Slow to resolve a new web address then ok. WTF?

  • Hi.

    Have been playing around with PFSense for a few days now, looking to use it instead of IPCOP primarily because of the Captive Portal feature (which is fab btw!).

    However, I've noticed a small issue.  When I enter a new web address, it takes approx 15 seconds before anything happens, then it all seems lightning quick.  Surf around that particular site with no problems, seems really quick.  Even clicking an external link to another website seems really quick.  However, as soon as I type in a new address (ie. Somewhere it hasn't been before), it again seems to take 15 secs to resolve the address.  If you however type in an address you've been to before then again its really quick at bringing the page in.

    Really odd.  This behaviour does not happen with the machine running with IPCOP.  I noticed this behaviour a few years back when we had Smoothwall Express running, but lived with it, but this time round I'm not content with the performance.

    Help appreciated.


  • Are you using pfSense as primary DNS?
    Could it be that the primary DNS pfSense gets is down (or entered wrong) and it takes a while to fall back to the secondary DNS?

  • Hmmm…. Not convinced.

    As I said, clicking to another website from a link within a site you're already at is fine.  It's just when you entered a new website within the address bar.  Sounds like a problem with the browser, but is isn't, as it doesn't show this behaviour when using another firewall/router.


  • What does  nslookup  respond to your queries - and how fast?

  • It indeed sounds like what GruensFroeschli says. pfSense's DNS service caches the queries once they're answered. So because it's fast after the initial load when pfSense is supplying results without contacting your ISP's DNS servers, your DNS servers are apparently the issue. Having an incorrect primary DNS server would be the most likely cause, second most likely cause is the primary answers very slowly.

  • try using or
    as primary.
    (they are just dns servers i know are working right now and accessible from outide)

  • What if you enter an IP instead of a hostname in your browser?

    Try these for example:  is  is

    A popular german computer magazine with good bandwidth and quite reliable:

    You don't want to do an NS query beforehand as the resolved address would be cached then.

  • Sorry for not getting back sooner, other priorities at work.

    Had another play, and used the two DNS Servers mentioned in the posts earlier.  And yes, seems better.  Would seem the DNS servers my ISP are a bit dodgy.

    Thanks for your help.


  • try to use and

    they are OpenDNS and worth a try


Log in to reply