Use unbound to forward queries

Ailomanga sakamoto kixort at outlook.com
Fri Feb 8 11:03:34 UTC 2019 

Hello.
I just use unbound which listen 53 port to forward the queries to 127.0.0.1 at 5353(dnscrypt v2),but I find it works slowly.When unbound gets a request,it always sends the query to the root-server at first,and then it forward to 127.0.0.1 at 5353.How can I let unbound forward at first?
I want to use redis to cache,and I also want to use subnet. But the module-config only allows subnetcache or cachedb.
it is my conf:
===================================
server:
verbosity: 1
num-threads: 2
#interface: 0.0.0.0
interface: 0.0.0.0 at 53
interface: ::0 at 53
interface: 0.0.0.0 at 853
interface: ::0 at 853
prefer-ip6: no
outgoing-num-tcp: 1024
incoming-num-tcp: 2048
so-rcvbuf: 8m
so-sndbuf: 8m
so-reuseport: yes
edns-buffer-size: 4096
max-udp-size: 4096
msg-buffer-size: 65552
msg-cache-size: 64m
num-queries-per-thread: 2048
jostle-timeout: 300
unknown-server-time-limit: 2000
rrset-cache-size: 512m
rrset-cache-slabs: 4
cache-min-ttl: 90
cache-max-ttl: 43200
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
tcp-upstream: no
udp-upstream-without-downstream: no
tcp-mss: 0
outgoing-tcp-mss: 0
tcp-idle-timeout: 30000
access-control: 0.0.0.0/0 allow
use-syslog: yes
pidfile: "/var/run/unbound.pid"
root-hints: "named.cache"
hide-identity: yes
hide-version: yes
harden-glue: yes
qname-minimisation: yes
qname-minimisation-strict: no
rrset-roundrobin: yes
prefetch: yes
do-not-query-localhost: yes
minimal-responses: yes
module-config: "subnetcache validator iterator"
neg-cache-size: 20m
include: "/usr/local/dns/etc/unbound/local.unbound.conf"

edns-tcp-keepalive: yes
edns-tcp-keepalive-timeout: 60000
auto-trust-anchor-file: "/usr/local/dns/etc/unbound/root.key"
hide-trustanchor: no
aggressive-nsec: yes

tls-service-key: "/usr/local/dns/etc/tls.key"
tls-service-pem: "/usr/local/dns/etc/tls.crt"
tls-port: 853
tls-upstream: no
tls-cert-bundle: "/usr/local/dns/etc/certs.pem"

send-client-subnet: 0.0.0.0/0
send-client-subnet: ::0/64

include: "/usr/local/dns/etc/unbound/whitelist.conf"
forward-zone:
    name: "."
    forward-addr: 127.0.0.1 at 5353  #DNScrypt-proxy
    forward-first: yes

#cachedb:
#     backend: "unbound"
#     secret-seed: "default"
#     redis-server-host: 127.0.0.1
#     redis-server-port: 6379
#     redis-timeout: 100
=============================================================
Thanks.
Make.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190208/24a95b59/attachment.htm>

More information about the Unbound-users mailing list