Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolution is slow when WAN is down but not WAN2

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 546 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      R4v3n
      last edited by

      I just got a problem I never had before.
      I have 2 connections on my Pfsense 2.4.4-Release-p3.
      WAN is a slow ADSL connection and WAN2 is a fast Fiber connection.
      They are both part of a Gateway Group, where WAN2 is Tier 1 and WAN is Tier 5.

      I already got 2 times WAN2 down and it was seamless.
      But when WAN go down, the DNS resolution is SO SLOW, and others problems appear.
      Like speedtest.net takes 5-7 seconds to show up, and then more than 30 sec to find a server, and when I'm finally able to launch the speedtest, nothing happens, it can't connect.

      So I don't know if it the same problem or just related, to this bug : https://redmine.pfsense.org/issues/8987

      but it's pretty annoying.

      If somebody got an idea, thanks :)

      1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense
        last edited by

        You haven't stated whether you plug a computer directly into your WAN router to see whether it's your ISP that is down nor had you stated whether you have tried solutions mentioned in the link you shared. My gut says it's your ISP.

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • R
          R4v3n
          last edited by

          The ADSL DSLAM was down, it was announced on the status page of the ISP. The modem was searching for sync, so clearly the connection was down.

          I didn't tried "options timeout:1" and "options attempts:1" in resolv.conf. And the fact is, the dashboard wasn't slow, just the DNS resolution of internet addresses (local names were fast as usual).

          It was like all the DNS requests go by default through WAN, even if WAN2 is Tier 1, and when WAN is down, the requests are still trying to go through WAN before getting a timeout and then go through WAN2.

          1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense
            last edited by NollipfSense

            Is your pfSense box the sole source to resolve your DNS request? If not, I would suggest doing so and not use your ISP.

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • R
              R4v3n
              last edited by

              My Pfsense box is the main and only DNS resolver for my LAN yes. And Pfsense itself is configured with not a single DNS from my ISP.
              I only use others DNS, like FDN, Google, and 2 others.

              So the main thing is, I still think when WAN is down, Pfsense try to pass the DNS request through it, and only after a timeout, it goes through WAN2.
              Do you think it's possible ?

              Thanks

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                I would just use loopback/localhost for binding unbounds outgoing interface... This way it uses whatever is the default gateway out of pfsense..

                This way you don't have to worry about unbound not being able to bind to an interface that might be down

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.