On 1/6/21 4:17 AM, Jonatan Schlag wrote:
> When unbound has no information about a DNS-server
> a timeout of 376 msec is assumed. This works well in a lot of situations,
> but they mention in their documentation that this could be way too low.
> They recommend a timeout of 1126 msec for satellite connections
> (https://nlnetlabs.nl/documentation/unbound/unbound.conf).
> Settings this value to 1126 msec should make the first queries to an
> unknown server, more useful.
> They do not timeout and so these queries do not need to be sent again.
>
> On a stable link, this behaviour should not have negative implications.
> As the first result of queries arrive the timeout value gets updated,
> and the high value of 1126 msec gets set to something useful.
>
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
>   config/unbound/unbound.conf | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
> index f78aaae8c..02f093015 100644
> --- a/config/unbound/unbound.conf
> +++ b/config/unbound/unbound.conf
> @@ -62,6 +62,7 @@ server:
>   
>   	# Timeout behaviour
>   	infra-keep-probing: yes
> +	unknown-server-time-limit: 1128
>   
>   	# Bootstrap root servers
>   	root-hints: "/etc/unbound/root.hints"

This sounds promising to me, as I have many DNS lookup timeouts (ISP is 
HughesNot, er, HughesNet).

+1

Paul