1
22.1 Legacy Series / Re: Unbound is slow?
« on: April 17, 2022, 05:27:03 pm »
Hey, thank you for your reply.
All clear, see attachment.
The weird part is that I don't see anything wrong with these stats, but I've tried multiple times and when unbound gets restarted the problem goes away.
I've attempted this in the past but went back to the blocklist when I noticed that the behavior was the same.
What I find odd is that Unbound is reporting "recursive replies" when, if you enable DNS over TLS in the settings, this is the config that gets generated:
Which if I'm not mistaken should cause Unbound to just work in forward mode for all domains.
Quote
What kind of hardware are you running Opnsense on processor / ramwise?
Code: [Select]
OPNsense 22.1.5-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022
Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (4 cores, 8 threads)
16Gb RAM
Quote
You have confirmed that everything is unchecked / no DNS servers are set in Networking part of System: Settings: General?
All clear, see attachment.
Quote
Please provide what the statistics tab is showing in Services:Unbound.
Code: [Select]
Thread 0
Recursion time (average): 0.066831
Recursion time (median): 0.0528201
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 798
Cache misses: 798
Cache hits: 580
Zero TTL: undefined
Prefetch: 0
Queries: 1378
Thread 1
Recursion time (average): 0.068602
Recursion time (median): 0.0534201
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 820
Cache misses: 820
Cache hits: 632
Zero TTL: undefined
Prefetch: 0
Queries: 1452
Thread 2
Recursion time (average): 0.066081
Recursion time (median): 0.051281
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 876
Cache misses: 876
Cache hits: 3669
Zero TTL: undefined
Prefetch: 0
Queries: 4545
Thread 3
Recursion time (average): 0.068600
Recursion time (median): 0.0515462
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 812
Cache misses: 812
Cache hits: 1674
Zero TTL: undefined
Prefetch: 0
Queries: 2486
Thread 4
Recursion time (average): 0.069425
Recursion time (median): 0.0513333
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 841
Cache misses: 841
Cache hits: 1621
Zero TTL: undefined
Prefetch: 0
Queries: 2462
Thread 5
Recursion time (average): 0.061700
Recursion time (median): 0.0518752
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 834
Cache misses: 834
Cache hits: 1575
Zero TTL: undefined
Prefetch: 0
Queries: 2409
Thread 6
Recursion time (average): 0.073829
Recursion time (median): 0.0522964
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 886
Cache misses: 886
Cache hits: 576
Zero TTL: undefined
Prefetch: 0
Queries: 1462
Thread 7
Recursion time (average): 0.066778
Recursion time (median): 0.0506368
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 831
Cache misses: 831
Cache hits: 589
Zero TTL: undefined
Prefetch: 0
Queries: 1420
Times
Now: 1650208872.638634
Uptime: 20893.715675
Elapsed: 20893.715675
Total
Recursion time (average): 0.067770
Recursion time (median): 0.0519011
TCP usage: 0
IP ratelimited queries: 0
Recursive replies: 6698
Cache misses: 6698
Cache hits: 10916
Zero TTL: undefined
Prefetch: 0
Queries: 17614
The weird part is that I don't see anything wrong with these stats, but I've tried multiple times and when unbound gets restarted the problem goes away.
Quote
To troubleshoot this I recommend turning off the blocklist. From reading these forums I have noticed that that functionality can add problems.
I do not use blocklist, have unbound set up to do dns over tls (using cloudflare), and resolve recursively.
These are my statistics (i7-7500u with 16gigs of ram):
I've attempted this in the past but went back to the blocklist when I noticed that the behavior was the same.
What I find odd is that Unbound is reporting "recursive replies" when, if you enable DNS over TLS in the settings, this is the config that gets generated:
Code: [Select]
# Forward zones over TLS
server:
tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::64@853
forward-addr: 2606:4700:4700::6400@853
Which if I'm not mistaken should cause Unbound to just work in forward mode for all domains.