pfSense Gold Subscription

Author Topic: DNS Resolver random timeout  (Read 265 times)

0 Members and 1 Guest are viewing this topic.

Offline vrugaitis

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
DNS Resolver random timeout
« on: December 28, 2017, 12:41:37 pm »
Hello,

I have a pfSense 2.4.2 running with DNS Resolver, but I experience timeouts. This is very strange, since the timeouts occur randomly. Please find nslookup output below.

Code: [Select]
MacBook-Pro:~ NRM$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
;; connection timed out; no servers could be reached

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: pfsense.org
Address: 208.123.73.69

MacBook-Pro:~ NRM$ nslookup pfsense.org
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: pfsense.org
Address: 208.123.73.69

I have also checked dig and traceroute, the commands sometimes just timeout. What else could I test? What could I analyze?

Kind regards and thank you in advance!

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1786
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: DNS Resolver random timeout
« Reply #1 on: December 28, 2017, 12:49:50 pm »

Do you have any other devices on your network you could test with to rule out the laptop?

P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline Birke

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +13/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #2 on: December 29, 2017, 02:54:26 am »
if the timeouts occur, does a nslookup with an external dns server work (for example "nslookup pfsense.org 8.8.8.8")?
do you see the timeouts on normal internet traffic too?
do you see anything in the system logs that mitght be related (for example paketloss)?

first i would check with a parallel "ping 192.168.1.1 -t" and "ping 8.8.8.8 -t" if the timeouts occur in your network or outside.

Offline vrugaitis

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #3 on: December 30, 2017, 06:56:22 am »
Hello,

thank you for the fast reply!

Quote
Do you have any other devices on your network you could test with to rule out the laptop?
First I have ruled out the notebook by using a PC via LAN cable directly connected to the pfSense router. So the problems also occur.

Quote
if the timeouts occur, does a nslookup with an external dns server work (for example "nslookup pfsense.org 8.8.8.8")?
Works like a charm!

Quote
do you see the timeouts on normal internet traffic too?
Because the DNS entries are slowly or rather not (timeout...) translated into IP addresses, the web surfing also is disturbed. But when the connection is established, everything works just fine (video streaming, downloading files etc.)

Quote
do you see anything in the system logs that mitght be related (for example paketloss)?
The log displays a lot of errors with /rc.newwanipv6.
Code: [Select]
Dec 30 13:44:48 php-fpm 42079 /rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:44:48 php-fpm 42079 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:44:52 php-fpm 42079 /rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:44:52 php-fpm 42079 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:52 php-fpm 42079 /rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:52 check_reload_status Reloading filter
Dec 30 13:44:53 php-fpm 57332 /rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:44:53 php-fpm 57332 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:44:58 php-fpm 57332 /rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:44:58 php-fpm 57332 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:58 php-fpm 57332 /rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:44:58 check_reload_status Reloading filter
Dec 30 13:45:00 php-fpm 72599 /rc.newwanipv6: rc.newwanipv6: Info: starting on re0.
Dec 30 13:45:00 php-fpm 72599 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2a02:8109:f40:5ed4:e2d5:5eff:fe10:f803) (interface: wan) (real interface: re0).
Dec 30 13:45:04 php-fpm 72599 /rc.newwanipv6: ROUTING: setting default route to 192.168.0.1
Dec 30 13:45:04 php-fpm 72599 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:45:04 php-fpm 72599 /rc.newwanipv6: Removing static route for monitor fe80::5667:51ff:fe57:a4d3 and adding a new route through fe80::5667:51ff:fe57:a4d3%re0
Dec 30 13:45:05 check_reload_status Reloading filter

I am right to assume, the the connection between pfSense and the modem is causing the issue? That the pfSense tries to connect via IPv4 and IPv6 randomly and this is the cause of the timeouts?

Here is my simplified diagram of my setup. The router/modem is on top of pfSense, since my internet comes via television cable and not DSL. Just as an additional question, are there any PCI-E cards for television cable? So that I could add the PCI card to pfSense and get rid of the proprietary router/modem?

Modem/Router@192.168.0.1 <--- LAN ---> pfSense@192.168.1.1 <-- LAN/ WLAN --> Clients

Kind regards,
vrugaitis

Offline vrugaitis

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #4 on: December 30, 2017, 07:15:01 am »
As far as I can see, disabling IPv6 solves the issue. No more system logs and no more timeouts.

But why is it the case? I have seen different posts in this forum to the IPv6 problem, but I could not really find the cause of the issue? If it is possible, I would like to keep IPv6 enabled.

Thank you in advance!

Offline vrugaitis

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #5 on: January 06, 2018, 01:08:33 pm »
No ideas?

Offline FUNTOWNE

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #6 on: January 08, 2018, 07:10:43 am »
Throwing my hat in to the ring for this issue. 

I have found that disabling registering static leases in the DNS forwarder / resolver seems to stop the crashes (unticking both relevant tick boxes, dhcp registration and static dhcp).  A reboot seems to also be necessary after making this change.

I assume that your expectations were similar to mine, that the resolver could handle both local lookups and 'remote' lookups with IPv6 and IPv4 both enabled.

*edit*

The issue in this thread seems actually quite similar to what was discussed this thread: https://forum.pfsense.org/index.php?topic=89589.0 - my suggestions above don't appear to help at all.

The thread I linked above doesn't appear to have any 'final' fix other than to disable IPv6 for now.
« Last Edit: January 09, 2018, 07:20:31 am by FUNTOWNE »

Offline FUNTOWNE

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: DNS Resolver random timeout
« Reply #7 on: January 10, 2018, 07:14:45 am »
A temporary workaround that seems to be working so far is to use the BIND package.  IPv6 seems to work OK, I've yet to test some static assignments and pinging those.  It is promising so far.