Unbound reliability goes down when using pfBlockerNG
-
Hi! I noticed when using pfBlockerNG-devel and benchmarking Unbound using DNS Benchmark took from GRC the reliability goes down. The other day I noticed some websites were taking longer to load. Still happened after restarting my pfSense. pfSense is running on a i5 with 8GB Ram and 120GB SSD.
Using the samen blocklists as in pfblockerng I fired up a pi-hole on a raspberry pi 4 and did the same DNS Benchmark. pi-hole didn't flinch for a second where pfsense was showing less then 100% reliability. Clearly something is going on with Unbound and pfBlockerNG in python mode.
This result is from pfsense with pfblockerng running in python mode:
Final benchmark results, sorted by nameserver performance: (average cached name retrieval speed, fastest to slowest) 192.168.150. 5 | Min | Avg | Max |Std.Dev|Reliab%| ----------------+-------+-------+-------+-------+-------+ + Cached Name | 0,001 | 0,002 | 0,004 | 0,001 | 100,0 | + Uncached Name | 0,008 | 0,055 | 0,268 | 0,075 | 100,0 | + DotCom Lookup | 0,008 | 0,015 | 0,026 | 0,004 | 100,0 | ---<O-OO---->---+-------+-------+-------+-------+-------+ pi-hole Local Network Nameserver 192.168.100. 1 | Min | Avg | Max |Std.Dev|Reliab%| ----------------+-------+-------+-------+-------+-------+ - Cached Name | 0,007 | 0,007 | 0,010 | 0,001 | 100,0 | - Uncached Name | 0,013 | 0,060 | 0,262 | 0,064 | 98,0 | - DotCom Lookup | 0,013 | 0,046 | 0,144 | 0,024 | 100,0 | ---<OOOOO-OO>---+-------+-------+-------+-------+-------+ pfsense Local Network Nameserver
And below are the results when running pfsense without pfblockerng and then everything is fast with 100% reliability:
Final benchmark results, sorted by nameserver performance: (average cached name retrieval speed, fastest to slowest) 192.168.100. 1 | Min | Avg | Max |Std.Dev|Reliab%| ----------------+-------+-------+-------+-------+-------+ - Cached Name | 0,000 | 0,000 | 0,001 | 0,000 | 100,0 | - Uncached Name | 0,005 | 0,064 | 0,280 | 0,081 | 100,0 | - DotCom Lookup | 0,006 | 0,036 | 0,137 | 0,026 | 100,0 | ---<OOOOO-OO>---+-------+-------+-------+-------+-------+ pfsense Local Network Nameserver 192.168.150. 5 | Min | Avg | Max |Std.Dev|Reliab%| ----------------+-------+-------+-------+-------+-------+ + Cached Name | 0,001 | 0,003 | 0,006 | 0,001 | 100,0 | + Uncached Name | 0,008 | 0,067 | 0,268 | 0,087 | 100,0 | + DotCom Lookup | 0,009 | 0,015 | 0,021 | 0,003 | 100,0 | ---<O-OO---->---+-------+-------+-------+-------+-------+ pi-hole Local Network Nameserver UTC: 2021-08-24, from 14:55:59 to 14:56:17, for 00:17,781
Anyone recognise this behaviour?