Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 3955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Very poor DNS performance

Geert Verstrepen

I'm running SFOS 17.5.8 MR-8 with home license and have issues with the DNS performance (server and internet performance are perfect).
My clients get the IP address of the XG as DNS resolver. In XG, the DNS is configured statit and points to 1.1.1.1 / 1.0.0.1.
I have a dozen of DNS host entries (.local) and one request route (.local2) to a DNS server behind a VPN.

After notifying slow page loading i did some debugging and it seems the DNS requests are causing the issues, i now use DNS benchmark to perform some additional testing and this confirms the issue:

Uncached performance is very bad (worst result 6 seconds for a lookup - the 2nd worst other DNS server is only 0,33s).

I run the XG for more than a year now and it seems i never had this kinds of issue, which make me think reason can be FW upgrade.

Anyone having issues ? Or could there be another cause ?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Would you please change the DNS to 8.8.8.8 and 8.8.4.4 and compare the resolution time with existing DNS IP configured in the XG firewall.

    Please create a separate DNS firewall rule for LAN to WAN zone and put the rule on top.

    Please bypass the DNS UDP port 53 from DOS settings.


  • 0 in reply to Keyur

    Hi,

    Thanks for your help.

    • I changed the DNS to the Google servers, this made --> No difference.
    • I created a DOS bypass rule * * * 53 UDP IPv4 --> No difference.
    • Finally, i made a FW rule from LAN zone any any to WAN zone any DNS with only masquerading enabled --> No difference.

    What is quite weard is that there is a very big deviation betweenrdifferent requests, direct to public servers, deviation is <0,1s, via XG it is at 0,8-0,9s.

  • 0 in reply to Geert Verstrepen

    Hi,

    what model XG (hardware)? Check memory and cpu load. Check your link speed.

    I gave up using 8.8.8.8 and 8.8.4.4 because they were inconsistent with their performance.

     

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    I'm running XG on a Qotom i5-5300U with 8GB ram and 64Gb SSD, system has a lot of spare power.

    The internet link is 160Mbps down / 20Mbps up, i ran a speedtest and it actually gets this figures.

    It really has something to do with the XG, when i attack the same DNS servers directly the results are 15x faster than via the XG. This additional latency is not normal.

    Meanwile, i also did a reboot, without result...

  • 0 in reply to Geert Verstrepen

    Hi  

    I would request you to contact technical support and open a service request to investigate the issue further and PM us the service request number.

    Please also verify that when you connect the same ISP directly user system what result you are getting for DNS lookup.

Reply Children