Slow DNS after 22.05
-
@mihaifpopa said in Slow DNS after 22.05:
virtualized OPNsense instance
That's good. I'm on a Netgate device and I'd like it to go back to working correctly!
-
@jax What are you seeing when you go to the Diagnostics->DNS Lookup page?
-
First try: about a 9 second wait followed by the correct answer.
Second try: about a 22 second wait followed by the correct answer.The pfSense display shows that 127.0.0.1 is timing out.
I have no idea why the Netgate device is querying itself.
As soon as it queries the next device upstream it gets an answer.Name server Query time 127.0.0.1 938 msec 192.168.xx.xx 48 msec
-
Ha! In General Setup -> DNS Resolution Behavior I chose "Use remote DNS servers, ignore local DNS" and things look better now. We'll see if that fixes it.
-
@jax Sounds like DNS Resolver is stopped.
Go to the Service->DNS Resolver page and click the "start" icon in the header, of Status->Services and click it there.FWIW reliance on the ISP DNS servers may result in being handed misleading DNS records. Remember when ISPs would resolve unresolving IPs and pass you to a search page? This helps you avoid that, among other things.
-
@rcoleman-netgate Okay, I restarted the DNS Resolver and have set the DNS Resolution Behavior back to use local DNS with fallback to remote. We'll see how this goes.
-
Do you run Suricata by any chance??
-
@cool_corona No, I don't.
-
@rcoleman-netgate Goes back to lousy performance. I've set it back to using remote DNS.
-
@jax Do you have any DNS specified in general settings??
-
@cool_corona No, no specified DNS servers. It's just using the default, the upstream WAN DHCP-assigned server.
-
@jax Can you pls. uncheck it
No DNS server overrides and test again.
-
@cool_corona What package(s) are installed?
-
@cool_corona Trying it unchecked with local + fallback.
-
@rcoleman-netgate no packages installed, just the default Netgate installation
-
@cool_corona Testing with no dns server overrides as you suggested seems to give me the same good performance that was only achieved previously by bypassing the pfSense resolver.
Can you explain this a little bit, please?
-
@jax It overrides the WAN DHCP DNS provided by your ISP provider and that can take some speed out of the equation.
You dont have to handshake and verify the DNS by the ISP and oes directly to the 13 root DNS servers.
-
Hmm, there still seems to be weird intermittent slowness in name resolution.
I dunno. This may be beyond my personal ability to debug. -
The slowness seems to be mostly focused on cdn services.
-
This is really quite frustrating, I'm not getting anywhere debugging this slowness problem.