, but then dies out again.
    I've tried stopping pfblocker and suricata individually to see if that was the issue, but there was no change.
    I have not noticed anything in the logs other than timeouts for DNS, but I might be looking at the wrong logs.
    The most recent change I added was to VLAN out my network and add dynamic dns. Although it seemed to work fine for a couple of days before this issue.

    Other info:
    Using localhost, 1.1.1.1, 1.0.0.1, forwarder disabled, and dnssec in unbound.
    DHCP registers host correctly, but even internal hosts are slow to resolve, or timeout.
    Other VLANs are only allowed to talk to pfsense for DNS resolutions and internet. No other interVLAN communication.

    0
  • J

    Also, if I disable unbound, everything works fine. With unbound on I have 100% CPU utilization all the time.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy