Frequent DNS timeouts

nedyah700

@jonh same, but everyone keeps just repeating that it must be dhcp registrations ...

JonH

@nedyah700 said in Frequent DNS timeouts:

@jonh same, but everyone keeps just repeating that it must be dhcp registrations ...

Right, and everyone with the problem, myself included, keeps repeating why did it not happen prior to upgrade to 23.01 and new release of pfBlocker?

Sure, maybe there is less forgiveness in 23.01. I will say that I’ve been convinced dns/tls may not be worth all this hassle and when I return home I’ll be thinking about dropping that from my system.

nedyah700

@jonh yep 100% with you. I'm not even using then DNSBL module of pfBlocker, just the IP module. Nothing changed except the upgrade and now, seemingly randomly, all my devices stop resolving DNS for a minute or so.

Gertjan

@nedyah700 said in Frequent DNS timeouts:

@jonh same, but everyone keeps just repeating that it must be dhcp registrations ...

If this :

is checked, then yes, that's true.
Look at the DHCP log, see the DHCP events, and the System log at the same time, where you can find dhcpleases process entries like :

This line indicates that the dhcpdleases process wanted to restart unbound, but it was already doing a restart (!). The pid wasn't valid anymore (for a short moment)
At that moment, another DHCP event came in, the unbound pid was already gone, unbound was restarted again. Etc.

I've activated :

just for a minute or two and unbound restarted already 3 times.

So, back to :

The "DHCP Registration" is one reason for unbound to restart (very) often.
Interface events, like DOWN/UP, on WAN, LAN or any other network interface also restart unbound.
Other events, fired by packages I don't use, can also do this.
Saving unbound settings also restarts unbound, twice actually, once to validate the settings, and once to take the (new) settings in account.

This package :

coupled with "DHCP Registration" setting activated can create a real mess ... like some sort of chain restart reaction.

On my two pfSense systems, with these :

my unbound stays up running. pfBlockerng, as said above, can restart unbound ones in a week or so, during feed updates, if any.

Btw : I've installed "System_Patches" and activated nearly all patches, although none are, afaik, related to unbound restarts.

ChrisLynch

@nedyah700 I wonder if this is more of system wide issue. I have completely disabled DNS Resolver and Forwarder, only to find out resolution to 1.1.1.1, 1.0.0.1, or even Googles DNS (8.8.8.8, 8.8.8.1) , clients still timeout.

Heck, I had special DHCP static leases for specific devices that handed out those DNS servers instead of the firewall, and they still had DNS timeouts. This causes video streaming issues with apps like Hulu, or even connected to this website (I see the "Looks like your connection to Netgate Forum was lost...").

Now, I have had this issue for well over several years, only for it to worsen with the 23.01 update.

Gertjan

@chrislynch said in Frequent DNS timeouts:

I had special DHCP static leases for specific devices that handed out those DNS servers instead of the firewall, and they still had DNS timeouts.

These devices 'talk' directly to "1.1.1.1, 1.0.0.1, or even Googles DNS (8.8.8.8, 8.8.8.1)" which means it's some TCP and mostly UDP traffic to these IPs using port destination 53.
pfSense does nothing with this traffic except 'routing it'.

IMHO : That's for sure an uplink issue.