DNS resolution problems with Twingate connected

Hey, I recently setup Twingate, works great for the things I set up, however, with Twingate connected to my network, any DNS requests, even to Twingate resource FQDNs, are incredibly slow to the point where before a first HTTP request happens in my browser, 11 seconds have passed. Is this a common issue? How can I fix this? Thanks.

This is odd behaviour. What are the DNS servers set to on your machine prior to connecting to Twingate? Do you have any sort of EDR or Filtering happening at the machine or network hardware level that might be mucking about with DNS?

The DNS servers are on auto at the moment, it seems my ethernet dongle always resets when connecting, however this happened on Wifi with 1.1.1.1, and on the dongle with 1.1.1.1, when Twingate is off, my internet connection works flawlessly.
There shouldn’t be any filtering or similar, just a simple home network, I am right behind the modem+router combo.

and it doesnt seem to care what domain youre trying to resolve?

If you do a nslookup www.google.com - what output do you get, and do you see the delay there as well?

Oh, interesting, when I tried nslookup, I saw no delay, so I tried if it’s actually getting messed up, it was, then I tried chrome instead of librewolf and got normal speed, odd.
What setting could do this? I don’t really see a reason for this though

Guess I’ll just use another browser, I cannot seem to find a setting which would fix this and even normal firefox doesn’t have this problem. I guess consider this solved for now.

It might be something related to DoH being enabled in LibreWolf, it looks like it’s a setting you can change, but I do not have access to an install to confirm this… Glad to hear it’s… sort of working :slight_smile:

Yeah, that does exist, I have it turned off though, so I have no clue what it’s doing.

oop, nevermind, seems other applications get affected too, up to 30 seconds to start a speedtest .-.
And no, it isn’t my internet, I get 5ms/500down/50up

I have the same problem.
After install twingate, DNS resolving needs several secounds.
When I deactivate twingate interface under networks (reboot is needed), it works as expected.
When I enter “nslookaup - 8.8.8.8” I get:

DNS request timed out.
timeout was 2 seconds.
Standardserver: UnKnown
Address: 8.8.8.8

when interface is activatet.

Hello!

the only thing I can think of and that could be causing this is if you had DoH / DNS-over-Https activated in your Twingate account and if the DoH provider configured was having some issues responding.

Here is the high level on how DNS resolution works in Twingate:

The Twingate Client, when active and authenticated, inserts itself as the first DNS resolver on the device, which means:

  • All DNS requests initiated on the device are handled by the local Twingate Resolver
  • if the domain requested matches a Twingate Resource, the Twingate resolver responds with an arbitrary CGNAT IP
  • if the domain requested does not match a Twingate Resource (and DoH is not active), the Twingate resolver sends the request to the second resolver locally on the system (the second resolver in that case is the first resolver configured on your system when the Twingate Client is offline)
  • if the domain requested does not match a Twingate Resource (and DoH is active), the Twingate resolver sends the request to the configured DoH provider for resolution

This all assumes of course that there is nothing else running on the same device competing to be the primary DNS resolver (hence Arthur’s question above about EDR, or filtering running concurrently).

Take a look at our full write up on how Twingate deals with DNS, lots of practical stuff in there you can replicate: How DNS Works with Twingate | Docs

I don’t think I have DoH, could it be that I have Tailscale? I think I tested without it too though, going to try again.

I did disable Tailscale and it still happens, stuff takes very long to load, for example when I run a voice chat app, it takes long to connect, but when it finally connects, it works just fine, for me indicating resolution issues. Happens similarly to all apps while Twingate is connected.

@vpokorny,

could you export your Twingate Client logs and send them to onboarding@twingate.com? We can certainly take a look and see if anything seems abnormal.

I have the problem regardless of whether Twingate is active or not. Only when I deactivate the twingate interface in network, the DNS response are without delays.

I am having a very similar issues, possible the same reason lying underneath, on my Windows 11 machine.

As soon as the Twingate Service starts and I am connected with my account in the Twingate client, the performance of the DNS resolution is worse and takes 5-7 seconds.

As soon as i close the client and the service, performance is great again, <1 second.

I tried playing arround with InterfaceMetric order, disabling LLMNR, nothing helped.

I solved my problem. It actually was a separate DNS configured in my Windows WSL2 resolv.conf which somehow stopped responding as soon as i started the Twingate client.
After removing it there and setting the same nameservers i have configured in my host Windows all is working fine.
The solution is described here.

1 Like

Hi @flogr,

thank you for sharing your solution! I have flagged it on our side to see if there is anything we can change on our side to make the troubleshooting & resolution of this issue easier.