Unbound can be made unresponsive when using DoT

RayG rgsub1 at btinternet.com
Tue Jun 23 15:38:43 UTC 2020


Hi,

 

I have DoT & DNSSEC all set up and working and was carrying out some tests
to ensure that the server and the forward servers (Cloudflare) was working
as I expected. 

 

To that end I was using this test:

 

https://www.grc.com/dns/dns.htm

 

down the page you will see a button:

 

"Initiate standard DNS spoofability test"

 

When run, it carries out the test and returns results. If however you try
using Dig or even a browser while the test is running nothing will function,
Unbound is unresponsive.

 

After the test returns you still have to wait some time before Unbound
recovers and is once again useable.

 

I am on Windows 10/64 (B18363.900-V1909) with an Intel Core i7 4930K @
3.40GHz Ivy Bridge-E 22nm with 32GB Memory. Using Unbound v1.10.1

 

When I run the same test without DoT to the same forward servers everything
seems to be OK and there is no hang or unresponsiveness.

 

I appreciate that there is much more TCP traffic when using DoT but should
Unbound become unresponsive?

 

Is this an Unbound problem or something that I can resolve in the
configuration?

 

Thanks

 

Ray

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200623/f95db6ba/attachment.htm>


More information about the Unbound-users mailing list