Hi .*, I noticed that sometimes, Unbound takes many seconds before replying to a client that a lookup failed (ServFail):
# client: 192.0.2.25 # unbound:172.20.21.10 $ tcpdump -ttt -nr dns.pcap udp port 56379 2>/dev/null 00:00:00.000000 IP 192.0.2.25.56379 > 172.20.21.10.53: 15985+ PTR? 69.82.133.155.in-addr.arpa. (44) 00:00:46.092701 IP 172.20.21.10.53 > 192.0.2.25.56379: 15985 ServFail 0/0/0 (44) In this particular case, it seems to be a dead upstream NS so Unbound is not to blame. What I'd like to know is if there is a way to configure Unbound to fail earlier? Something like sending a ServFail to the client if the answers isn't received inside of X milliseconds. Thanks in advance, Simon P.S.: Those delayed replies sent by Unbound to the client are dropped by iptables as UDP connections expire after 30 seconds (net.netfilter.nf_conntrack_udp_timeout). This in turn, spams my logs and my inbox. We all love logcheck don't we?
