Unbound can be made unresponsive when using DoT
ericluehrsen at gmail.com
Sat Jun 27 01:34:16 UTC 2020
On 6/23/20 11:38 AM, RayG via Unbound-users wrote:
> I have DoT & DNSSEC all set up and working and was carrying out some
> tests to ensure that the server and the forward servers (Cloudflare) was
> working as I expected.
> To that end I was using this test:
> down the page you will see a button:
> “Initiate standard DNS spoofability test”
> When run, it carries out the test and returns results. If however you
> try using Dig or even a browser while the test is running nothing will
> function, Unbound is unresponsive.
> After the test returns you still have to wait some time before Unbound
> recovers and is once again useable.
> I am on Windows 10/64 (B18363.900-V1909) with an Intel Core i7 4930K @
> 3.40GHz Ivy Bridge-E 22nm with 32GB Memory. Using Unbound v1.10.1
> When I run the same test without DoT to the same forward servers
> everything seems to be OK and there is no hang or unresponsiveness.
> I appreciate that there is much more TCP traffic when using DoT but
> should Unbound become unresponsive?
> Is this an Unbound problem or something that I can resolve in the
There are more than a few Unbound resource settings. These include the
number of TCP and UDP ports to allow to be open at the same time. It is
probably best to give "unbound.conf" a read on the documentation page.
Also Windows home-style editions often have some down tuning of these
available resources with respect to Windows professional-style editions.
More information about the Unbound-users