Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 3955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Very poor DNS performance

Geert Verstrepen

I'm running SFOS 17.5.8 MR-8 with home license and have issues with the DNS performance (server and internet performance are perfect).
My clients get the IP address of the XG as DNS resolver. In XG, the DNS is configured statit and points to 1.1.1.1 / 1.0.0.1.
I have a dozen of DNS host entries (.local) and one request route (.local2) to a DNS server behind a VPN.

After notifying slow page loading i did some debugging and it seems the DNS requests are causing the issues, i now use DNS benchmark to perform some additional testing and this confirms the issue:

Uncached performance is very bad (worst result 6 seconds for a lookup - the 2nd worst other DNS server is only 0,33s).

I run the XG for more than a year now and it seems i never had this kinds of issue, which make me think reason can be FW upgrade.

Anyone having issues ? Or could there be another cause ?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Would you please change the DNS to 8.8.8.8 and 8.8.4.4 and compare the resolution time with existing DNS IP configured in the XG firewall.

    Please create a separate DNS firewall rule for LAN to WAN zone and put the rule on top.

    Please bypass the DNS UDP port 53 from DOS settings.


  • 0 in reply to Keyur

    Hi,

    Thanks for your help.

    • I changed the DNS to the Google servers, this made --> No difference.
    • I created a DOS bypass rule * * * 53 UDP IPv4 --> No difference.
    • Finally, i made a FW rule from LAN zone any any to WAN zone any DNS with only masquerading enabled --> No difference.

    What is quite weard is that there is a very big deviation betweenrdifferent requests, direct to public servers, deviation is <0,1s, via XG it is at 0,8-0,9s.

Reply
  • 0 in reply to Keyur

    Hi,

    Thanks for your help.

    • I changed the DNS to the Google servers, this made --> No difference.
    • I created a DOS bypass rule * * * 53 UDP IPv4 --> No difference.
    • Finally, i made a FW rule from LAN zone any any to WAN zone any DNS with only masquerading enabled --> No difference.

    What is quite weard is that there is a very big deviation betweenrdifferent requests, direct to public servers, deviation is <0,1s, via XG it is at 0,8-0,9s.

Children