SOLVED: Fetch slow on CLI, but curl works just fine

Started by Clete2, January 04, 2025, 04:08:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 04, 2025, 04:08:30 PM Last Edit: January 04, 2025, 06:43:11 PM by Clete2 Reason: More troubleshooting
I'm trying to install AdGuard home from routerperformance.net's repo. I found that the "fetch" command hangs on DNS resolution, or connection instantiation, for over a minute each time it is used. curl doesn't have the same issue, and returns almost immediately.

Fetch hangs on "Resolving server address:..." for over a minute, and then quickly gets through the rest:
Code Select
root@OPNsense:~ # time fetch -v https://www.routerperformance.net/mimugmail-single.conf
resolving server address: www.routerperformance.net:443
SSL options: 82004850
Peer verification enabled
Using OpenSSL default CA cert file and path
Verify hostname
TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
Certificate subject: /CN=routerperformance.net
Certificate issuer: /C=US/O=Let's Encrypt/CN=R11
requesting https://www.routerperformance.net/mimugmail-single.conf
local size / mtime: 114 / 1733986251
remote size / mtime: 114 / 1733986251
mimugmail-single.conf                                  114  B 2141 kBps    00s
0.028u 0.000s 1:15.52 0.0% 24+204k 0+0io 0pf+0w

Curl takes less than a second in total:

Code Select
root@OPNsense:~ # time curl https://www.routerperformance.net/mimugmail-single.conf
mimugmail: {
  url: "https://opn-repo.routerperformance.net/repo-single/${ABI}",
  priority: 5,
  enabled: yes
}

0.013u 0.000s 0:00.61 1.6% 104+136k 0+0io 0pf+0w

This is causing my updates/system downloads to hang for a very long time. Why do these tools behave differently and what is causing fetch to be so slow?
January 04, 2025, 04:29:08 PM #1
Works for me. Probably a problem with IPv6 connectivity and curl and fetch reacting differently on that. You can check by using -4 and -6 for fetch.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
January 04, 2025, 05:45:36 PM #2
Quote from: meyergru on January 04, 2025, 04:29:08 PMWorks for me. Probably a problem with IPv6 connectivity and curl and fetch reacting differently on that. You can check by using -4 and -6 for fetch.

That's it. Fetch with -4 works flawlessly. Now to figure out why IPv6 DNS isn't working... Thank you!
January 04, 2025, 06:22:35 PM #3 Last Edit: January 04, 2025, 06:31:55 PM by Clete2
IPv6 DNS is working just fine from my laptop. IPv6 connectivity does as well. Even IPv6 DNS works on OPNSense, although I had to manually set it in the General settings.

IPv6 connectivity does not work when traffic is coming directly from OPNSense itself. Any hints would be appreciated, I have been searching up and down and unable to find anything.

Code Select
root@OPNsense:~ # netstat -nr6 | grep default
default                           fe80::...<my upstream gateway>%igb0 UG        igb0
January 04, 2025, 06:42:49 PM #4
Sorry for so many posts. I finally resolved the issue!

www.routerperformance.net does not have any AAAA records. I had accidentally turned on "Enable DNS64 Support" to synthesize quad A records for use in NAT64. I don't use NAT64 and never configured it, so the lack of AAAA records caused this site to be unreachable by OPNSense.

The simple fix: Disable DNS64 support on Unbound.
Print
Go Up Pages1
User actions