Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate 2100 dns resolver reconfiguration takes very long

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 918 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n300
      last edited by

      Hi there,

      it seems to me that every tiny change of DNS related configurations triggers a full restart of unbound. That takes up 2 minutes where complete DNS resolution (internal and external) isn't working. Some of my services are not amused about that.

      Is there a tweakable to fix that, or is this behavior works as designed?
      I can understand that it's mandatory to restart service for bigger changes in configuration. But absolutely not, if I only want to create a DNS-Record or add a DHCP-Reservation.

      • Firmware: 22.01-RELEASE (arm64)
      • My Unbound is running in Forward-Mode (Resolver-Mode isn't working with my ISP) to official DNS-Resolvers and used as internally LAN-DNS-Resolver.
      • Static-DHCP Clients will be registered automatically. Dynamic-DHCP Clients not.
      • pfBlockerNG is enabled in quite basic configuration
      • Tried both modes, Python Modul und default Mode. Can't see any different behaviour.

      Are there any suggestions?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @n300
        last edited by SteveITS

        @n300 2 minutes seems absurdly long. Do the logs show anything useful?

        To be clear are you suing DNS Resolver and forwarding, or using DNS Forwarder?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        N 1 Reply Last reply Reply Quote 0
        • N
          n300 @SteveITS
          last edited by

          @steveits

          Hi Steve,

          No interesting things in unbound log. OK its only about 1 min. But that's also much to long if I only add a dns alias.
          There is only a time hole in log.

          77be4a33-08b9-4190-8eda-26ab260ecb57-image.png

          concerning your question about forwarding:
          I only use the server "DNS Resolver". DNS-Forwarder is disabled.
          But in DNS Resolver DNS Query Forwarding is enabled.
          1d8ebb58-3873-4f3e-82b6-22b60456edab-image.png

          Otherwise I'm unable to resolve anything outside my LAN.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @n300
            last edited by

            @n300 Is Internet active at that time?
            https://redmine.pfsense.org/issues/12985 looks to be in the upcoming 22.05.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            N 1 Reply Last reply Reply Quote 0
            • N
              n300 @SteveITS
              last edited by

              @steveits

              WAN port was up as far I can see.
              049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

              I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

              keyserK 1 Reply Last reply Reply Quote 0
              • keyserK
                keyser Rebel Alliance @n300
                last edited by

                @n300 said in Netgate 2100 dns resolver reconfiguration takes very long:

                @steveits

                WAN port was up as far I can see.
                049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

                I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

                pfBlockerNG with a bunch of DNSBL feeds active causes this because of the huge block lists that is added to unbound - optionally via python integration. The SG-2100 CPU is not exactly powerfull, so it takes quite a while to load large feeds on that platform.

                Love the no fuss of using the official appliances :-)

                N 1 Reply Last reply Reply Quote 0
                • N
                  n300 @keyser
                  last edited by

                  @keyser Ok. But if I disable pfblockerNG (not uninstalling it), it's not significantly faster? I also don't have many subscriptions. Only the basic/default Blacklist is enabled.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.