![]() For the benchmark I selected "The Top 2000 Websites (Alexa)" as source. Then I started a benchmark with the following servers: 10.0.0.1 (pfSense with Google DNS), 8.8.8.8 (Google DNS), 208.67.222.123 (OpenDNS). After changing the settings and applying I restarted unbound and flushed the DNS on my Mac. So I ditched them for Google's DNS servers. First discovery was that the alternative "dns.watch" DNS servers I was using were extremely slow. So I started benchmarking with namebench () and came to some shocking discoveries. Unbound has this setting turned off by default which caused the slowdowns in Safari.Īfter turning it on I still wasn't convinced about the snappiness. I today discovered that Safari has a technique called DNS Prefetching. Strange thing is that only Safari had visible slowdowns, other browsers like Chrome and Firefox didn't. When you changed to forwarding mode - did you uncheck dnssec, forwarding and trying to dnssec is not going to get you anything and can be problematic.I am having weird slowdowns on my network for a long time now. ![]() So its not something wrong with unbound on pfsense in general. But what I was showing you is I am using unbound on pfsense in resolving mode and have no issues. If you say your having a problem, then yeah points to something on pfsense that is having unbound have a problem. Yes if you forward in unbound, then it would be no different than pihole forwarding to quad9. My point being there is no button to click or setting to be made to make unbound work better for resolving or forwarding. Could be unbound restarting in the middle of the test. Do you have register dhcp set on unbound. Its possible you have something wrong with your setup. ![]() Your not using pfblocker are you, or IPS. Or when you query for something that is not cached. Do a simple sniff on your pfsense wan when you run the test. That is it testing if can talk to the dotcom server. just do a dig +trace for some domain if you want to see how many levels there might be to get to the NS for Only thing roots do, is pointing you to the NS for the TLD. Those are the ones that would tell your resolver which NS to talk to for Īll of the different TLDs would have their own listings of NS to ask. Doesn't matter if your lan has IPv6 or not.īut sure fire up a docker. IPv6 lan is disabled - but does pfsense have a IPv6 on its wan - it could and would use that to talk to some NS that has IPv6 address. It has to talk to more than the ROOTS, it also has to talk to the TLD NSs, and then the NS for the domain, if any cnames for stuff then the NS for the domains the cnames point to. PiHole with Quad9 DNSīut I’d expect it not to have issues reaching root NS. On the Pihole using pfSense for DNS, and using pfSense IP directly in DNS Benchmark, both get <90% reliability. On that Pihole, I now get 100% reliability on DNS Benchmark. I was noticing slow website loads, so on one of the piholes I changed the DNS to quad 9 instead of pfSense. That is, pfSense DHCP hands out Pihole IP for DNS DNS on the pihole is set to 192.168.1.1, the pfsense. I have 2 Piholes setup in split DNS configuration - (client -> pihole -> pfSense -> world). Using GRC DNS Benmark, I'm showing reliability of Uncached and DotCom Lookups between 60 and 90%.Īny ideas how to resolve this? I have no LAN firewall rules in place at the moment. I've got DNS Resolver turned on, not in forwarding mode. If anyone knows why or a way to fix this I'd love to hear it! Otherwise I leave that option unchecked for now. r/pfblockerng /r/sysadmin /r/networking /r/homelab /r/homenetworkingĮdit: it was the option to register DHCP devices causing the problem. This is a community subreddit so lets try and keep the discourse polite. This subreddit is primarily for the community to help each other out, if you have something you want the maintainers of the project to see we recommend posting in the appropriate category on our Netgate forum. If you are looking to sell or buy used hardware, please try /r/hardwareswap. If you are looking for help with basic networking concepts, please try /r/homelab or for more advanced, /r/networking.ĭo not post items for sale in this subreddit. Use a search engine like Google to search across the domain: We have a great community that helps support each other, but we also provide 24x7 commercial support.īefore asking for help please do the following: You can install the software yourself on your own hardware. You can buy official pfSense appliances directly from Netgate or a Netgate Partner. The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |