I change my OpnSense to a new machine with more processors. It has now an i7 with 12 cores.Because of it the configuration of the Unbound is using 12 threads and 16 slabs in its autoconfiguration. The recursive resolution is just a part of total, but it seems way to much anyway. Below my config file and the resolution times.Code: [Select]########################### Unbound Configuration############################# Server configuration##server:chroot: /var/unboundusername: unbounddirectory: /var/unboundpidfile: /var/run/unbound.pidroot-hints: /var/unbound/root.hintsuse-syslog: yesport: 53verbosity: 0extended-statistics: yeslog-queries: yeshide-identity: yeshide-version: yesharden-referral-path: nodo-ip4: yesdo-ip6: yesdo-udp: yesdo-tcp: yesdo-daemonize: yesso-reuseport: yesmodule-config: "validator iterator"cache-max-ttl: 86400cache-min-ttl: 7200harden-dnssec-stripped: yesserve-expired: yesoutgoing-num-tcp: 50incoming-num-tcp: 50num-queries-per-thread: 8192outgoing-range: 16384infra-host-ttl: 900infra-cache-numhosts: 50000unwanted-reply-threshold: 0jostle-timeout: 200msg-cache-size: 50mrrset-cache-size: 100mnum-threads: 12msg-cache-slabs: 16rrset-cache-slabs: 16infra-cache-slabs: 16key-cache-slabs: 16auto-trust-anchor-file: /var/unbound/root.keyprefetch: yesprefetch-key: yes# Interface IP(s) to bind tointerface: 0.0.0.0interface: ::interface-automatic: yes# DNS Rebinding# For DNS Rebinding prevention## All these addresses are either private or should not be routable in the global IPv4 or IPv6 internet.## IPv4 Addresses#private-address: 0.0.0.0/8 # Broadcast addressprivate-address: 10.0.0.0/8private-address: 100.64.0.0/10private-address: 127.0.0.0/8 # Loopback Localhostprivate-address: 169.254.0.0/16private-address: 172.16.0.0/12private-address: 192.0.2.0/24 # Documentation network TEST-NETprivate-address: 192.168.0.0/16private-address: 198.18.0.0/15 # Used for testing inter-network communicationsprivate-address: 198.51.100.0/24 # Documentation network TEST-NET-2private-address: 203.0.113.0/24 # Documentation network TEST-NET-3private-address: 233.252.0.0/24 # Documentation network MCAST-TEST-NET## IPv6 Addresses#private-address: ::1/128 # Loopback Localhostprivate-address: 2001:db8::/32 # Documentation network IPv6private-address: fc00::/8 # Unique local address (ULA) part of "fc00::/7", not defined yetprivate-address: fd00::/8 # Unique local address (ULA) part of "fc00::/7", "/48" prefix groupprivate-address: fe80::/10 # Link-local address (LLA)# Access listsinclude: /var/unbound/access_lists.conf# Static host entriesinclude: /var/unbound/host_entries.conf# DHCP leases (if configured)include: /var/unbound/dhcpleases.conf# Domain overridesinclude: /var/unbound/domainoverrides.conf# Custom includesinclude: /var/unbound/etc/*.confremote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: /var/unbound/unbound_server.key server-cert-file: /var/unbound/unbound_server.pem control-key-file: /var/unbound/unbound_control.key control-cert-file: /var/unbound/unbound_control.pem
########################### Unbound Configuration############################# Server configuration##server:chroot: /var/unboundusername: unbounddirectory: /var/unboundpidfile: /var/run/unbound.pidroot-hints: /var/unbound/root.hintsuse-syslog: yesport: 53verbosity: 0extended-statistics: yeslog-queries: yeshide-identity: yeshide-version: yesharden-referral-path: nodo-ip4: yesdo-ip6: yesdo-udp: yesdo-tcp: yesdo-daemonize: yesso-reuseport: yesmodule-config: "validator iterator"cache-max-ttl: 86400cache-min-ttl: 7200harden-dnssec-stripped: yesserve-expired: yesoutgoing-num-tcp: 50incoming-num-tcp: 50num-queries-per-thread: 8192outgoing-range: 16384infra-host-ttl: 900infra-cache-numhosts: 50000unwanted-reply-threshold: 0jostle-timeout: 200msg-cache-size: 50mrrset-cache-size: 100mnum-threads: 12msg-cache-slabs: 16rrset-cache-slabs: 16infra-cache-slabs: 16key-cache-slabs: 16auto-trust-anchor-file: /var/unbound/root.keyprefetch: yesprefetch-key: yes# Interface IP(s) to bind tointerface: 0.0.0.0interface: ::interface-automatic: yes# DNS Rebinding# For DNS Rebinding prevention## All these addresses are either private or should not be routable in the global IPv4 or IPv6 internet.## IPv4 Addresses#private-address: 0.0.0.0/8 # Broadcast addressprivate-address: 10.0.0.0/8private-address: 100.64.0.0/10private-address: 127.0.0.0/8 # Loopback Localhostprivate-address: 169.254.0.0/16private-address: 172.16.0.0/12private-address: 192.0.2.0/24 # Documentation network TEST-NETprivate-address: 192.168.0.0/16private-address: 198.18.0.0/15 # Used for testing inter-network communicationsprivate-address: 198.51.100.0/24 # Documentation network TEST-NET-2private-address: 203.0.113.0/24 # Documentation network TEST-NET-3private-address: 233.252.0.0/24 # Documentation network MCAST-TEST-NET## IPv6 Addresses#private-address: ::1/128 # Loopback Localhostprivate-address: 2001:db8::/32 # Documentation network IPv6private-address: fc00::/8 # Unique local address (ULA) part of "fc00::/7", not defined yetprivate-address: fd00::/8 # Unique local address (ULA) part of "fc00::/7", "/48" prefix groupprivate-address: fe80::/10 # Link-local address (LLA)# Access listsinclude: /var/unbound/access_lists.conf# Static host entriesinclude: /var/unbound/host_entries.conf# DHCP leases (if configured)include: /var/unbound/dhcpleases.conf# Domain overridesinclude: /var/unbound/domainoverrides.conf# Custom includesinclude: /var/unbound/etc/*.confremote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: /var/unbound/unbound_server.key server-cert-file: /var/unbound/unbound_server.pem control-key-file: /var/unbound/unbound_control.key control-cert-file: /var/unbound/unbound_control.pem
