Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
problems with resolving speed
« previous
next »
Print
Pages: [
1
]
Author
Topic: problems with resolving speed (Read 73 times)
bread
Jr. Member
Posts: 62
Karma: 0
problems with resolving speed
«
on:
November 01, 2024, 05:45:08 pm »
Hi,
I get terrible resolving time especially at the beginning of loading some pages.
Something about 8 seconds!
the setting:
aduard 53 --> unbound 5353 --> some privacy friendly 4 x DoT upstream servers
+ IDS / IPS
unbound has the following points activated:
- Enable DNSSEC Support
- Register ISC DHCP4 Leases
- Register DHCP Static Mappings
- Do not register IPv6 Link-Local addresses
- Hide Identity / Version
- Harden DNSSEC Data
- Aggressive NSEC
I tried to deactivate adguard and IDS / IPS.
I changed DoT within unbound to 1.1.1.1.
I even changed DNS to 1.1.1.1 on the client, so it shouldn't use any internal DNS at all.
But the issue stays.
If I ping 1.1.1.1, I get immediate result of about 23ms,
but if I ping cloudflare.com, it lasts about 5-10 seconds till it starts and it lasts even between the pings about 3 seconds.
But the ping itself is still about 25-27ms.
So it seems to be a problem of DNS, but in which way, if I even set client DNS to 1.1.1.1??
iperf within LAN is about 900Mbits, so OK.
cheers
bread
edit:
OK, the problem was the VM within QubesOS!
The one, which has this terrible resolving goes over another network VM (sys-vpn) and not directly to firewall-vm. Even if VPN is not on, I get this kind of resolving. So it's a problem of routing in QubesOS!
«
Last Edit: November 01, 2024, 06:08:23 pm by bread
»
Logged
bread
Jr. Member
Posts: 62
Karma: 0
Re: problems with resolving speed
«
Reply #1 on:
November 01, 2024, 06:51:04 pm »
Problem is solved!
It was the MTU value on the sys-vpn. I set there 1380 and it works!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
problems with resolving speed