From: Paul Simmons <mbatranch@gmail.com>
To: development@lists.ipfire.org
Subject: Re: [RFC] unbound: Increase timeout value for unknown dns-server
Date: Fri, 08 Jan 2021 02:25:59 -0600 [thread overview]
Message-ID: <94482533-2b11-9af4-1b08-b8b8f0f6332e@gmail.com> (raw)
In-Reply-To: <89BEBEA5-D070-49A3-899E-12CED79D6A95@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2320 bytes --]
On 1/6/21 9:14 AM, Michael Tremer wrote:
> Hello,
>
>> On 6 Jan 2021, at 12:02, Paul Simmons <mbatranch(a)gmail.com> wrote:
>>
>> On 1/6/21 4:17 AM, Jonatan Schlag wrote:
>>> When unbound has no information about a DNS-server
>>> a timeout of 376 msec is assumed. This works well in a lot of situations,
>>> but they mention in their documentation that this could be way too low.
>>> They recommend a timeout of 1126 msec for satellite connections
>>> (https://nlnetlabs.nl/documentation/unbound/unbound.conf).
>>> Settings this value to 1126 msec should make the first queries to an
>>> unknown server, more useful.
>>> They do not timeout and so these queries do not need to be sent again.
>>>
>>> On a stable link, this behaviour should not have negative implications.
>>> As the first result of queries arrive the timeout value gets updated,
>>> and the high value of 1126 msec gets set to something useful.
>>>
>>> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
>>> ---
>>> config/unbound/unbound.conf | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
>>> index f78aaae8c..02f093015 100644
>>> --- a/config/unbound/unbound.conf
>>> +++ b/config/unbound/unbound.conf
>>> @@ -62,6 +62,7 @@ server:
>>> # Timeout behaviour
>>> infra-keep-probing: yes
>>> + unknown-server-time-limit: 1128
>>> # Bootstrap root servers
>>> root-hints: "/etc/unbound/root.hints"
> I am not entirely sure what this is supposed to fix.
>
> It is possible that a DNS response takes longer than 376ms, indeed. Does it harm us if we send another packet? No.
>
> So what is this changing in real life?
>
>> This sounds promising to me, as I have many DNS lookup timeouts (ISP is HughesNot, er, HughesNet).
> @Paul: I am not sure if the solution is to increase timeouts. In my point of view, you should change the name servers.
>
>> +1
>>
>> Paul
Greetings, Michael. The two DNS servers I use have ping times of 631ms
(addr 9.9.9.10) and 742ms (addr 81.3.27.54).
I tested the ping times of the first 27 IPV4 address of servers listed
in the wiki.
The times ranged from 596ms to 857ms, so I question if changing servers
will afford any measurable relief.
Thank you,
Paul
next prev parent reply other threads:[~2021-01-08 8:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-06 10:17 Jonatan Schlag
2021-01-06 12:02 ` Paul Simmons
2021-01-06 15:14 ` Michael Tremer
2021-01-06 16:19 ` Tapani Tarvainen
2021-01-06 18:01 ` Michael Tremer
2021-01-08 8:25 ` Paul Simmons [this message]
[not found] <5BE69EAB-BD90-4999-97AE-8A89479AD080@gmail.com>
2021-01-07 11:27 ` Michael Tremer
2021-01-07 14:35 ` Tapani Tarvainen
2021-01-07 14:54 ` Michael Tremer
[not found] <20E5B302-A896-4BD2-BAD1-9D6A50831514@ipfire.org>
2021-01-09 15:04 ` Michael Tremer
2021-01-09 18:57 ` Paul Simmons
2021-01-10 14:07 ` Tapani Tarvainen
2021-01-12 5:07 ` Paul Simmons
2021-01-16 3:02 ` Paul Simmons
2021-01-16 8:13 ` Tapani Tarvainen
2021-01-19 6:22 ` Paul Simmons
2021-01-25 19:23 ` Michael Tremer
2021-01-25 20:29 ` Paul Simmons
2021-01-25 20:50 ` Michael Tremer
2021-01-11 11:10 ` Michael Tremer
2021-01-12 4:37 ` Paul Simmons
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=94482533-2b11-9af4-1b08-b8b8f0f6332e@gmail.com \
--to=mbatranch@gmail.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox