Hello, > On 6 Jan 2021, at 12:02, Paul Simmons wrote: > > On 1/6/21 4:17 AM, Jonatan Schlag wrote: >> When unbound has no information about a DNS-server >> a timeout of 376 msec is assumed. This works well in a lot of situations, >> but they mention in their documentation that this could be way too low. >> They recommend a timeout of 1126 msec for satellite connections >> (https://nlnetlabs.nl/documentation/unbound/unbound.conf). >> Settings this value to 1126 msec should make the first queries to an >> unknown server, more useful. >> They do not timeout and so these queries do not need to be sent again. >> >> On a stable link, this behaviour should not have negative implications. >> As the first result of queries arrive the timeout value gets updated, >> and the high value of 1126 msec gets set to something useful. >> >> Signed-off-by: Jonatan Schlag >> --- >> config/unbound/unbound.conf | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf >> index f78aaae8c..02f093015 100644 >> --- a/config/unbound/unbound.conf >> +++ b/config/unbound/unbound.conf >> @@ -62,6 +62,7 @@ server: >> # Timeout behaviour >> infra-keep-probing: yes >> + unknown-server-time-limit: 1128 >> # Bootstrap root servers >> root-hints: "/etc/unbound/root.hints" I am not entirely sure what this is supposed to fix. It is possible that a DNS response takes longer than 376ms, indeed. Does it harm us if we send another packet? No. So what is this changing in real life? > This sounds promising to me, as I have many DNS lookup timeouts (ISP is HughesNot, er, HughesNet). @Paul: I am not sure if the solution is to increase timeouts. In my point of view, you should change the name servers. > > +1 > > Paul