Maintained by: NLnet Labs

slow responses

Simon Deziel
Wed Mar 9 20:43:04 CET 2016

Hi .*,

I noticed that sometimes, Unbound takes many seconds before replying to
a client that a lookup failed (ServFail):

# client:
# unbound:
$ tcpdump -ttt -nr dns.pcap udp port 56379 2>/dev/null
00:00:00.000000 IP > 15985+ PTR? (44)
00:00:46.092701 IP > 15985 ServFail
0/0/0 (44)

In this particular case, it seems to be a dead upstream NS so Unbound is
not to blame.

What I'd like to know is if there is a way to configure Unbound to fail
earlier? Something like sending a ServFail to the client if the answers
isn't received inside of X milliseconds.

Thanks in advance,

P.S.: Those delayed replies sent by Unbound to the client are dropped by
iptables as UDP connections expire after 30 seconds
(net.netfilter.nf_conntrack_udp_timeout). This in turn, spams my logs
and my inbox. We all love logcheck don't we?