Messages

[(1 addresses) for WAN_EXT took 5.48 seconds]

Hi,
yeah my problem was with a firewall alias resolved by Unbound DNS,
the record A is on an external DNS duckdns.org (high latency), the problem occured when the DNS query took more than 5 seconds (but not always), probably timeout, in that case Unbound returned (0 addresses), after enabling Advanced > Serve Expired Responses, the problem was resolved; It could still fail on first DNS query after firewall restart / reboot (but for now no problems).

Here's my log, before:

2024-02-04T11:30:02   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 2.13 seconds
2024-02-04T11:24:06   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 5.48 seconds
2024-02-04T11:18:02   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 2.13 seconds
2024-02-04T11:12:05   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 5.45 seconds
2024-02-04T11:06:03   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 3.43 seconds
2024-02-04T11:00:05   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 5.48 seconds
2024-02-04T10:54:05   Notice   firewall    resolving 1 hostnames (0 addresses) for WAN_EXT took 5.45 seconds
2024-02-04T10:48:01   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.69 seconds
2024-02-04T10:42:05   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 4.95 seconds
2024-02-04T10:36:01   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.95 seconds
2024-02-04T10:30:04   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 3.75 seconds
2024-02-04T10:24:03   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 2.67 seconds
2024-02-04T10:18:04   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 4.36 seconds
2024-02-04T10:12:05   Notice   firewall    resolving 1 hostnames (0 addresses) for WAN_EXT took 5.13 seconds
2024-02-04T10:06:04   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 4.10 seconds

Here's my log after:

2024-02-10T09:46:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.28 seconds
2024-02-10T09:40:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:35:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:29:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:23:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:17:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:11:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T09:05:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T08:59:00   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.01 seconds
2024-02-10T08:53:01   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 0.56 seconds
first query after reboot >>> 2024-02-10T08:47:49   Notice   firewall    resolving 1 hostnames (1 addresses) for WAN_EXT took 2.17 seconds

Let me know if you need more info.

Thanks.

Hi,
I have the same issue with a free duckdns.org domain (the nameservers have high latency) and TTL is 60 seconds,
enabling Advanced > Serve Expired Responses seems to solve the problem.

Not sure if it's the right approach.