Performance Question for Non-Validating server

Guevara, Daniel Daniel_Guevara at
Mon Oct 7 21:42:43 UTC 2019

I want to confirm if this behavior is to be expected…

I have built a custom CentOS RPM (based on previous threads to use 1.9.3) since we just want to use unbound for forwarding and not do any validation. What I found is that the performance is significantly worse than the GA CentOS 7 RPM (1.6.6) with validation enabled.

We are testing resolution of 2000 domains. On the RPM we built the average is roughly 50 domains per second. The config only uses unbound as a forwarder:
  username: "unbound"
  pidfile: "/var/run/"
  verbosity: 2
  do-ip6: no
  access-control: allow
  domain-insecure: "."
  module-config: "iterator"
  prefetch: yes
  num-threads: 2
  outgoing-range: 8192
  num-queries-per-thread: 4096
  so-reuseport: yes
  msg-cache-slabs: 2
  rrset-cache-slabs: 2
  infra-cache-slabs: 2
  key-cache-slabs: 2

On the GA RPM (using the same config file) but with the following 2 options commented out:
domain-insecure: "."
module-config: "iterator"

The performance is much better. We are able to do roughly 400 domains per second. I tried commenting them out on the 1.9.3 deployment and there was no noticeable performance impact.

My main question is the behavior expected? I was under the impression that non-validating would be faster than a validating server.

As stated before the main reason we are trying the custom build is to use unbound only for forwarding and not do root server look ups.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list