<![CDATA[DNS forwarder - WLAN on its own Subnet - CPU 100%]]>I have a strange problem..

I am using a domain name what resolved to a public IP from outside, on my LAN it resolves to a local IP.

My setup looks like this:

PFSENSE BOX IP: 10.10.1.254

GENERAL SETUP
–------- --------
hostname: fw
domain: example.com

INTERFACES

WAN ISP-IP
LAN 10.10.1.254/24
WLAN 10.10.2.254/24

DNS SERVER

208.67.222.222
208.67.220.220

[OFF] Allow DNS server list to be overridden by DHCP/PPP on WAN
[OFF] Do not use the DNS Forwarder as a DNS server for the firewall

DHCP SERVER
–--- ----------
[OFF] WAN
[ON] LAN 10.10.1.125 - 10.10.1.250
[ON] WLAN 10.10.2.125 - 10.10.2.250

DNS FORWARDER
–--- --------------
[ON] Enable DNS forwarder
[ON] Register DHCP leases in DNS forwarder

Host Overrides
example.com  10.10.1.100

Domain Overrides
example.com  10.10.1.254

If I connect to my network via a network cable, everything runs fine.

If I connect to my network via wireless, my cpu hits 100%

If I turn off DNS Forwarding the cpu goes back to normal?

If I bridge LAN & WLAN, the cpu is normal.

I don't want to bridge LAN & WLAN, I want to keep them separate with appropriate firewall rules.

Why is DNS Forwarding / dnsmasq hitting 100% when I connect to my network via wireless?
Something to do with the wireless subnet causing dnsmasq to create some kind of DNS loop maxing out the CPU?

]]>https://forum.netgate.com/topic/47698/dns-forwarder-wlan-on-its-own-subnet-cpu-100RSS for NodeSat, 06 Jun 2026 22:41:52 GMTTue, 14 Aug 2012 19:35:23 GMT60<![CDATA[Reply to DNS forwarder - WLAN on its own Subnet - CPU 100% on Wed, 15 Aug 2012 18:55:48 GMT]]>PROBLEM SOLVED!!!

My state table had LOTS of this:

tcp 10.10.2.30:53227 -> 10.10.1.100:631 FIN_WAIT_2:FIN_WAIT_2

CUPS was sending LOTS of requests,  I added the 10.10.2. network to CUPS on my
server and now everything is back to normal!  :)

]]>https://forum.netgate.com/post/351625https://forum.netgate.com/post/351625Wed, 15 Aug 2012 18:55:48 GMT<![CDATA[Reply to DNS forwarder - WLAN on its own Subnet - CPU 100% on Wed, 15 Aug 2012 10:28:37 GMT]]>@wallabybob:

Imagine something on your wireless network looks up www.example.com. Your DNS forwarding configuration says anything on domain example.com DNS forwarder doesn't know about should go to 10.10.1.254 which is the LAN interface. I don't know the intricacies of DNS forwarder but it seems to me that you have likely created an infinite loop: DNS forwarder should ask itself to resolve domain example.com. but that is unlikely to terminate EXCEPT for names fw.example.com and example.com.

If i connect to my network via LAN (network cable) to 10.10.1.254/24, DNS Forwarder seems to be running OK, CPU usage is normal. The problem only occurs when i connect to my network via Wireless what uses the 10.10.2.254/24 network. My state table fills up and my CPU goes 100%, if i turn off DNS Forwarder / dnsmasq, the CPU goes back to normal.

]]>https://forum.netgate.com/post/351558https://forum.netgate.com/post/351558Wed, 15 Aug 2012 10:28:37 GMT<![CDATA[Reply to DNS forwarder - WLAN on its own Subnet - CPU 100% on Wed, 15 Aug 2012 09:40:20 GMT]]>@wallabybob:

The netmask in the following items seems bizarre:
@wizbit:

INTERFACES
–------------
WAN ISP-IP
LAN 10.10.1.254/0
WLAN 10.10.2.254/0

That was a typo!! Changed now.

]]>https://forum.netgate.com/post/351552https://forum.netgate.com/post/351552Wed, 15 Aug 2012 09:40:20 GMT<![CDATA[Reply to DNS forwarder - WLAN on its own Subnet - CPU 100% on Wed, 15 Aug 2012 07:24:38 GMT]]>The netmask in the following items seems bizarre:
@wizbit:

INTERFACES
–------------
WAN ISP-IP
LAN 10.10.1.254/0
WLAN 10.10.2.254/0

]]>https://forum.netgate.com/post/351534https://forum.netgate.com/post/351534Wed, 15 Aug 2012 07:24:38 GMT<![CDATA[Reply to DNS forwarder - WLAN on its own Subnet - CPU 100% on Wed, 15 Aug 2012 07:22:49 GMT]]>Imagine something on your wireless network looks up www.example.com. Your DNS forwarding configuration says anything on domain example.com DNS forwarder doesn't know about should go to 10.10.1.254 which is the LAN interface. I don't know the intricacies of DNS forwarder but it seems to me that you have likely created an infinite loop: DNS forwarder should ask itself to resolve domain example.com. but that is unlikely to terminate EXCEPT for names fw.example.com and example.com.

]]>https://forum.netgate.com/post/351530https://forum.netgate.com/post/351530Wed, 15 Aug 2012 07:22:49 GMT