From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tapani Tarvainen <ipfire@tapanitarvainen.fi>
To: development@lists.ipfire.org
Subject: Re: [RFC] unbound: Increase timeout value for unknown dns-server
Date: Sun, 10 Jan 2021 16:07:15 +0200
Message-ID: <20210110140715.GA598974@vesikko.tarvainen.info>
In-Reply-To: <096e8184-7dd0-e081-8b5a-c1f7c8dff476@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6256158601127127033=="
List-Id: <development.lists.ipfire.org>

--===============6256158601127127033==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 09, 2021 at 12:57:44PM -0600, Paul Simmons (mbatranch(a)gmail.com=
) wrote:

> I tested the ping (-c1) times for the first 27 IPv4 addresses in the DNS
> server list from the wiki.=C2=A0 I can test more, if desired.
>=20
> The fastest return was 596ms, and the slowest was 857ms.=C2=A0 At present, =
I'm
> using 9.9.9.10 (631ms ping) and 81.3.27.54 (752ms ping).

Wow. That *is* slow.

> I'm willing to test Tapani's "/etc/unbound/local.d" proposal(s), if
> it will clarify the situation.

I think it would be very useful if you could test if changing the
limits actually helps in your situation.

It's easy enough to do: e.g.,

echo 'unknown-server-time-limit: 1128' >/etc/unbound/local.d/timeouts

and restart unbound and see if it makes a difference for you.

You might also try if non-TLS settings (TCP or UDP) work after that.

--=20
Tapani Tarvainen

--===============6256158601127127033==--