Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nZsdD22TPRf8P

Pages1
#1
22.1 Legacy Series / Re: Unbound is slow?
April 17, 2022, 05:27:03 PM
Hey, thank you for your reply.

Quote
What kind of hardware are you running Opnsense on processor / ramwise?

Code Select

OPNsense 22.1.5-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (4 cores, 8 threads)

16Gb RAM



Quote
You have confirmed that everything is unchecked / no DNS servers are set in Networking part of System: Settings: General?

All clear, see attachment.

Quote
Please provide what the statistics tab is showing in Services:Unbound.

Code Select


Thread 0
Recursion time (average): 0.066831
Recursion time (median): 0.0528201
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 798
Cache misses: 798
Cache hits: 580
Zero TTL: undefined
Prefetch: 0
Queries: 1378

Thread 1
Recursion time (average): 0.068602
Recursion time (median): 0.0534201
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 820
Cache misses: 820
Cache hits: 632
Zero TTL: undefined
Prefetch: 0
Queries: 1452

Thread 2
Recursion time (average): 0.066081
Recursion time (median): 0.051281
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 876
Cache misses: 876
Cache hits: 3669
Zero TTL: undefined
Prefetch: 0
Queries: 4545

Thread 3
Recursion time (average): 0.068600
Recursion time (median): 0.0515462
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 812
Cache misses: 812
Cache hits: 1674
Zero TTL: undefined
Prefetch: 0
Queries: 2486

Thread 4
Recursion time (average): 0.069425
Recursion time (median): 0.0513333
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 841
Cache misses: 841
Cache hits: 1621
Zero TTL: undefined
Prefetch: 0
Queries: 2462

Thread 5
Recursion time (average): 0.061700
Recursion time (median): 0.0518752
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 834
Cache misses: 834
Cache hits: 1575
Zero TTL: undefined
Prefetch: 0
Queries: 2409

Thread 6
Recursion time (average): 0.073829
Recursion time (median): 0.0522964
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 886
Cache misses: 886
Cache hits: 576
Zero TTL: undefined
Prefetch: 0
Queries: 1462

Thread 7
Recursion time (average): 0.066778
Recursion time (median): 0.0506368
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 831
Cache misses: 831
Cache hits: 589
Zero TTL: undefined
Prefetch: 0
Queries: 1420
Times
Now: 1650208872.638634
Uptime: 20893.715675
Elapsed: 20893.715675
Total
Recursion time (average): 0.067770
Recursion time (median): 0.0519011
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 6698
Cache misses: 6698
Cache hits: 10916
Zero TTL: undefined
Prefetch: 0
Queries: 17614


The weird part is that I don't see anything wrong with these stats, but I've tried multiple times and when unbound gets restarted the problem goes away.

Quote
To troubleshoot this I recommend turning off the blocklist.  From reading these forums I have noticed that that functionality can add problems.

I do not use blocklist, have unbound set up to do dns over tls (using cloudflare), and resolve recursively.

These are my statistics (i7-7500u with 16gigs of ram):

I've attempted this in the past but went back to the blocklist when I noticed that the behavior was the same.

What I find odd is that Unbound is reporting "recursive replies" when, if you enable DNS over TLS in the settings, this is the config that gets generated:

Code Select

# Forward zones over TLS
server:
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 1.1.1.1@853#cloudflare-dns.com
  forward-addr: 1.0.0.1@853#cloudflare-dns.com
  forward-addr: 2606:4700:4700::64@853
  forward-addr: 2606:4700:4700::6400@853


Which if I'm not mistaken should cause Unbound to just work in forward mode for all domains.
#2
22.1 Legacy Series / Unbound is slow?
April 17, 2022, 03:44:34 PM
Hey everyone,

Writing this to attempt to get assistance in debugging an issue I've been having in my network ever since migrating to Opnsense.

My network setup is pretty simple: I have a Opnsense firewall/router, a switch and 3 Openwrt APs. I migrated over to Opnsense from an openwrt router/firewall with the exact same setup.

I've always had my DNS set up with DNS over TLS going to the cloudflare servers. Unbound is set up with this configuration with just adds a `Forward .`directive to the config and causes all queries to be forwarded instead of resolved recursively. Additionally, I'm having Unbound register DHCP leases and have a simple DNS blocklist.

Ever since migrating to this set up I've noticed that especially applications on phones get extremely slow. Sometimes applications like reddit or imgur will straight up refuse to load pages. This is apparent more on phones than on laptops, and I haven't noticed it happening via wired connections.

This points to a Wifi issue right? However, I've noticed that immediately after restarting unbound everything starts working perfectly again, from a few tens of minutes to a couple of hours and then starts happening again.

The unbound metrics don't point to anything out of the ordinary and there's also nothing weird in the logs. The behavior here seems like cache related, but I can't explain all the symptoms.

How would you go about debugging this issue?

Thanks
Pages1