On 1/6/21 9:14 AM, Michael Tremer wrote:
Hello,
On 6 Jan 2021, at 12:02, Paul Simmons mbatranch@gmail.com wrote:
On 1/6/21 4:17 AM, Jonatan Schlag wrote:
When unbound has no information about a DNS-server a timeout of 376 msec is assumed. This works well in a lot of situations, but they mention in their documentation that this could be way too low. They recommend a timeout of 1126 msec for satellite connections (https://nlnetlabs.nl/documentation/unbound/unbound.conf). Settings this value to 1126 msec should make the first queries to an unknown server, more useful. They do not timeout and so these queries do not need to be sent again.
On a stable link, this behaviour should not have negative implications. As the first result of queries arrive the timeout value gets updated, and the high value of 1126 msec gets set to something useful.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
config/unbound/unbound.conf | 1 + 1 file changed, 1 insertion(+)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index f78aaae8c..02f093015 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -62,6 +62,7 @@ server: # Timeout behaviour infra-keep-probing: yes
- unknown-server-time-limit: 1128 # Bootstrap root servers root-hints: "/etc/unbound/root.hints"
I am not entirely sure what this is supposed to fix.
It is possible that a DNS response takes longer than 376ms, indeed. Does it harm us if we send another packet? No.
So what is this changing in real life?
This sounds promising to me, as I have many DNS lookup timeouts (ISP is HughesNot, er, HughesNet).
@Paul: I am not sure if the solution is to increase timeouts. In my point of view, you should change the name servers.
+1
Paul
Greetings, Michael. The two DNS servers I use have ping times of 631ms (addr 9.9.9.10) and 742ms (addr 81.3.27.54).
I tested the ping times of the first 27 IPV4 address of servers listed in the wiki.
The times ranged from 596ms to 857ms, so I question if changing servers will afford any measurable relief.
Thank you,
Paul