Maintained by: NLnet Labs

Unbound: slow issues.

tailings at gmx.com
Mon Oct 24 00:25:53 CEST 2016


Hello,

I am running Unbound on FreeBSD, initially 10.3 and now 11, I tried the 
one on the FreeBSD Base, and now the Port (unbound-1.5.10) compiled with 
libevent support.

The problem I am experiencing is, from time to time unbound become 
utterly slow or do not resolve anything, or almost anything.

I did several changes on unbound.conf file and the problem now return 
about one time a day when just me (one user) is using Unbound as 
resolver. If a second user begin to using Unbound at same time it became 
slow as described until it have just one user again.

I opened a post on FreeBSD forum, what have more information:

https://forums.freebsd.org/threads/57493/

I need to add I also tried without success to disable PF firewall 
looking for any kind of firewall related issue. Also, this is my current 
unbound.conf:


# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
         port: 53
         username: unbound
         directory: /usr/local/etc/unbound
         chroot: /usr/local/etc/unbound
         pidfile: /usr/local/etc/unbound/unbound.pid
         auto-trust-anchor-file: /usr/local/etc/unbound/root.key
         root-hints: "/usr/local/etc/unbound/root.hints"

         logfile: log/unbound.log
         log-time-ascii: yes
         val-log-level: 2

         do-ip6: no
         do-tcp: yes

         interface: 127.0.0.2
         interface: 192.168.0.220

         access-control: 127.0.0.2/16 allow
         access-control: 192.168.0.0/24 allow

         private-address: 192.168.0.0/24
         private-domain: mydomain.com

         qname-minimisation: yes
         minimal-responses: no
         hide-identity: yes
         hide-version: yes
         do-not-query-localhost: no
         val-clean-additional: yes

         harden-glue: yes
         harden-dnssec-stripped: yes

         unwanted-reply-threshold: 10000

         prefetch: yes
         prefetch-key: yes

         cache-min-ttl: 3600
         cache-max-ttl: 86400

         num-threads: 4
         msg-cache-slabs: 8
         rrset-cache-slabs: 8
         infra-cache-slabs: 8
         key-cache-slabs: 8
         rrset-cache-size: 100m
         msg-cache-size: 50m
         outgoing-range: 8192
         num-queries-per-thread: 4096
         so-rcvbuf: 1m
         so-sndbuf: 1m

         unblock-lan-zones: yes
         insecure-lan-zones: yes

include: /usr/local/etc/unbound/conf.d/*.conf

#forward-zone:
#       name: .
#       forward-addr: 189.38.95.95
#       forward-addr: 189.38.95.96

remote-control:
         control-enable: yes
         control-interface: /usr/local/etc/unbound/unbound.ctl
         control-use-cert: no


Thank you!
Alex.