Hi list

I have a hardware firewall which acts as local resolver. I want to replace the DNS part on the firewall with unbound and I'm using quite a basic configuration from CENTOS7.
The new setup is like this:
internet <-> firewall <-> unbound server

What I experience is that dns queries to domains i never queried before (thus making sure the query i not cached) is "slow" on on unbound. A query to such a domain can easily take some hundreds milliseconds, whereas on the Firewall resolver, the same querry is rarely higher than 100 ms.

A second querry is alway very fast (0-1 ms), which is no surprise.

When I run the provided warmup script from the package (also available here: https://github.com/breadwallet/unbound/blob/master/contrib/warmup.sh) this takes about 25 - 35 seconds when run for the first time.
# time /root/bin/warmup.sh
real    0m28.128s

Is this normal? What are your experiences? What could be the reason for the diverging query times on the firewall resolver and unbound?


