Sites load weirdly slowly on occasion

I don't get any loading errors per se but sometimes it just takes a long time to connect to a site (especially if it's my first visit in a while and the computer's been idle - though strangely this doesn't happen when trying to trigger it by visiting sites that are new to me). This apparently happens even with ping:

Summary
$ ping duckduckgo.com
PING duckduckgo.com (52.149.246.39) 56(84) bytes of data.
64 bytes from 52.149.246.39: icmp_seq=1 ttl=110 time=29.2 ms
64 bytes from 52.149.246.39: icmp_seq=2 ttl=110 time=36.7 ms
64 bytes from 52.149.246.39: icmp_seq=3 ttl=110 time=29.9 ms
64 bytes from 52.149.246.39: icmp_seq=4 ttl=110 time=29.5 ms
64 bytes from 52.149.246.39: icmp_seq=5 ttl=110 time=29.0 ms
64 bytes from 52.149.246.39: icmp_seq=6 ttl=110 time=28.7 ms
64 bytes from 52.149.246.39: icmp_seq=7 ttl=110 time=25.7 ms
64 bytes from 52.149.246.39: icmp_seq=8 ttl=110 time=29.4 ms
64 bytes from 52.149.246.39: icmp_seq=9 ttl=110 time=28.2 ms
64 bytes from 52.149.246.39: icmp_seq=10 ttl=110 time=27.0 ms
64 bytes from 52.149.246.39: icmp_seq=11 ttl=110 time=28.8 ms
64 bytes from 52.149.246.39: icmp_seq=12 ttl=110 time=28.5 ms
^C
--- duckduckgo.com ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 20054ms
rtt min/avg/max/mdev = 25.660/29.221/36.686/2.516 ms

Note the total time compared to the number of pings - it took 10 seconds to get the first reply.

Firefox similarly just sits there "waiting for [site]" or whatever in the corner. If it helps, the ping test was performed right after this happened in Firefox, but after Firefox actually resolved and loaded the site (and ping still hung).

I'm using Ubuntu 20.04 connected over Wi-Fi. This seems to be specific to sites I haven't used in a little while; something like a Youtube video will keep playing even through this and will still refresh buffer (let alone run out).

I'm running OpenWRT 23.05.3, but it was doing this for OpenWRT 23.05.2 before. This is connected to a cable modem over Ethernet and I do have a double NAT.

What information would you need about my system or router to help me figure out why this happens and if it's dangerous?

Seems very unlikely this is coming from within your home network.

You could set up a ping from your PC to the cable modem and let it run for an hour to see if there are any spikes - if there aren't then the problem is outside your network / at the cable to cable modem interface.

10s for first ping means it is DNS lookup takes time...
Lets check:

opkg update
opkg install procps-ng-pkill
pkill -usr1 dnsmasq
logread -e dnsmasq | tail -20

Should show something like

Thu May  2 05:46:48 2024 daemon.info dnsmasq[1]: cache size 10000, 0/504684 cache insertions re-used unexpired cache entries.
...
Thu May  2 05:46:48 2024 daemon.info dnsmasq[1]: server 127.0.0.1#5453: queries sent 183024, retried 0, failed 3355, nxdomain replies 57, avg. latency 98ms

First line showing dnsmasq deleting cached DNS responses before time
Last lines showing if any of your provider's DNS server is glitching

So I got the following:

Summary
Thu May  2 23:05:19 2024 daemon.info dnsmasq[1]: server <snipped>#53: queries sent 23329, retried 74, failed 22, nxdomain replies 1586, avg. latency 32ms
Thu May  2 23:05:19 2024 daemon.info dnsmasq[1]: server <snipped>#53: queries sent 9517, retried 30, failed 11, nxdomain replies 337, avg. latency 22ms

I have some errors but also some "retried" entries. I'm guessing those are the slow ones? Or is this relatively normal and the issue's somewhere else?

Is the solution using a different DNS server?

Yes, change to opendns or cloudflare dns and see if the retries stop

1 Like

You can increase cache size in luci/network/dhcp and dns/limits from default 1000, maximum 10000 is like 2.5MB memory consumed, likely not to be a concern at all.

server response times seem good for now. But you can enter any public DNS serverS (2 or 3) in dhcp/forwards. List: https://www.lifewire.com/free-and-public-dns-servers-2626062

retried (one in 300) means >1s response time, while failed (one in 1000) is >5s and (windows) client retried.

1 Like

Are you using any adblocking packages on the router? The dnsmasq may slow down when using large blocklists.

I don't have any ad block stuff installed, in case that helps in future. I do have some DNS stuff set up for a second guest AP, but the issues I experienced are in the main AP on a different radio. I had not made changes for that AP's settings.

Kudos for your prompt replies, then I'd stick to recommendations by @brada4 and @jdwl1o1 to try switching to known-fast DNS servers.

You may also consider posting your dhcp, network and wireless configs for review (obviously redacting sensitive information).

1 Like

DHCP

Summary
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'GUEST'
	option interface 'GUEST'
	option start '2'
	option limit '250'
	option leasetime '12h'
	option ra_useleasetime '1'

Network

Summary
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '1234567890'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '1234567890'
	option netmask '1234567890'
	option ip6assign '60'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config interface 'GUEST'
	option proto 'static'
	option device 'phy0-ap1'
	list ipaddr '1234567890'

Wireless

Summary
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wifi'
	option channel '1'
	option band '2g'
	option htmode 'HE20'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid '1234567890'
	option encryption 'psk2'
	option key '1234567890'
	option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/18000000.wifi+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '1234567890'
	option encryption 'sae'
	option key '1234567890'
	option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '1234567890'
	option encryption 'psk2'
	option isolate '1'
	option key '1234567890'
	option wpa_disable_eapol_key_retries '1'
	option network 'GUEST'

You did not increase cache size yet....

Oops. Fixed now.

So I've figured out that alternate DNS can be set from the advanced network interface if I unselect to "Use DNS servers advertised by peer" and add my own... Is that the normal way to do so or is there an option under Network > DNS and DHCP too?

I'm trying meanwhile to figure out how to set up encrypted DNS and the most I managed to do is not get any DNS. I was trying some other stuff at the same time and need to figure out if that affected it (was adding dawn alongside https-dns-proxy and travelmate (so I could have the router near my PC I was working on). That build also had the nginx-ssl luci frontend). When I get some time I was going to try those in combination but it's also possible I'm missing something obvious there.

Do not change rhere, add new forwarders in dns/dhcp

So I must be missing or misreading something. Here's what I see in that screen:


How do I add DNS?

At least until I figure out how to make encrypted DNS work... I've followed the wiki on luci-app-https-dns-proxy or whatever the exact name is, but I don't have working DNS on router or downstream PC.


1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.