On 05/25/2018 04:53 PM, Simon Deziel via Unbound-users wrote:
Having a local copy of the root zone using the auth-zone feature (or on
a local NSD) might help a little.
On 2018-05-25 03:31 PM, Florian Lohoff via Unbound-users wrote:
Hi,
We are running multiple unbound caches behind very long
Having a local copy of the root zone using the auth-zone feature (or on
a local NSD) might help a little.
On 2018-05-25 03:31 PM, Florian Lohoff via Unbound-users wrote:
>
> Hi,
>
> We are running multiple unbound caches behind very long latency
> sat links. We are seeing RTT of at least
Hi,
Forwarding all queries to other caching resolvers with low RTT to auth servers
(e.g. your ISP's resolver or 8.8.8.8) should improve resolution time.
But that wouldn't be optimal because Unbound chases CNAME chains
even if it forwards all queries to other resolver [1]. For more performance
Hi,
We are running multiple unbound caches behind very long latency
sat links. We are seeing RTT of at least 1000ms.
Sometimes recursing times spike up to 20 Seconds.
Is there an optimization guide on how to fine tune parameters
for those situations?
I have already seen jostle-timeout. I am
> James Cloos via Unbound-users writes:
> I have a number of kvm instances running debian where unbound 1.7.1
> fails.
An LD_PRELOAD lib which implments getentropy(3) via read(3)ing
urandom(4) solved the bug.
Unbound *always* should fall back to urandom(4) when
W.C.A. Wijngaards via Unbound-users wrote:
> If you do a lot of DNSKEY queries, the prefetch-key: yes option
> prefetches the DNSKEY query when a referral is followed.
Nice :-)
Tony.
--
f.anthony.n.finch http://dotat.at/
South Fitzroy:
Hi Yuri,
Yes in these traces, cloudflare and 9.9.9.9 work once, but not all the
time. Something must be wrong in the calls that unbound makes.
It seems that unbound does not reset the events for closed file
descriptors, this makes the first one work, but others try to write when
the fd is not
Hi Yuri,
And here is the same executable but with counting that will exclude
addresses for which the connection doesn't establish. That would
exclude all (except one), looking at the logs.
open.nlnetlabs.nl/~wouter/unbound_rc45_fixnonestablishedtcp.exe
(This is again unbound.exe, rename it to
Hi Yuri,
From the logs, it looks like the connections to quad9 and cloudflare all
end, very quickly, with a tcperror. Some connections succeed, to quad9
at the 112. If you search for 'peer certificate' in the logs, you find
those cases, and also that it works and returns an answer.
It looks