problems with resolving speed

Started by bread, November 01, 2024, 05:45:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 01, 2024, 05:45:08 PM Last Edit: November 01, 2024, 06:08:23 PM by bread
Hi,

I get terrible resolving time especially at the beginning of loading some pages.
Something about 8 seconds!

the setting:
aduard 53 --> unbound 5353 --> some privacy friendly 4 x DoT upstream servers
+ IDS / IPS
unbound has the following points activated:
- Enable DNSSEC Support
- Register ISC DHCP4 Leases
- Register DHCP Static Mappings
- Do not register IPv6 Link-Local addresses
- Hide Identity / Version
- Harden DNSSEC Data
- Aggressive NSEC


I tried to deactivate adguard and IDS / IPS.
I changed DoT within unbound to 1.1.1.1.
I even changed DNS to 1.1.1.1 on the client, so it shouldn't use any internal DNS at all.
But the issue stays.

If I ping 1.1.1.1, I get immediate result of about 23ms,
but if I ping cloudflare.com, it lasts about 5-10 seconds till it starts and it lasts even between the pings about 3 seconds.
But the ping itself is still about 25-27ms.

So it seems to be a problem of DNS, but in which way, if I even set client DNS to 1.1.1.1??
iperf within LAN is about 900Mbits, so OK.

cheers
bread

edit:
OK, the problem was the VM within QubesOS!
The one, which has this terrible resolving goes over another network VM (sys-vpn) and not directly to firewall-vm. Even if VPN is not on, I get this kind of resolving. So it's a problem of routing in QubesOS!
November 01, 2024, 06:51:04 PM #1
Problem is solved!
It was the MTU value on the sys-vpn. I set there 1380 and it works!
Print
Go Up Pages1
User actions