How to make WEB Browsing more responsive?

  • Greetings to all,

    DISCLAIMER, I don't know the proper search term here for this. if this has been created before, please point me to that post/thread, thanks.

    I would like to know ways/practice/best ways of having to make WEB browsing more responsive.
    all I know is with having a good/high priority queue for DNS request, is there any other techniques you may share?

    thanks in advance!

    1. Ad blocking. Both browsers addons and block in your DNS.
    2. Like you said, higher priority DNS can help, but I doubt that much once the page is loaded the first time.
    3. Traffic shaping in general can help
    4. Fair queuing or general bufferbloat reduction. This is much easier than traffic shaping can should be just as good in most cases.

  • @Harvy66,
    thanks for the replies, anyways, here are my follow-ups

    • in regards to AD blocking via WEB browser, I know this part and its fairly simple so no problem.
    • but for blocking it via DNS itself, what is the "best" way for this? via pfsense + pfBlockerNG or have it hosted on a dedicated host/pc doing this specifically?

    I'll try to research this one then as well.

    thanks and I hope more can give advise(s)

  • It's on my eventual todo list to find out how to import ad domains into my DNS list and give them, which causes them to not actually redirect to, but for DNS to respond claiming the domain could not be found.

  • Depending on the nature of your web traffic, squid can make a large difference, or not much. Rocks when you have a bunch of folks doing system updates if you have adequate cache to store the bloated things. Not much good if most/all traffic is encrypted or streaming.

    I have traded transparent squid for limiters to divide traffic quasi-fairly and find that generally better, but bringing up a separate squid box between pfSense and the LAN (to get both useful squid and limiters/division on non-cached traffic) is on my menu (with 78 other things and no staff but me to make them happen.)

    Back on older versions both would run, but cache hits got shaped, which is also useless. Non-transparent squid is OK for my fixed machines where hard-coding a web proxy is not going to screw them up elsewhere, since they should never be elsewhere, not so much for mobile computers.

    squidguard is one means of automagic ad blocking (to an extent.)

  • @Harvy66:

    It's on my eventual todo list to find out how to import ad domains into my DNS list and give them, which causes them to not actually redirect to, but for DNS to respond claiming the domain could not be found.

    I have patched dnsmasq for this, among other optimizations.

    The syntax for blocking domain is:

    With the above config, "" will resolve into NXDOMAIN.

    I have built it for pfSense2.2.4 and tested it for several days. It appears stable. On linux(openwrt, raspberry pi, physical and KVM servers) , the patched dnsmasq has run several months without issue.

    1d6b1346f079abb7bf45712266015109a50b327e dnsmasq.patched

    The dnsmasq binary is under /usr/local/sbin .


  • My recommendation is to try traffic shaping and just set your interfaces to their correct values, LAN for download and WAN for upload, and use CoDel or FairQ. No child queues or anything, just set one of those two and see how things go.

  • I have codelq for the main lan/wan shapers.

    Without also having a limiter to divide traffic fairly, it's not very effective (tried it that way on the way to where I am.)

    YMMV. I have too many users and not enough WAN (but I think that's fairly common, really.)

  • As far as I understand, traffic will bring some benefits only if you have already some contention. Shaping will then prioritize traffic as per your rules.
    I'm pretty sure you will get, assuming there no network contention, benefit from ads removal.

    Then debate is perhaps more to discuss about ads removal implementation  ;)

    Tweaking DNS is one option.
    Relying on features like Squid + Squidguqrd is another way, better from my standpoint. Do not expect throughput improvement when adding Squid in the middle.
    Benefit of cache is very little nowadays, especially if you perform tests with one single user, mainly because of the dynamic aspect of Web and the use of HTTPS almost everywhere.
    But I believe you will get more granularity and better (to me) control with Squidguard than DNS.

Log in to reply