Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
DNS resolving takes seconds, caching does not work
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS resolving takes seconds, caching does not work (Read 5619 times)
zuse
Newbie
Posts: 2
Karma: 0
DNS resolving takes seconds, caching does not work
«
on:
January 20, 2017, 03:36:42 pm »
Hi,
I ran into a series of strange problems with the DNS resolver and the firewall. DNS queries take ~5 sec to resolve and it seems like the caching does not work since the same query issued immediately after takes 5 secs again. When querying 8.8.8.8 directly, the query only takes 53 msec.
Then I took a look in the firewall log and saw these very strange packets on my WAN interface:
pass - wan(OUT) - from: 79.221.XXX.XXX:31056 - to: 10.4.0.1:53 - UDP
Neither do I use the destination IP range 10.4.0.0/16 anywhere on my internal net, nor did I specify it anywhere to be used for DNS lookups. Furthermore have I enabled to block bogons on my WAN interface and I have in addition setup custom quick rules to block martian packets on WAN - including 10.0.0.0/8. When I clicked the pass button to find out what rule allowed the packet to pass it says:
@93 pass out log inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
Apart from that this rule is for inet6 and the packet in question was a IPv4 packet, I cannot find the location where this rule is defined.
Some additional information:
running 16.7.13 with the latest updates installed
using the DNS resolver from the Services tab (unbound 1.5.7)
Thanks
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: DNS resolving takes seconds, caching does not work
«
Reply #1 on:
January 21, 2017, 03:50:46 pm »
Are you allowing both 53 TCP and UDP? Many queries require TCP due to maximum payload size, especially IPv6 related queries.
Bart...
Logged
zuse
Newbie
Posts: 2
Karma: 0
Re: DNS resolving takes seconds, caching does not work
«
Reply #2 on:
January 22, 2017, 12:32:04 am »
yes I do. Doing lookups using drill and 8.8.8.8 as NS on the firewall resolves immediately.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
DNS resolving takes seconds, caching does not work