DNS resolution is slow when WAN is down but not WAN2
-
I just got a problem I never had before.
I have 2 connections on my Pfsense 2.4.4-Release-p3.
WAN is a slow ADSL connection and WAN2 is a fast Fiber connection.
They are both part of a Gateway Group, where WAN2 is Tier 1 and WAN is Tier 5.I already got 2 times WAN2 down and it was seamless.
But when WAN go down, the DNS resolution is SO SLOW, and others problems appear.
Like speedtest.net takes 5-7 seconds to show up, and then more than 30 sec to find a server, and when I'm finally able to launch the speedtest, nothing happens, it can't connect.So I don't know if it the same problem or just related, to this bug : https://redmine.pfsense.org/issues/8987
but it's pretty annoying.
If somebody got an idea, thanks :)
-
You haven't stated whether you plug a computer directly into your WAN router to see whether it's your ISP that is down nor had you stated whether you have tried solutions mentioned in the link you shared. My gut says it's your ISP.
-
The ADSL DSLAM was down, it was announced on the status page of the ISP. The modem was searching for sync, so clearly the connection was down.
I didn't tried "options timeout:1" and "options attempts:1" in resolv.conf. And the fact is, the dashboard wasn't slow, just the DNS resolution of internet addresses (local names were fast as usual).
It was like all the DNS requests go by default through WAN, even if WAN2 is Tier 1, and when WAN is down, the requests are still trying to go through WAN before getting a timeout and then go through WAN2.
-
Is your pfSense box the sole source to resolve your DNS request? If not, I would suggest doing so and not use your ISP.
-
My Pfsense box is the main and only DNS resolver for my LAN yes. And Pfsense itself is configured with not a single DNS from my ISP.
I only use others DNS, like FDN, Google, and 2 others.So the main thing is, I still think when WAN is down, Pfsense try to pass the DNS request through it, and only after a timeout, it goes through WAN2.
Do you think it's possible ?Thanks
-
I would just use loopback/localhost for binding unbounds outgoing interface... This way it uses whatever is the default gateway out of pfsense..
This way you don't have to worry about unbound not being able to bind to an interface that might be down
