slow gui after upgrade from 2.6 to 2.7 on proxmox.
-
OK, so how is DNS configured locally? Is pfSense resolving? Forwarding? Does it resolve to an IPv6 IP that has to time-out?
-
@stephenw10 said in slow gui after upgrade from 2.6 to 2.7 on proxmox.:
OK, so how is DNS configured locally? Is pfSense resolving? Forwarding? Does it resolve to an IPv6 IP that has to time-out?
only ipv4 .
DNS Forwarder disabled!
-
Is there a delay when resolving though?
Is Unbound (the resolver) set in resolving mode? Is DNSec enabled?
-
@stephenw10
yes:
-
Ok that should be fine. It resolves to your external IP I assume? And HAProxy is listening there so it should respond.
As a test you could add a host override on a client device dircetly so it doesn't have to resolve it. If that is then fast then it's a DNS problem. If it's still slow then it's an HAProxy issue.
-
@stephenw10
as this example ?
-
No add it to the hosts file on the test client behind pfSense directly. Doing that will mean it doesn't have to resolve against pfSense so any DNS delay would be removed.
-
ok.When I get home I'll edit the Windows hosts file and update you.
Thank you so much for your support!but I have to add the local IP of the server that responds to the DNS ?
-
@stephenw10
but inwindows host file I have to add the local IP of the server that responds to the DNS ? -
No you would add, for example, firewall.mydomain.com and point that towards whatever IP it should resolve to. So probably your WAN IP or whatever HAProxy is listening on.
-
@stephenw10
ok but I have wan Dynamic Ip... -
It only has to work once in order to test. I assume the IP doesn't change that quickly.
-
@stephenw10 I tried with the host file, it's still slow
-
Ok, so it's almost certainly an HAProxy issue. Is that logging anything? Hard to know what might have changed between 2.6 and 2.7 but the haproxy package was updated.
-
@stephenw10
for my metero server, in Ha proxy I added the following security headers, could these be?
-
I don't use HAProxy, I couldn't really say how that might affect it. But anythijng that applied to I would expect to equally affect traffic from external IPs and it is not. The only significant difference there is the source IP used which I guess some of those might see. But I wouldn't expect a delay, it would just reject it instantly.
Just how 'slow' is it from internal clients?
