On 1/6/21 9:14 AM, Michael Tremer wrote: > Hello, > >> On 6 Jan 2021, at 12:02, Paul Simmons wrote: >> >> On 1/6/21 4:17 AM, Jonatan Schlag wrote: >>> When unbound has no information about a DNS-server >>> a timeout of 376 msec is assumed. This works well in a lot of situations, >>> but they mention in their documentation that this could be way too low. >>> They recommend a timeout of 1126 msec for satellite connections >>> (https://nlnetlabs.nl/documentation/unbound/unbound.conf). >>> Settings this value to 1126 msec should make the first queries to an >>> unknown server, more useful. >>> They do not timeout and so these queries do not need to be sent again. >>> >>> On a stable link, this behaviour should not have negative implications. >>> As the first result of queries arrive the timeout value gets updated, >>> and the high value of 1126 msec gets set to something useful. >>> >>> Signed-off-by: Jonatan Schlag >>> --- >>> config/unbound/unbound.conf | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf >>> index f78aaae8c..02f093015 100644 >>> --- a/config/unbound/unbound.conf >>> +++ b/config/unbound/unbound.conf >>> @@ -62,6 +62,7 @@ server: >>> # Timeout behaviour >>> infra-keep-probing: yes >>> + unknown-server-time-limit: 1128 >>> # Bootstrap root servers >>> root-hints: "/etc/unbound/root.hints" > I am not entirely sure what this is supposed to fix. > > It is possible that a DNS response takes longer than 376ms, indeed. Does it harm us if we send another packet? No. > > So what is this changing in real life? > >> This sounds promising to me, as I have many DNS lookup timeouts (ISP is HughesNot, er, HughesNet). > @Paul: I am not sure if the solution is to increase timeouts. In my point of view, you should change the name servers. > >> +1 >> >> Paul Greetings, Michael.  The two DNS servers I use have ping times of 631ms (addr 9.9.9.10) and 742ms (addr 81.3.27.54). I tested the ping times of the first 27 IPV4 address of servers listed in the wiki. The times ranged from 596ms to 857ms, so I question if changing servers will afford any measurable relief. Thank you, Paul