Perfomance issue between 1.5.8-1ubuntu1.1 (xenial) and 1.6.7-1ubuntu2.1 (bionic)
wouter at nlnetlabs.nl
Mon Jun 25 10:22:36 UTC 2018
On 25/06/18 11:43, Ralf Hildebrandt via Unbound-users wrote:
> We're using unbound on our four proxy servers (and a hand-compiled,
> current version of squid), which channel all outbound HTTP/HTTPS traffic.
So I think it may be this change from 1.5.9:
- Fix unbound sets CD bit on all forwards. If no trust anchors, it'll
not set CD bit when forwarding to another server. If a trust anchor, no
CD bit on the first attempt to a forwarder, but CD bit thereafter on
repeated attempts to get DNSSEC.
It could be other fixes, perhaps in TCP (if you have tcp-upstream
enabled?) or ssl-upstream? Or caps-for-id? Those have seen some work
can you have different performance. tcp and ssl should be better
performance, really, but have seen work on them.
It depends on your configuration and the upstream server responses.
From 20 to 40 msec could be another roundtrip to your favorite frequent
server, and thos the CD flag thing jumps out from the changelogs as
something that could trigger this change.
Best regards, Wouter
> Naturally, these machine do a lot of resolving.
> Recently I upgraded the OS from xenial to bionic, and while everything
> was working as expected I noticed a significant increase in the DNS
> query times on those proxies.
> Before the update (runnung unbound 1.5.8-1ubuntu1.1) we were seeing query
> times around 20ms: After the upgrade (1.6.7-1ubuntu2.1) those rose to
> See these graphs:
> I then tinkered with different package versions -- tried upgrading to
> 1.7.3 (no change) and finally downgraded back to to 1.5.8-1ubuntu1.1 -
> and the query times dropped to pre-update levels.
> Is that to be expected? Is it a regression? I'm a bit late to notice,
> but I thought I'd rather ask.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users