Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate 2100 dns resolver reconfiguration takes very long

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 1.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      n300
      last edited by

      Hi there,

      it seems to me that every tiny change of DNS related configurations triggers a full restart of unbound. That takes up 2 minutes where complete DNS resolution (internal and external) isn't working. Some of my services are not amused about that.

      Is there a tweakable to fix that, or is this behavior works as designed?
      I can understand that it's mandatory to restart service for bigger changes in configuration. But absolutely not, if I only want to create a DNS-Record or add a DHCP-Reservation.

      • Firmware: 22.01-RELEASE (arm64)
      • My Unbound is running in Forward-Mode (Resolver-Mode isn't working with my ISP) to official DNS-Resolvers and used as internally LAN-DNS-Resolver.
      • Static-DHCP Clients will be registered automatically. Dynamic-DHCP Clients not.
      • pfBlockerNG is enabled in quite basic configuration
      • Tried both modes, Python Modul und default Mode. Can't see any different behaviour.

      Are there any suggestions?

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Galactic Empire @n300
        last edited by SteveITS

        @n300 2 minutes seems absurdly long. Do the logs show anything useful?

        To be clear are you suing DNS Resolver and forwarding, or using DNS Forwarder?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Upvote ๐Ÿ‘ helpful posts!

        N 1 Reply Last reply Reply Quote 0
        • N Offline
          n300 @SteveITS
          last edited by

          @steveits

          Hi Steve,

          No interesting things in unbound log. OK its only about 1 min. But that's also much to long if I only add a dns alias.
          There is only a time hole in log.

          77be4a33-08b9-4190-8eda-26ab260ecb57-image.png

          concerning your question about forwarding:
          I only use the server "DNS Resolver". DNS-Forwarder is disabled.
          But in DNS Resolver DNS Query Forwarding is enabled.
          1d8ebb58-3873-4f3e-82b6-22b60456edab-image.png

          Otherwise I'm unable to resolve anything outside my LAN.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Galactic Empire @n300
            last edited by

            @n300 Is Internet active at that time?
            https://redmine.pfsense.org/issues/12985 looks to be in the upcoming 22.05.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
            Upvote ๐Ÿ‘ helpful posts!

            N 1 Reply Last reply Reply Quote 0
            • N Offline
              n300 @SteveITS
              last edited by

              @steveits

              WAN port was up as far I can see.
              049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

              I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

              keyserK 1 Reply Last reply Reply Quote 0
              • keyserK Offline
                keyser Rebel Alliance @n300
                last edited by

                @n300 said in Netgate 2100 dns resolver reconfiguration takes very long:

                @steveits

                WAN port was up as far I can see.
                049a754e-c626-4f1e-9b5a-01f244f93f95-image.png

                I think it's unbound related, because also internal DNS resolving from all my clients/servers isn't possible while applying changes.

                pfBlockerNG with a bunch of DNSBL feeds active causes this because of the huge block lists that is added to unbound - optionally via python integration. The SG-2100 CPU is not exactly powerfull, so it takes quite a while to load large feeds on that platform.

                Love the no fuss of using the official appliances :-)

                N 1 Reply Last reply Reply Quote 0
                • N Offline
                  n300 @keyser
                  last edited by

                  @keyser Ok. But if I disable pfblockerNG (not uninstalling it), it's not significantly faster? I also don't have many subscriptions. Only the basic/default Blacklist is enabled.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.