Maintained by: NLnet Labs

Why are unbound-control local_zone_remove/local_zone/local_data so incredibly slow ?

Tim Smith
Mon Nov 28 13:18:47 CET 2016


Hello list,

I'm running Unbound 1.5.9 on OpenBSD 6.

I have the need to periodically add certain local data to unbound as
part of a dynamic security block list (i.e. redirect to null).  These
lists can be 30k+ items in length.

Originally, I had this scripted as follows :
   - Get and parse data into unbound config format
   - Reload unbound

Obviously the problem with that approach is that reloading unbound
causes cache to be flushed .... which is not cool.  However on the
plus side the script runs super-quick as its just a config reload !

So I looked at my options and came up with a second script :
   - Get and parse data into two groups :  remove and add
   - On "remove" set run unbound-control local_zone_remove
   - On "add" set run unbound-control local_zone and unbound-control local_data

The problem is its taking forever to process that because calls to
unbound-control are so slow !  e.g. its been well over an hour now and
it *still* hasn't finished processing 30k items.   The server is not
slow, the server is not heavily loaded, and my script is simple ....
the problem is very much the slowness of the calls to unbound-control.

Help !!

Thanks

Tim