Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound reliability goes down when using pfBlockerNG

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 195 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vjizzle
      last edited by

      Hi! I noticed when using pfBlockerNG-devel and benchmarking Unbound using DNS Benchmark took from GRC the reliability goes down. The other day I noticed some websites were taking longer to load. Still happened after restarting my pfSense. pfSense is running on a i5 with 8GB Ram and 120GB SSD.

      Using the samen blocklists as in pfblockerng I fired up a pi-hole on a raspberry pi 4 and did the same DNS Benchmark. pi-hole didn't flinch for a second where pfsense was showing less then 100% reliability. Clearly something is going on with Unbound and pfBlockerNG in python mode.

      This result is from pfsense with pfblockerng running in python mode:

      Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)

 192.168.150.  5 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
 ----------------+-------+-------+-------+-------+-------+
 + Cached Name   | 0,001 | 0,002 | 0,004 | 0,001 | 100,0 |
 + Uncached Name | 0,008 | 0,055 | 0,268 | 0,075 | 100,0 |
 + DotCom Lookup | 0,008 | 0,015 | 0,026 | 0,004 | 100,0 |
 ---<O-OO---->---+-------+-------+-------+-------+-------+
                        pi-hole
               Local Network Nameserver


 192.168.100.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
 ----------------+-------+-------+-------+-------+-------+
 - Cached Name   | 0,007 | 0,007 | 0,010 | 0,001 | 100,0 |
 - Uncached Name | 0,013 | 0,060 | 0,262 | 0,064 |  98,0 |
 - DotCom Lookup | 0,013 | 0,046 | 0,144 | 0,024 | 100,0 |
 ---<OOOOO-OO>---+-------+-------+-------+-------+-------+
                    pfsense
               Local Network Nameserver

      And below are the results when running pfsense without pfblockerng and then everything is fast with 100% reliability:

      Final benchmark results, sorted by nameserver performance:
 (average cached name retrieval speed, fastest to slowest)

  192.168.100.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0,000 | 0,000 | 0,001 | 0,000 | 100,0 |
  - Uncached Name | 0,005 | 0,064 | 0,280 | 0,081 | 100,0 |
  - DotCom Lookup | 0,006 | 0,036 | 0,137 | 0,026 | 100,0 |
  ---<OOOOO-OO>---+-------+-------+-------+-------+-------+
                     pfsense
                Local Network Nameserver


  192.168.150.  5 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0,001 | 0,003 | 0,006 | 0,001 | 100,0 |
  + Uncached Name | 0,008 | 0,067 | 0,268 | 0,087 | 100,0 |
  + DotCom Lookup | 0,009 | 0,015 | 0,021 | 0,003 | 100,0 |
  ---<O-OO---->---+-------+-------+-------+-------+-------+
                         pi-hole
                Local Network Nameserver


  UTC: 2021-08-24, from 14:55:59 to 14:56:17, for 00:17,781

      Anyone recognise this behaviour?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.