"Recent posts
#81
25.7, 25.10 Series / DNS requests delayed for 5000 ...
Last post by HolgerKuehn - January 18, 2026, 03:22:30 PMHi folks,
I've been seeing delays for websites loading for some time now and finally found the reason for it. Watching the dev tools in network some resources are taking a long time to load. Doing some further digging I noticed the following.
When I do a DNS test under Interfaces, Diagnostics and DNS Lookup for a public domain some queries take between 5000 and 5050 ms.
I could narrow it down to
1. using IPv4 address of DNS server all requests are between 18ms to 45ms as expected, repeating them mostly down to 0-1ms (due to cache I assume)
2. using link local address of DNS server does not work at all, message "Error: error sending query: Could not send or receive, because of network error" is shown
3. using the ULA or GUA works, but query time are either between 0ms to 50ms or have a clear offset of 5000ms, it varies for all types A, AAAA, MX or TXT repeating it
This is one example:
The 5000 ms offset jumps from type to type if I repeat the test. Using IPv4 "always" show the expected times.
I've found this thread, but find it not applicable to my setting: https://www.reddit.com/r/OPNsenseFirewall/comments/14i1lyr/dns_often_takes_5_seconds/
I see this effect in my home network using SimpleDNS and at my workplace using Active Directory.
Testing the DNS server from different hosts (using powershell Resolve-DNSName) never takes 5 seconds, so I would assume its some OPNsense related stuff.
As for my settings on OPNsense:
* dnsmasaq is sending the DHCP-options and RA (stateless)
* no local DNS service (unbound and dnsmasq are off)
* system DNS is set to IPv4, ULA and link-local address of the DNS server on the LAN
Version is OPNsense 25.7.11_1-amd64 as well as OPNsense 25.1.12-amd64.
Any hints on what I can check to avoid those 5000ms offsets?
Cheers
Holger Kühn
I've been seeing delays for websites loading for some time now and finally found the reason for it. Watching the dev tools in network some resources are taking a long time to load. Doing some further digging I noticed the following.
When I do a DNS test under Interfaces, Diagnostics and DNS Lookup for a public domain some queries take between 5000 and 5050 ms.
I could narrow it down to
1. using IPv4 address of DNS server all requests are between 18ms to 45ms as expected, repeating them mostly down to 0-1ms (due to cache I assume)
2. using link local address of DNS server does not work at all, message "Error: error sending query: Could not send or receive, because of network error" is shown
3. using the ULA or GUA works, but query time are either between 0ms to 50ms or have a clear offset of 5000ms, it varies for all types A, AAAA, MX or TXT repeating it
This is one example:
| Type | Answer | Server | Query time |
| A | google.de. 143 IN A 142.251.39.227 | fd11:f0d8:a7bb:135d:127c:61ff:fe2f:542c | 0 msec |
| AAAA | google.de. 111 IN AAAA 2a00:1450:4005:804::2003 | fd11:f0d8:a7bb:135d:127c:61ff:fe2f:542c | 5 msec |
| MX | google.de. 300 IN MX 0 smtp.google.com. | fd11:f0d8:a7bb:135d:127c:61ff:fe2f:542c | 5024 msec |
| TXT | google.de. 106 IN TXT "v=spf1 -all" | fd11:f0d8:a7bb:135d:127c:61ff:fe2f:542c | 5031 msec |
The 5000 ms offset jumps from type to type if I repeat the test. Using IPv4 "always" show the expected times.
I've found this thread, but find it not applicable to my setting: https://www.reddit.com/r/OPNsenseFirewall/comments/14i1lyr/dns_often_takes_5_seconds/
I see this effect in my home network using SimpleDNS and at my workplace using Active Directory.
Testing the DNS server from different hosts (using powershell Resolve-DNSName) never takes 5 seconds, so I would assume its some OPNsense related stuff.
As for my settings on OPNsense:
* dnsmasaq is sending the DHCP-options and RA (stateless)
* no local DNS service (unbound and dnsmasq are off)
* system DNS is set to IPv4, ULA and link-local address of the DNS server on the LAN
Version is OPNsense 25.7.11_1-amd64 as well as OPNsense 25.1.12-amd64.
Any hints on what I can check to avoid those 5000ms offsets?
Cheers
Holger Kühn
#82
25.7, 25.10 Series / Re: After updating Opnsense fr...
Last post by stanthewizzard - January 18, 2026, 02:55:07 PMWrong post
#83
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by Monviech (Cedrik) - January 18, 2026, 02:19:41 PMThanks for testing, if this is indeed the result and others can verify this as well, we could ask in the dnsmasq mailing list.
#84
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 18, 2026, 02:16:28 PMIt looks dnsmasq's memory consumption is greatly reduced by turning off RA advertisement... I'm going to turn on the radvd and leave RA off to see if dnsmasq's memory consumption stabilizes. So to recap my dnsmasq configuration will only serve dhcpv4/v6. DNS is handled by unbound and RA will be handled by radvd.
#85
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 18, 2026, 02:12:54 PMdisable RA advertisement
PID RSS COMMAND
97469 7124 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 18:03:01 EST 2026
PID RSS COMMAND
97469 9884 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 19:03:01 EST 2026
PID RSS COMMAND
97469 14064 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 20:03:01 EST 2026
PID RSS COMMAND
97469 16096 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 21:03:02 EST 2026
PID RSS COMMAND
97469 17256 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 22:03:02 EST 2026
PID RSS COMMAND
97469 21000 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 23:03:02 EST 2026
PID RSS COMMAND
97469 22664 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 00:03:02 EST 2026
PID RSS COMMAND
97469 24208 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 01:03:02 EST 2026
PID RSS COMMAND
97469 27100 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 02:03:02 EST 2026
PID RSS COMMAND
97469 29020 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 03:03:02 EST 2026
PID RSS COMMAND
97469 30472 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 04:03:02 EST 2026
PID RSS COMMAND
97469 31488 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 05:03:02 EST 2026
PID RSS COMMAND
97469 32776 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 06:03:02 EST 2026
PID RSS COMMAND
97469 34176 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 07:03:02 EST 2026
PID RSS COMMAND
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
PID RSS COMMAND
97469 7124 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 18:03:01 EST 2026
PID RSS COMMAND
97469 9884 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 19:03:01 EST 2026
PID RSS COMMAND
97469 14064 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 20:03:01 EST 2026
PID RSS COMMAND
97469 16096 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 21:03:02 EST 2026
PID RSS COMMAND
97469 17256 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 22:03:02 EST 2026
PID RSS COMMAND
97469 21000 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sat Jan 17 23:03:02 EST 2026
PID RSS COMMAND
97469 22664 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 00:03:02 EST 2026
PID RSS COMMAND
97469 24208 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 01:03:02 EST 2026
PID RSS COMMAND
97469 27100 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 02:03:02 EST 2026
PID RSS COMMAND
97469 29020 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 03:03:02 EST 2026
PID RSS COMMAND
97469 30472 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 04:03:02 EST 2026
PID RSS COMMAND
97469 31488 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 05:03:02 EST 2026
PID RSS COMMAND
97469 32776 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 06:03:02 EST 2026
PID RSS COMMAND
97469 34176 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 07:03:02 EST 2026
PID RSS COMMAND
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
#86
General Discussion / Re: dsnmasq dhcp-script
Last post by Webfeger - January 18, 2026, 01:59:42 PMQuote from: Patrick M. Hausen on January 18, 2026, 12:23:21 PMPut this in the first line of /home/dhcp_lease.plCode Select#!/usr/local/bin/perl
and make the script file executable (chmod 755). The use only the script path in the configuration.
Thanks for help !! must have overseen that because there was already define, but wrong path. Now the script is working so far and monin is ready. Will take some tests.
#87
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by franco - January 18, 2026, 01:52:51 PMThen the code in dhcp6c repo wasn't pulled correctly? Or are you using the "no release" option, too? With that option it is rather hard to do anything sane and I've kept it to use infinite lifetimes otherwise it breaks the promise of the option...
https://github.com/opnsense/dhcp6c/commit/52dfc21489
1.) is still evolving on the master branch. Had a wrong assumption that RENEW would already trigger a full reload but that wasn't the case.
The two commits seem to be needed as well and I'm not sure they apply cleanly to 25.7.11. Still testing a bit.
https://github.com/opnsense/core/commit/c31d9430e
https://github.com/opnsense/core/commit/fafe519de
Cheers,
Franco
https://github.com/opnsense/dhcp6c/commit/52dfc21489
1.) is still evolving on the master branch. Had a wrong assumption that RENEW would already trigger a full reload but that wasn't the case.
The two commits seem to be needed as well and I'm not sure they apply cleanly to 25.7.11. Still testing a bit.
https://github.com/opnsense/core/commit/c31d9430e
https://github.com/opnsense/core/commit/fafe519de
Cheers,
Franco
#88
25.7, 25.10 Series / Re: 25.7.11 GeoIP
Last post by MoonbeamFrame - January 18, 2026, 01:42:12 PMAnd it is working fine for the other firewalls that I already upgraded to 25.7.11
But I won't be doing the rest until I have this one working.
But I won't be doing the rest until I have this one working.
#89
25.7, 25.10 Series / Re: 25.7.11 GeoIP
Last post by meyergru - January 18, 2026, 01:20:18 PMNo, no change there. Yet, for me, GeoIP works fine.
#90
25.7, 25.10 Series / Re: After updating Opnsense fr...
Last post by wide - January 18, 2026, 01:10:36 PMHi,
System is fully functional and stable after reboot if I don't open the WebGUI. So clean start and staying away from management keeps the load and memory consumption in similar levels what were before the 25.7.11_1 update. Is it sure that my case is connected to this Neighbors: Automatic Discovery feature?
System is fully functional and stable after reboot if I don't open the WebGUI. So clean start and staying away from management keeps the load and memory consumption in similar levels what were before the 25.7.11_1 update. Is it sure that my case is connected to this Neighbors: Automatic Discovery feature?
