pfSense: Unbound DNS Timeouts

Problem

Unbound DNS resolution was timing out when querying specific domains. After looking at logs and various settings it was determined that this was due to an insufficient MTU size.

Solution

Go to Services > DNS Resolver > Advanced Settings and change the EDNS Buffer Size. The help context message below the drop-down box reads:

Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value that is used in UDP datagrams sent to peers.
Auto mode sets optimal buffer size by using the smallest MTU of active interfaces and subtracting the IPv4/IPv6 header size.
If fragmentation reassemble problems occur, usually seen as timeouts, then a value of 1432 should help.
The 512/1232 values bypasses most IPv4/IPv6 MTU path problems, but it can generate an excessive amount of TCP fallback.

Changing the buffer size to 1432 resolved the issue for me.

Defining the Inventory

Defining Group Variables and Protecting Secrets

Example Playbook from Start to Finish

Automating with AWS Secrets Manager

Installing FleetDM Management Server

Adding FleetDM Hosts via Ansible

Adding Default Queries Library

Upgrading Fleet Versions

Troubleshooting

Modify the Wazuh Dashboards Session Timeout

Clustering: Same ZFS Pool on All Nodes

NFS: LXC Backups Permissions Issue (Synology)

pfSense: Unbound DNS Timeouts

Problem

Solution