:: Re: [DNG] Unbound details: was Mozi…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Rick Moen
Date:  
À: dng
Sujet: Re: [DNG] Unbound details: was Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
Quoting Steve Litt (slitt@???):

> So it's been about 2 weeks I've been using unbound, and subjectively,
> my web browsing has slowed, compared to the straight 8.8.8.8 and
> 8.8.4.4 I used before. Sometimes the browser's status bar says
> "resolving" during those delays, and sometimes it doesn't.
>
> It's been about 4 or 5 years since I last used djbdns, but IIRC I
> didn't have such delays with djbdns.


It couldn't hurt to compare results among recursive nameservers
available on Linux. FWIW, I've never seen either Unbound or any other
such software display symptoms such as you imply -- with the exception
of cases where the nameserver repeatedly tried IPv6-based resolution,
that timed out, and the nameserver fell back on IPv4-based
resolution.[1]

Open-source (and maintained) recursive nameservers for Linux, from
my bestiary (http://linuxmafia.com/faq/Network_Other/dns-servers.html):

o BIND9 (recusive functionality thereof)
o dnscache from djbdns
o Deadwood (next-generation effort from the MaraDNS author)
o PowerDNS Recursor
o Unbound

I'm not including the MaraDNS suite in the above list on grounds of
redundancy, because the suite's current recursive module _is_ Deadwood
by default, and used for recursive service unless you go out of your
way to substitute/enable the prior MaraDNS recursive code (not
recommended).


I commend you for trying to optimise Unbound's configuration. For
whatever reason, I've not felt a need to, to date. (It's always Just
Worked[tm], and the RAM/CPU load has been so low that performance tuning
has seemed pointless.)


[1] The best tool for figuring out DNS problems tends IMO to be 'dig'.
Please note its '-4' and '-6' switches to force IPv4 and IPv6 query modes.
The +tcp flag is sometimes also useful for diagnosis by overcoming the
UDP default for most operations, thereby exposing firewalling blunders.