Yes, it is truly annoying to operate unbound in a non-Internet or firewall-restricted environment.
Every start/restart takes ~2 minutes on my CentOS box. Even though I provide the root-hints to unbound as a file, it still wants to contact the root nameservers during startup.
I've found better results with unbound-control reload. It does something similar to restart or kill -9 + start, I am not aware of the exact difference tho.
It reloads unbound in a few seconds even in a restricted environment.
Additionally, nowhere in the documentation does it say what I need to do when I update the root.hints file, reload or restart ?
05.09.2019, 23:58, "Joe Abley via Unbound-users" <[email protected]>:
Hi Daniel,
On Sep 5, 2019, at 16:23, Guevara, Daniel via Unbound-users <[email protected]> wrote:
Rather than putting rules for all 26 root servers (both udp and tcp on port 53), it was easier for me to test by allowing all outbound (0.0.0.0/0) on port 53.
A minor correction; 13 root servers but 26 root server addresses (each
currently has one IPv4 and one IPv6 address).
Note also that the root servers are not the only things you need to be
able to reach if you want your nameserver to operate with full
recursive lookups and you want to be able to resolve things outside
the root, arpa and root-servers.net zones.
Joe
