Poor DNS performance
Hey guys,
My setup is a Firewall Gold with Ruckus Networks switches and access points
I'm testing out an Aruba UX sensor for work and noticed some interesting results on my network. I received alarms for poor DNS response time, so as an experiment I changed the DNS settings on my management network. By default, all of the networks have the DNS set to the Firewalla interface IP (or gateway IP for that subnet). On the management network, I changed the DNS settings to my ISPs DNS servers.
Results using Firewalla DNS: 74ms average lookup time
Results using ISP DNS: 34ms average lookup time
Is there anything I can do about this? Is this a known issue? I do have family protect enabled on some of my networks, so not sure if that is a factor or not. It seems that Firewalla is acting as a DNS cache or proxy. Maybe this is how it enforces family protect. Any information or help would be appreciated!
Good to know. I'm doing another test now where I changed the DNS servers to the Open DNS Family Shield IPs. If I get the same results as with the default gateway set I know the problem is Open DNS.
I just found this little tidbit here which makes sense.https://help.firewalla.com/hc/en-us/articles/4570608120979-Firewalla-DNS-Services#h_01FYDNDFPJ91AM9EQ3GMDYVH5D
"Please note that if a device has another DNS protocol (DoH/Family Protect/Unbound) enabled in the Firewalla app, Firewalla will no longer send that device's DNS requests to the configured DNS server– the other protocols take precedence."
One thing that's not clear to me is what happens if you have Family Protect disabled for a VLAN. What DNS server does it use by default? -
Okay so also just read about DNS booster which is enabled by default and I assume is required for things like Family Protect. Interesting that DNS response times aren't much quicker considering caching is involved.
Please sign in to leave a comment.