On Sat, Jan 09, 2021 at 12:57:44PM -0600, Paul Simmons (mbatranch(a)gmail.com) wrote:

> I tested the ping (-c1) times for the first 27 IPv4 addresses in the DNS
> server list from the wiki.  I can test more, if desired.
> 
> The fastest return was 596ms, and the slowest was 857ms.  At present, I'm
> using 9.9.9.10 (631ms ping) and 81.3.27.54 (752ms ping).

Wow. That *is* slow.

> I'm willing to test Tapani's "/etc/unbound/local.d" proposal(s), if
> it will clarify the situation.

I think it would be very useful if you could test if changing the
limits actually helps in your situation.

It's easy enough to do: e.g.,

echo 'unknown-server-time-limit: 1128' >/etc/unbound/local.d/timeouts

and restart unbound and see if it makes a difference for you.

You might also try if non-TLS settings (TCP or UDP) work after that.

-- 
Tapani Tarvainen