<![CDATA[Netgate 2100 dns resolver reconfiguration takes very long]]>Hi there,

it seems to me that every tiny change of DNS related configurations triggers a full restart of unbound. That takes up 2 minutes where complete DNS resolution (internal and external) isn't working. Some of my services are not amused about that.

Is there a tweakable to fix that, or is this behavior works as designed?
I can understand that it's mandatory to restart service for bigger changes in configuration. But absolutely not, if I only want to create a DNS-Record or add a DHCP-Reservation.

  • Firmware: 22.01-RELEASE (arm64)
  • My Unbound is running in Forward-Mode (Resolver-Mode isn't working with my ISP) to official DNS-Resolvers and used as internally LAN-DNS-Resolver.
  • Static-DHCP Clients will be registered automatically. Dynamic-DHCP Clients not.
  • pfBlockerNG is enabled in quite basic configuration
  • Tried both modes, Python Modul und default Mode. Can't see any different behaviour.

Are there any suggestions?

]]>https://forum.netgate.com/topic/172204/netgate-2100-dns-resolver-reconfiguration-takes-very-longRSS for NodeMon, 15 Jun 2026 04:23:34 GMTMon, 16 May 2022 11:33:18 GMT60<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Tue, 17 May 2022 06:58:58 GMT]]>@keyser Ok. But if I disable pfblockerNG (not uninstalling it), it's not significantly faster? I also don't have many subscriptions. Only the basic/default Blacklist is enabled.

]]>https://forum.netgate.com/post/1042484https://forum.netgate.com/post/1042484Tue, 17 May 2022 06:58:58 GMT<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Mon, 16 May 2022 21:39:28 GMT]]>@n300 said in Netgate 2100 dns resolver reconfiguration takes very long:

@steveits

WAN port was up as far I can see.
049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

pfBlockerNG with a bunch of DNSBL feeds active causes this because of the huge block lists that is added to unbound - optionally via python integration. The SG-2100 CPU is not exactly powerfull, so it takes quite a while to load large feeds on that platform.

]]>https://forum.netgate.com/post/1042447https://forum.netgate.com/post/1042447Mon, 16 May 2022 21:39:28 GMT<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Mon, 16 May 2022 19:41:05 GMT]]>@steveits

WAN port was up as far I can see.
049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

]]>https://forum.netgate.com/post/1042439https://forum.netgate.com/post/1042439Mon, 16 May 2022 19:41:05 GMT<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Mon, 16 May 2022 19:38:08 GMT]]>@n300 Is Internet active at that time?
https://redmine.pfsense.org/issues/12985 looks to be in the upcoming 22.05.

]]>https://forum.netgate.com/post/1042438https://forum.netgate.com/post/1042438Mon, 16 May 2022 19:38:08 GMT<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Mon, 16 May 2022 19:33:28 GMT]]>@steveits

Hi Steve,

No interesting things in unbound log. OK its only about 1 min. But that's also much to long if I only add a dns alias.
There is only a time hole in log.

77be4a33-08b9-4190-8eda-26ab260ecb57-image.png

concerning your question about forwarding:
I only use the server "DNS Resolver". DNS-Forwarder is disabled.
But in DNS Resolver DNS Query Forwarding is enabled.
1d8ebb58-3873-4f3e-82b6-22b60456edab-image.png

Otherwise I'm unable to resolve anything outside my LAN.

]]>https://forum.netgate.com/post/1042436https://forum.netgate.com/post/1042436Mon, 16 May 2022 19:33:28 GMT<![CDATA[Reply to Netgate 2100 dns resolver reconfiguration takes very long on Mon, 16 May 2022 19:35:55 GMT]]>@n300 2 minutes seems absurdly long. Do the logs show anything useful?

To be clear are you suing DNS Resolver and forwarding, or using DNS Forwarder?

]]>https://forum.netgate.com/post/1042423https://forum.netgate.com/post/1042423Mon, 16 May 2022 19:35:55 GMT