<html><body><div style="font-family: garamond,new york,times,serif; font-size: 14pt; color: #130c29"><div>Hi<br></div><div><br data-mce-bogus="1"></div><div>Yesteday we lost connection to internet. I supposed that dns would be ok for our internal hosts. But unbound became very slow, sometimes did not respond at all. We use nsd and unbound.<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>What can I do to prevent this in the future?<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>/etc/unbound/unbound.conf.d/ contains tree files: </div><div> KSPT.conf qname-minimisation.conf root-auto-trust-anchor-file.conf<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>KSPT.conf:<br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;"><br></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;">server:<br> verbosity: 1<br> interface: 0.0.0.0<br> access-control: 192.168.0.0/16 allow<br> access-control: 10.0.0.0/8 allow<br> access-control: 127.0.0.0/8 allow<br> port: 53<br> do-ip4: yes<br> do-ip6: no<br> root-hints: "/etc/unbound/root.hints"<br> cache-min-ttl: 300<br> cache-max-ttl: 86400<br> prefetch: yes<br> num-threads: 1<br> minimal-responses: yes<br> prefetch: no<br> do-not-query-localhost: no<br> local-zone: "domain.no" nodefault<br> local-zone: "168.192.in-addr.arpa" nodefault<br> local-zone: "10.in-addr.arpa" nodefault<br> domain-insecure: "domain.no"<br> domain-insecure: "168.192.in-addr.arpa"<br> domain-insecure: "10.in-addr.arpa"<br> private-domain: "domain.no"<br> stub-zone: <br> name: "168.192.in-addr.arpa." <br> stub-addr: 127.0.0.1@1053<br> stub-zone: <br> name: "10.in-addr.arpa." <br> stub-addr: 127.0.0.1@1053<br> stub-zone:<br> name: "spacetec.no" <br> stub-addr: 127.0.0.1@1053<br><br>remote-control:<br> control-enable: yes<br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;"><br data-mce-bogus="1"></div><div style="">qname-minimisation.conf:<br data-mce-bogus="1"></div><div style=""><br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;">server:<br> # Send minimum amount of information to upstream servers to enhance<br> # privacy. Only sends minimum required labels of the QNAME and sets<br> # QTYPE to NS when possible.<br><br> # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for<br> # details.<br><br> qname-minimisation: yes<br data-mce-bogus="1"></div><div style=""><br data-mce-bogus="1"></div><div style="">root-auto-trust-anchor-file.conf:<br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;"><br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;">server:<br> # The following line will configure unbound to perform cryptographic<br> # DNSSEC validation using the root trust anchor.<br> auto-trust-anchor-file: "/var/lib/unbound/root.key"<br data-mce-bogus="1"></div><div style="padding-left: 40px;" data-mce-style="padding-left: 40px;"><br data-mce-bogus="1"></div><div data-marker="__SIG_PRE__" style="padding-left: 40px;" data-mce-style="padding-left: 40px;"><div style=""><span style="font-size:12pt">---</span><br><span style="font-size:12pt"><strong>HANS SANDSDALEN</strong><br></span></div><div><span style="font-size:12pt">Manager IT Tromsø</span></div><div><span style="font-size:12pt">Space Ground Systems</span><br><span style="font-size:12pt">Kongsberg Defence & Aerospace AS</span></div><div><br><span style="font-size:12pt;font-family:'times new roman' , 'new york' , 'times' , serif"><span style="letter-spacing:0pt;vertical-align:baseline">+47 977 62 632</span><u><span style="color:rgb( 60 , 115 , 228 );letter-spacing:0pt;vertical-align:baseline"></span></u></span></div><div><span style="font-size:12pt;font-family:'times new roman' , 'new york' , 'times' , serif"><u><span style="color:rgb( 60 , 115 , 228 );letter-spacing:0pt;vertical-align:baseline"><a href="mailto:hans@spacetec.no" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">hans@spacetec.no</a><br></span></u><u><span style="letter-spacing:0pt;vertical-align:baseline"><span class="Object" id="OBJ_PREFIX_DWT560_com_zimbra_url"><a href="http://www.kongsberg.com/space" rel="nofollow noopener noreferrer nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">www.kongsberg.com/space</a></span></span></u></span><br></div><div><br></div><div><br></div></div></div><div><br></div><font face="tahoma, arial, helvetica, sans-serif"><span style="font-size: 12px;"><b>CONFIDENTIALITY</b></span></font><div><font face="tahoma, arial, helvetica, sans-serif"><span style="font-size: 12px;">This e-mail and any attachment contain KONGSBERG information which may be </span></font><span style="font-size: 12px; font-family: tahoma, arial, helvetica, sans-serif;">proprietary, confidential or subject to export regulations, and is only meant </span><span style="font-size: 12px; font-family: tahoma, arial, helvetica, sans-serif;">or the intended recipient(s). Any disclosure, copying, distribution or use is </span><span style="font-size: 12px; font-family: tahoma, arial, helvetica, sans-serif;">prohibited, if not otherwise explicitly agreed with KONGSBERG. If received in </span><span style="font-size: 12px; font-family: tahoma, arial, helvetica, sans-serif;">error, please delete it immediately from your system and notify the sender </span><span style="font-size: 12px; font-family: tahoma, arial, helvetica, sans-serif;">properly.</span></div></body></html>