Has anyone done any testing with the various Unbound logging options and their effect on performance? The help text talks about query and reply logging being a significant performance hit but searching around I haven't been able to find any metrics regarding it.
I'm curious how much it scales and what the bottlenecks are.
I have occasionally run unbound with query and reply logging enabled for troubleshooting purposes, but didn't really benchmark it. Running on bare metal and relatively modern hardware, I found it nothing to worry about, performance-wise, at least in a small office / home office setting. Larger and/or virtualized setups may be different, though.
I did turn it on and had the same experience, but then I fall into the SOHO category, which is why I asked about larger scales.
I did discover that there's a few different ways to log things in Unbound.
1. Log queries and replies. This provides a log line with the client ip and the requested domain, then a log line with the client IP, domain, and result info, but not IPs.
2. Use an Inform zone. This provides a log line with the client ip and port along with the request domain. Basically the same as log query except for the addition of the port.
3. Local local zone actions. This probides the same info as Inform but for all zones instead of just the single zone.
I didn't benchmark any of these to determine a performance difference, but unfortunately there does not seem to be any way to configure Unbound to log the IPs of the lookups. Even configuring all logs to maximum levels only provides some of the upstream responses.