I'm trying to install AdGuard home from routerperformance.net's repo. I found that the "fetch" command hangs on DNS resolution, or connection instantiation, for over a minute each time it is used. curl doesn't have the same issue, and returns almost immediately.
Fetch hangs on "Resolving server address:..." for over a minute, and then quickly gets through the rest:
root@OPNsense:~ # time fetch -v https://www.routerperformance.net/mimugmail-single.conf
resolving server address: www.routerperformance.net:443
SSL options: 82004850
Peer verification enabled
Using OpenSSL default CA cert file and path
Verify hostname
TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
Certificate subject: /CN=routerperformance.net
Certificate issuer: /C=US/O=Let's Encrypt/CN=R11
requesting https://www.routerperformance.net/mimugmail-single.conf
local size / mtime: 114 / 1733986251
remote size / mtime: 114 / 1733986251
mimugmail-single.conf 114 B 2141 kBps 00s
0.028u 0.000s 1:15.52 0.0% 24+204k 0+0io 0pf+0w
Curl takes less than a second in total:
root@OPNsense:~ # time curl https://www.routerperformance.net/mimugmail-single.conf
mimugmail: {
url: "https://opn-repo.routerperformance.net/repo-single/${ABI}",
priority: 5,
enabled: yes
}
0.013u 0.000s 0:00.61 1.6% 104+136k 0+0io 0pf+0w
This is causing my updates/system downloads to hang for a very long time. Why do these tools behave differently and what is causing fetch to be so slow?
Works for me. Probably a problem with IPv6 connectivity and curl and fetch reacting differently on that. You can check by using -4 and -6 for fetch.
Quote from: meyergru on January 04, 2025, 04:29:08 PMWorks for me. Probably a problem with IPv6 connectivity and curl and fetch reacting differently on that. You can check by using -4 and -6 for fetch.
That's it. Fetch with -4 works flawlessly. Now to figure out why IPv6 DNS isn't working... Thank you!
IPv6 DNS is working just fine from my laptop. IPv6 connectivity does as well. Even IPv6 DNS works on OPNSense, although I had to manually set it in the General settings.
IPv6 connectivity does not work when traffic is coming directly from OPNSense itself. Any hints would be appreciated, I have been searching up and down and unable to find anything.
root@OPNsense:~ # netstat -nr6 | grep default
default fe80::...<my upstream gateway>%igb0 UG igb0
Sorry for so many posts. I finally resolved the issue!
www.routerperformance.net does not have any AAAA records. I had accidentally turned on "Enable DNS64 Support" to synthesize quad A records for use in NAT64. I don't use NAT64 and never configured it, so the lack of AAAA records caused this site to be unreachable by OPNSense.
The simple fix: Disable DNS64 support on Unbound.