Maintained by: NLnet Labs

Unbound: slow issues.

tailings at gmx.com
Tue Oct 25 16:55:09 CEST 2016


Please, let me add I am using LibreSSL instead OpenSSL.

Thank you.


On 23/10/16 20:25, tailings--- via Unbound-users wrote:
> Hello,
>
> I am running Unbound on FreeBSD, initially 10.3 and now 11, I tried 
> the one on the FreeBSD Base, and now the Port (unbound-1.5.10) 
> compiled with libevent support.
>
> The problem I am experiencing is, from time to time unbound become 
> utterly slow or do not resolve anything, or almost anything.
>
> I did several changes on unbound.conf file and the problem now return 
> about one time a day when just me (one user) is using Unbound as 
> resolver. If a second user begin to using Unbound at same time it 
> became slow as described until it have just one user again.
>
> I opened a post on FreeBSD forum, what have more information:
>
> https://forums.freebsd.org/threads/57493/
>
> I need to add I also tried without success to disable PF firewall 
> looking for any kind of firewall related issue. Also, this is my 
> current unbound.conf:
>
>
> # This file was generated by local-unbound-setup.
> # Modifications will be overwritten.
> server:
>         port: 53
>         username: unbound
>         directory: /usr/local/etc/unbound
>         chroot: /usr/local/etc/unbound
>         pidfile: /usr/local/etc/unbound/unbound.pid
>         auto-trust-anchor-file: /usr/local/etc/unbound/root.key
>         root-hints: "/usr/local/etc/unbound/root.hints"
>
>         logfile: log/unbound.log
>         log-time-ascii: yes
>         val-log-level: 2
>
>         do-ip6: no
>         do-tcp: yes
>
>         interface: 127.0.0.2
>         interface: 192.168.0.220
>
>         access-control: 127.0.0.2/16 allow
>         access-control: 192.168.0.0/24 allow
>
>         private-address: 192.168.0.0/24
>         private-domain: mydomain.com
>
>         qname-minimisation: yes
>         minimal-responses: no
>         hide-identity: yes
>         hide-version: yes
>         do-not-query-localhost: no
>         val-clean-additional: yes
>
>         harden-glue: yes
>         harden-dnssec-stripped: yes
>
>         unwanted-reply-threshold: 10000
>
>         prefetch: yes
>         prefetch-key: yes
>
>         cache-min-ttl: 3600
>         cache-max-ttl: 86400
>
>         num-threads: 4
>         msg-cache-slabs: 8
>         rrset-cache-slabs: 8
>         infra-cache-slabs: 8
>         key-cache-slabs: 8
>         rrset-cache-size: 100m
>         msg-cache-size: 50m
>         outgoing-range: 8192
>         num-queries-per-thread: 4096
>         so-rcvbuf: 1m
>         so-sndbuf: 1m
>
>         unblock-lan-zones: yes
>         insecure-lan-zones: yes
>
> include: /usr/local/etc/unbound/conf.d/*.conf
>
> #forward-zone:
> #       name: .
> #       forward-addr: 189.38.95.95
> #       forward-addr: 189.38.95.96
>
> remote-control:
>         control-enable: yes
>         control-interface: /usr/local/etc/unbound/unbound.ctl
>         control-use-cert: no
>
>
> Thank you!
> Alex.