DNS Forwarder hangs under load



  • 2008 R2 Hyper - Latest 2.0 snapshot, have tried older ones also. Box has 3 Intel Gbit nics, 24gb RAM and an E5520. Home server so no load at all.

    One nic purely assigned to WAN, into a routed internet connection (real external IP on pfsense)

    It performs ok but when you put the DNS forwarder under load it stutters, pauses and hangs for a while. During this hang I can ping other hosts via IP from the console but I cannot resolve any DNS name.

    I have been using googles dns servers but I've also tried my own ISP ones.

    You can notice the issues in general browsing but its easy to replicate using 'namebench' which benchmarks your DNS server, this kills it every single time.

    I have a 2008 R2 DNS forwarder also and that is fine in the same situation.

    I just reformated and recreated the VM from scratch and the issue is the same, right out of the box. I'm waiting for a VLAN capable switch to test this on 'real' hardware; it might be a Hyper-V Issue I guess.

    ANy ideas?

    Thanks



  • So I tried many more things and after playing with the latest V1 build on a physical it turns out its actually the MTU/MSS/PMTUD problem.

    On any build, any version, I cannot access certain sites or retrieve anything from their DNS servers; hence the timeouts.
    I've tried the all the options, DF bit options, mtu/mss clamping, changing mtu at the command line, allowing all ICMP reply from WAN and nothing brings back access to these sites.

    Plug the cable direct into the router and all is fine. My router and ISP pass 1500 byte packets fine but I've set as low as 576 but that fails to rectify the problem.



  • On any build, any version, I cannot access certain sites or retrieve anything from their DNS servers; hence the timeouts.

    I have seen this behavior as well. Specifically Microsoft sites and ups.com. I am sure there are others, but those are the two that have been reported to and tested by me. The problems are intermittent, so sometimes I just hit refresh in a browser, attempt another tracert, or other network test and it starts working. Sometimes the problem persists longer.

    I am using the Hamakua product from Netgate, which uses:
    Intel 82574L x4 (LAN + 3 optional interfaces)
    Intel 82562GT x1 (WAN)


  • Banned

    Have you vreated a ticket on redmine.pfsense.org??

    Its important that these issues come to knowledge, because its basic routing and very important.



  • @Supermule:

    Have you vreated a ticket on redmine.pfsense.org??

    Not enough info here to point to a bug. There would be a whole lot more than one report, and another that sounds like a PMTUD issue completely unrelated to DNS.


Locked