Slow initial DNS lookup

Started by Nnyan, April 09, 2021, 07:29:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 09, 2021, 07:29:47 PM
Hello all,

I've noticed a problem whenever anyone goes to a website for the first time.  It's fairly slow opening a webpage for the first time (browsers sit on "resolving host" for 10-20 secs or so).  I am currently using unbound with TLS going to Cloudflare.  Any guidance on this issue would be appreciated!

Thank you
April 09, 2021, 07:52:32 PM #1
I noticed in Interfaces > Diagnostics > DNS Lookup that 127.0.0.1 was list (along with other DNS services) and this was taking around 2.5x longer response times the first time I tested any specific website.  If I did the same website a second time (+) that went down to zero msec (the others were in the teens). 

Do I need to use 127.0.0.1 if I'm using unbound with TLS?  If not how do I remove this?
April 09, 2021, 08:01:12 PM #2
Ok if found how to stop using 127.0.0.1 in "DNS server options" but that still hasn't fixed the issue.
April 11, 2021, 01:37:54 AM #3
When I first setup opnsense I tried unbound with NextDNS  and also noticed slow dns resolution and ended up going back to dnsmasq.


Sent from my iPhone using Tapatalk
April 11, 2021, 07:09:05 AM #4
well, I feel a bit silly. Long story short I have an Unifi USW-24 switch that isn't playing nice with OPNsense (not sure why yet) and a laptop (that I used to try to pinpoint the source of the issue) with Docker Windows and Chocolately that was messing up 127.0.0.1 on that laptop.  Once I swapped out the Unit for Brocade ICX7250 the DNS issue on all my devices (except my test laptop went away.  The issue with that one went away after I uninstalled Docker).

So I'm back to having a kick-ass OPNsense deployment on my box.  Sorry, all for the false alarm.
April 13, 2021, 01:47:41 AM #5
Quote from: Nnyan on April 11, 2021, 07:09:05 AM
well, I feel a bit silly. Long story short I have an Unifi USW-24 switch that isn't playing nice with OPNsense (not sure why yet)

Unifi switches can have weird blocking issues (that don't always show in the UI either) if you don't manually set the RTSP to something other than the factory defaults: https://help.ui.com/hc/en-us/articles/360006836773-UniFi-USW-Configuring-Spanning-Tree-Protocol

Not saying that's the issue here but it can't hurt and might solve other future issues.
Print
Go Up Pages1
User actions