[Dnssec-trigger] persistent cache needed?

[Chuck Anderson]

On Mon, Feb 02, 2015 at 09:27:18AM +0100, W.C.A. Wijngaards wrote:
> Hi,
> 
> On 01/02/15 19:46, Paul Wouters wrote:
> > On Sat, 31 Jan 2015, Chuck Anderson wrote:
> > 
> >> After booting up and re-opening Firefox, restoring 50-100 tabs
> >> causes so much DNS traffic that unbound goes unresponsive, and
> >> queries repeatedly timeout for many minutes until things finally
> >> settle down.
> > 
> > Why is that causing timeouts and failures on DNS for you?

I'm unsure why.  It happens even with verbosity set back to 1.

> If unbound was compiled with libevent, it should not have any issues
> coping with the traffic.  But I heard that 'nat boxes' have trouble
> with many connections.  So, I do not know how to fix this, the network
> won't allow the amount of traffic you are trying to do ...

That sounds plausible.

After fixing a bug in dnssec-trigger-script that was causing it to
crash (TRUE -> True), the forwarders are now being set properly via
DHCP.  The behavior is the same either way--without any forwaders or
with one forwarder set to 192.168.1.1, a NetGear router with stock
firmware.

I have a CeroWRT router that I'll test next--at least I should be able
to monitor the connection limit to see if that is the problem.