Maintained by: NLnet Labs

[Unbound-users] resolver & performance issues

Chris Smith
Fri Oct 3 17:12:39 CEST 2008


Hello,

New to the list and running unbound svn rev 1281.

With unbound I'm not able to successfully resolve a particular IP address and 
the query times are very long compared to bind. Also dig's "+trace" does not 
appear to work from systems on my lan.
=====================================================================
BIND:
=====================================================================
davinci ~ # dig www.xo.com                                                                               

; <<>> DiG 9.5.0-P2 <<>> www.xo.com
;; global options:  printcmd       
;; Got answer:                     
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10842
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;www.xo.com.                    IN      A

;; ANSWER SECTION:
www.xo.com.             10800   IN      A       205.158.160.76

;; AUTHORITY SECTION:
.                       517541  IN      NS      E.ROOT-SERVERS.NET.
.                       517541  IN      NS      H.ROOT-SERVERS.NET.
.                       517541  IN      NS      A.ROOT-SERVERS.NET.
.                       517541  IN      NS      J.ROOT-SERVERS.NET.
.                       517541  IN      NS      F.ROOT-SERVERS.NET.
.                       517541  IN      NS      M.ROOT-SERVERS.NET.
.                       517541  IN      NS      L.ROOT-SERVERS.NET.
.                       517541  IN      NS      K.ROOT-SERVERS.NET.
.                       517541  IN      NS      G.ROOT-SERVERS.NET.
.                       517541  IN      NS      D.ROOT-SERVERS.NET.
.                       517541  IN      NS      B.ROOT-SERVERS.NET.
.                       517541  IN      NS      C.ROOT-SERVERS.NET.
.                       517541  IN      NS      I.ROOT-SERVERS.NET.

;; Query time: 96 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:19:18 2008         
;; MSG SIZE  rcvd: 255                    

davinci ~ # dig -x 205.158.160.76

; <<>> DiG 9.5.0-P2 <<>> -x 205.158.160.76
;; global options:  printcmd              
;; Got answer:                            
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38857
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;76.160.158.205.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
76.160.158.205.in-addr.arpa. 43200 IN   PTR     xonlbvip.pla.dc.xo.com.

;; AUTHORITY SECTION:
.                       517534  IN      NS      M.ROOT-SERVERS.NET.
.                       517534  IN      NS      K.ROOT-SERVERS.NET.
.                       517534  IN      NS      H.ROOT-SERVERS.NET.
.                       517534  IN      NS      A.ROOT-SERVERS.NET.
.                       517534  IN      NS      E.ROOT-SERVERS.NET.
.                       517534  IN      NS      D.ROOT-SERVERS.NET.
.                       517534  IN      NS      B.ROOT-SERVERS.NET.
.                       517534  IN      NS      J.ROOT-SERVERS.NET.
.                       517534  IN      NS      I.ROOT-SERVERS.NET.
.                       517534  IN      NS      F.ROOT-SERVERS.NET.
.                       517534  IN      NS      C.ROOT-SERVERS.NET.
.                       517534  IN      NS      G.ROOT-SERVERS.NET.
.                       517534  IN      NS      L.ROOT-SERVERS.NET.

;; Query time: 69 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:19:25 2008         
;; MSG SIZE  rcvd: 292                    

davinci ~ # dig -x 209.119.112.2

; <<>> DiG 9.5.0-P2 <<>> -x 209.119.112.2
;; global options:  printcmd             
;; Got answer:                           
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45146
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;2.112.119.209.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
2.112.119.209.in-addr.arpa. 10800 IN    PTR     smtp.hq.theauditors.com.

;; AUTHORITY SECTION:
.                       517521  IN      NS      D.ROOT-SERVERS.NET.
.                       517521  IN      NS      B.ROOT-SERVERS.NET.
.                       517521  IN      NS      C.ROOT-SERVERS.NET.
.                       517521  IN      NS      A.ROOT-SERVERS.NET.
.                       517521  IN      NS      M.ROOT-SERVERS.NET.
.                       517521  IN      NS      K.ROOT-SERVERS.NET.
.                       517521  IN      NS      L.ROOT-SERVERS.NET.
.                       517521  IN      NS      E.ROOT-SERVERS.NET.
.                       517521  IN      NS      I.ROOT-SERVERS.NET.
.                       517521  IN      NS      J.ROOT-SERVERS.NET.
.                       517521  IN      NS      F.ROOT-SERVERS.NET.
.                       517521  IN      NS      G.ROOT-SERVERS.NET.
.                       517521  IN      NS      H.ROOT-SERVERS.NET.

;; Query time: 63 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:19:38 2008         
;; MSG SIZE  rcvd: 292                    
=====================================================================
UNBOUND-SVN revision 1281:
=====================================================================
davinci ~ # dig www.xo.com                                                                             

; <<>> DiG 9.5.0-P2 <<>> www.xo.com
;; global options:  printcmd       
;; Got answer:                     
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20202
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;www.xo.com.                    IN      A

;; ANSWER SECTION:
www.xo.com.             10800   IN      A       205.158.160.76

;; AUTHORITY SECTION:
xo.com.                 10800   IN      NS      ns2.xo.com.
xo.com.                 10800   IN      NS      ns3.xo.com.
xo.com.                 10800   IN      NS      ns1.xo.com.

;; ADDITIONAL SECTION:
ns1.xo.com.             10800   IN      A       207.155.248.16
ns2.xo.com.             10800   IN      A       207.155.252.16
ns3.xo.com.             10800   IN      A       207.88.20.31  

;; Query time: 562 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:19:55 2008         
;; MSG SIZE  rcvd: 146                    

davinci ~ # dig -x 205.158.160.76

; <<>> DiG 9.5.0-P2 <<>> -x 205.158.160.76
;; global options:  printcmd              
;; Got answer:                            
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28887
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;76.160.158.205.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
76.160.158.205.in-addr.arpa. 43200 IN   PTR     xonlbvip.pla.dc.xo.com.

;; AUTHORITY SECTION:
160.158.205.in-addr.arpa. 43200 IN      NS      nameserver.concentric.net.
160.158.205.in-addr.arpa. 43200 IN      NS      nameserver1.concentric.net.
160.158.205.in-addr.arpa. 43200 IN      NS      nameserver2.concentric.net.
160.158.205.in-addr.arpa. 43200 IN      NS      nameserver3.concentric.net.
160.158.205.in-addr.arpa. 10800 IN      NS      ns1.pla.dc.xo.com.         
160.158.205.in-addr.arpa. 43200 IN      NS      ns1.pla.dc.xo.com.         

;; Query time: 731 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:20:06 2008         
;; MSG SIZE  rcvd: 230                    

davinci ~ # dig -x 209.119.112.2

; <<>> DiG 9.5.0-P2 <<>> -x 209.119.112.2
;; global options:  printcmd             
;; Got answer:                           
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62990
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.112.119.209.in-addr.arpa.    IN      PTR

;; Query time: 765 msec
;; SERVER: 192.168.107.4#53(192.168.107.4)
;; WHEN: Fri Oct  3 10:20:17 2008
;; MSG SIZE  rcvd: 44
=====================================================================

Notice that "dig -x 209.119.112.2" receives no answer when using unbound.