unbound resolver requests requirements for packet filter
Simon Deziel
simon at sdeziel.info
Mon Feb 3 21:12:47 UTC 2020
On 2020-02-03 3:29 p.m., Gerben Wierda wrote:
>
>> On 3 Feb 2020, at 21:08, Simon Deziel <simon at sdeziel.info> wrote:
>>
>> That setting is for unbound to wait for the answers longer before
>> closing the socket. What I recommended bumping are pf's timeouts [1].
>
> I have no idea what reasonable values are. Double udp.{first,single,multiple}?
The default values are decent IMHO so I'd recommend investigating why
the upstream NS is so slow to reply.
If that's not possible/fixable, you can bump timeouts on your side,
doubling is a good starting point. It's possible that after changing
those firewall settings you will notice that Unbound's sockets are gone
by the time the reply shows up, because they timed out too. delay-close
may then be a useful kludge.
More information about the Unbound-users
mailing list