[Dnssec-trigger] persistent cache needed?

Paul Wouters paul at nohats.ca
Sun Feb 1 18:46:53 UTC 2015

On Sat, 31 Jan 2015, Chuck Anderson wrote:

> After booting up and re-opening Firefox, restoring 50-100 tabs causes
> so much DNS traffic that unbound goes unresponsive, and queries
> repeatedly timeout for many minutes until things finally settle down.

Why is that causing timeouts and failures on DNS for you?

I do think unbound needs an option to tell it it is operating on
an endnode and not a network wide cache, where it can be a little
more aggressive on negative cache entries and retry more.

> I think we need a persistent cache, saved across restarts/reboots.
> What else can we do to solve this problem?

I would like that. But it would require the cache to have some kind
of timestamp associaed to it, so the loading unbound can calculate
how much to lower the TTL's of the cached data. Otherwise you would
end up with badly cached data that has in reality expired (and might
have changed)

Note this is the reverse of another problem people have, which is when
switching network they want the cache to be wiped because some networks
might have split-DNS entries that aren't valid elsewhere.

> Or is the verbosity the cause of the problem:
> #journalctl -b -u unbound | wc -l
> 24581

Verbosity causes a significant performance drop, so for your original
problem it might be worth reducing it to 1 again and see if your
problem disappears.


More information about the dnssec-trigger mailing list