Hello, I operate a Tor Exit relay and was initially using Unbound as the caching DNS resolver. A few days ago the relay failed due to an interaction between the Tor relay daemon and the request timeout behavior of Unbound. The only solution was to switch to using Bind 9 as the DNS resolver.
While I appreciate the elegance and persistence of Unbound's timeout scheme, it breaks Tor and probably breaks other high-volume DNS requesters that expect the simple ten-second timeout behavior of 'named'. I suggest a configurable compatibility feature be added to Unbound to emulate Bind timeout behavior while preserving the Unbound timeout regime. Unbound would reply to DNS queries with an appropriate SERVFAIL message after ten seconds while continuing with the usual persistent effort to resolve the record and then cache the result if successful. An open Tor ticket providing details of the aforementioned failure is found at Tor #18580: exit relay fails with 'unbound' DNS resolver when lots of requests time-out https://trac.torproject.org/projects/tor/ticket/18580 Sincerely
