UDM Pro - DNS filtering slowing network to a crawl
Hello,
We are experiencing extremely slow speeds using the next DNS filtering service at one particular site. We use the service at approximately 25 sites with no issue. We have verified the firewall settings match exactly to the 25 other sites that are working correctly. When we enable the DNS addresses for the network that point the next d&s the network slows to a crawl. When we disable it, it works on. We have attempted this four or five times to verify that next DNS DNS addresses are in fact the problem. Please advise and thank you.
2 replies
-
Could you provide the site in question? You seem to have forgotten to include it in your post.
-
DNS itself usually won’t slow throughput directly, but failed lookups, timeout retries, IPv6 issues, or upstream packet loss can make the whole network appear extremely slow.
Since the same config works at 25 other sites, I’d compare what’s different at this location:
- ISP/modem differences
- IPv6 enabled vs disabled
- MTU issues
- WAN packet loss/latency
- Any DPI/content filtering upstream
- Whether the UDM is using plain DNS vs DoH/DoT
Also test:
nslookupresponse times- disabling IPv6 temporarily
- forcing alternate upstreams temporarily
- checking if clients are timing out then falling back to secondary resolvers
If enabling NextDNS immediately causes stalls, I’d strongly suspect transport/path issues rather than the filtering rules themselves.
Content aside
- 6 hrs agoLast active
- 2Replies
- 70Views
-
3
Following