OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: andrema2 on March 11, 2021, 06:48:23 pm
-
Hi
My OpnSense is at 21.1.3 in an i7 with one CPU and 8 cores, 16gb of RAM. The usage is pretty low. It's my home DNS, so no more than 50 devices on the network. My internet connection is a fiber 300/150 mbits.
I'm seeing high times in resolution, now it's around 1600ms. It goes down and then back up, but never below 400ms. It was also happening in previous versions of OpnSense and the Unbound. So, I'm not saying it's related to the version.
I have tried to optimise my configuration, but no solution so far.
This is an excerpt of my config file with the optimisation
server:
cache-max-ttl: 86400
cache-min-ttl: 7200
harden-dnssec-stripped: yes
serve-expired: yes
outgoing-num-tcp: 50
incoming-num-tcp: 50
num-queries-per-thread: 8192
outgoing-range: 16384
unwanted-reply-threshold: 0
jostle-timeout: 200
msg-cache-size: 50m
rrset-cache-size: 100m
num-threads: 8
msg-cache-slabs: 16
rrset-cache-slabs: 16
infra-cache-slabs: 16
key-cache-slabs: 16
prefetch: yes
prefetch-key: yes
serve-expired-ttl: 86400
udp-connect: yes
rrset-roundrobin: yes
infra-cache-numhosts: 50000
infra-host-ttl: 3600
so-reuseport: yes
I attached the full config file too.
Any help or idea is going to be appreciated.
-
Hi
so may be its resolution time itself?
you can try to enable log-resonse and check "time to resolve"
-
@Fright
In the past, last year, I used to have resolution times below 100ms.
It's the same config file, this is what amazes me.
To enable the log response, what should I do ?
-
To enable the log response, what should I do ?
try to add
server:
log-replies: yes
to Services: Unbound DNS: General Advanced (or Custom) Options and Apply
in log record like
192.168.0.250 forum.opnsense.org. A IN NOERROR 0.019727 0 1070.019727 is time to resolve