I want to confirm if this behavior is to be expected… I have built a custom CentOS RPM (based on previous threads to use 1.9.3) since we just want to use unbound for forwarding and not do any validation. What I found is that the performance is significantly worse than the GA CentOS 7 RPM (1.6.6) with validation enabled.
We are testing resolution of 2000 domains. On the RPM we built the average is roughly 50 domains per second. The config only uses unbound as a forwarder: server: username: "unbound" pidfile: "/var/run/unbound.pid" verbosity: 2 interface: 127.0.0.1 do-ip6: no access-control: 127.0.0.0/8 allow domain-insecure: "." module-config: "iterator" prefetch: yes num-threads: 2 outgoing-range: 8192 num-queries-per-thread: 4096 so-reuseport: yes msg-cache-slabs: 2 rrset-cache-slabs: 2 infra-cache-slabs: 2 key-cache-slabs: 2 On the GA RPM (using the same config file) but with the following 2 options commented out: domain-insecure: "." module-config: "iterator" The performance is much better. We are able to do roughly 400 domains per second. I tried commenting them out on the 1.9.3 deployment and there was no noticeable performance impact. My main question is the behavior expected? I was under the impression that non-validating would be faster than a validating server. As stated before the main reason we are trying the custom build is to use unbound only for forwarding and not do root server look ups. Thanks, Daniel
