pfsense:dns:troubleshooting:slow_dns_response
This is an old revision of the document!
Table of Contents
PFSense - DNS - Troubleshooting - Slow DNS Response
Check what interfaces are running
Navigate to Diagnostics → Command Prompt.
pciconf -lv | grep -A1 -B3 network
returns:
em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet em1@pci0:2:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet em2@pci0:3:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet em3@pci0:4:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet em4@pci0:5:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet em5@pci0:6:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82583V Gigabit Network Connection' class = network subclass = ethernet
NOTE: This shows Intel NICs.
Intel usually works well with pfSense.
If on the otherhand this was not Intel, this could be a cause for the slowness.
Check DNS Resolver Caching Figures
Navigate to Diagnostics → Command Prompt.
unbound-control -c /var/unbound/unbound.conf stats_noreset | egrep 'total.num|cache.count'
returns:
total.num.queries=1297 total.num.queries_ip_ratelimited=0 total.num.cachehits=1026 total.num.cachemiss=271 total.num.prefetch=96 total.num.expired=88 total.num.recursivereplies=271 msg.cache.count=1552 rrset.cache.count=3277 infra.cache.count=3255 key.cache.count=132
NOTE: This combines the output of:
- unbound-control -c /var/unbound/unbound.conf stats_noreset | grep total.num
- unbound-control -c /var/unbound/unbound.conf stats_noreset | grep cache.count
Output is:
- num.queries: number of queries received by thread.
- num.cachehits: number of queries that were successfully answered using a cache lookup.
- num.cachemiss: number of queries that needed recursive processing.
- num.prefetch: number of cache prefetches performed.
- This number is included in cachehits, as the original query had the unprefetched answer from cache, and resulted in recursive processing, taking a slot in the requestlist.
- Not part of the recursivereplies (or the histogram thereof) or cachemiss, as a cache response was sent.
- num.zero_ttl: number of replies with ttl zero, because they served an expired cache entry.
- num.recursivereplies: The number of replies sent to queries that needed recursive processing.
- Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
- msg.cache.count: The number of items (DNS replies) in the message cache.
- rrset.cache.count: The number of RRsets in the rrset cache. This includes rrsets used by the messages in the message cache, but also delegation information.
- infra.cache.count: The number of items in the infra cache.
- These are IP addresses with their timing and protocol support information.
- key.cache.count: The number of items in the key cache.
- These are DNSSEC keys, one item per delegation point, and their validation status.
pfsense/dns/troubleshooting/slow_dns_response.1612111807.txt.gz · Last modified: 2021/01/31 16:50 by peter