-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Will,
On 07/11/2014 01:07 AM, Will Yardley wrote: > I'm setting up Unbound for a new group of mail systems. The systems > have rbldnsd running on port 3768. I'm having trouble configuring > the forwarders statements. Additionally, uncached queries (whether > to the local rbldnsd or to external DNS servers) seem to take a bit > of time. > > This is the default unbound RPM for RHEL6: 1.4.21.1.el6 > > main pertinent performance related configs are: server: > num-threads: 16 outgoing-range: 8192 so-rcvbuf: 4m so-sndbuf: 4m > msg-cache-slabs: 16 num-queries-per-thread: 4096 rrset-cache-size: > 100m rrset-cache-slabs: 16 > > (system has 2x 8 cores @ 2.60 GHz, 15k disks in RAID 10). > > My config lists the forward address and alternate port as so (I've > tried changing the indenting, putting double-quotes around the > forward-addr statement, etc.). > > # tail -4 /etc/unbound/unbound.conf forward-zone: name: > "zen.spamhaus.org." forward-addr: 127.0.0.1@3768 You need to set do-not-query-localhost: no so that unbound can send queries to 127.0.0.1. Best regards, Wouter > Even though the forwarder seems to be listed (list_forwards doesn't > seem to print the alternate port information even when it's > configured and working: see below): # unbound-control list_forwards > zen.spamhaus.org. IN forward: 127.0.0.1 > > I get SERVFAIL when trying to do a lookup: # dig @localhost > 2.0.0.127.zen.spamhaus.org > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost > 2.0.0.127.zen.spamhaus.org ; (1 server found) ;; global options: > +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: > SERVFAIL, id: 54375 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, > AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org. IN A > > ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: > Thu Jul 10 15:50:55 2014 ;; MSG SIZE rcvd: 44 > > However, the alternate port can resolve it quite quickly: # time > dig @localhost -p 3768 2.0.0.127.zen.spamhaus.org +short 127.0.0.2 > 127.0.0.10 127.0.0.4 > > real 0m0.005s user 0m0.000s sys 0m0.003s > > > However, if I add the forwarder using unbound-control, it then > works, however, the query time is quite long: > > # unbound-control forward_add zen.spamhaus.org 127.0.0.1@3768 ok > > # unbound-control list_forwards zen.spamhaus.org. IN forward: > 127.0.0.1 > > # dig @localhost 2.0.0.127.zen.spamhaus.org > > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost > 2.0.0.127.zen.spamhaus.org ; (1 server found) ;; global options: > +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, > id: 9595 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, > ADDITIONAL: 0 > > ;; QUESTION SECTION: ;2.0.0.127.zen.spamhaus.org. IN A > > ;; ANSWER SECTION: 2.0.0.127.zen.spamhaus.org. 300 IN A > 127.0.0.10 > 2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.4 > 2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.2 > > ;; Query time: 1029 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; > WHEN: Thu Jul 10 15:51:25 2014 ;; MSG SIZE rcvd: 92 > > Any suggestions (and any performance tuning tips; I did try to > follow http://unbound.net/documentation/howto_optimise.html) would > be helpful. _______________________________________________ > Unbound-users mailing list [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTv4PPAAoJEJ9vHC1+BF+NZR4P/RoGudT2FVem+gP0iQbfNJjo xHCcdlata78rlosPb2F4wgD5thXlGr2hHddKWjnCA1Jcik97BD6ZPQNfRDrtQU8D vxEI+WxppH7OsBPnYvuk8kglo7vLAepcPgQKw8DBF5L0FLPqArgnn7QsuO7xMmz4 8lBaHaLbU+AIuHpcFzrUY9BdepwXsV36QpqfM45XY2kseAENapK+AVJeP0rDlGXf aXE+LrVF+CYya+O5FX98Bgtwh284SnH8kuyPV3qHkErLTiQGQbFqx/dyiQ0VV5LH Z2vbBMElJKxSqcoqWMghxHEzMLR9k6SvbW1ZRwv4vPpn6BQICDsnLgFr4inP7t2X vCpm5HZGoeaDjBMeNb2TizzUtQNY/q2fjaMPN6tn/phOXLRCybBlniUpSX0li1gR IQz8jKxMC/gH6aE1yjCzulWcv2zCTEjrBvnQC/s4Y/ihvWUQl44DUegXAlZY683B VvDWu7hPa4netoJrwT6OHfiTiq0RKD/aLHsFlVsuMf9/N/2rZAdaf8LPs7CtSR+C JN4JwmHN1aAu81/ZsCsI3jpCQ3+ZNpkb7gSmVzVkCOtQupE4M6acsG2NCIjO+uav 8MaUJGzGBqBwamheoLZJxuh2QQO0a1nA1m+uhU5HTZzUQIZE0J0h7+JlX4OYGMNJ IP5FQeHaOT+K9MWdG4cZ =LaRt -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
