DoT resolvers - Slow results
Talkabout
talk.about at gmx.de
Fri Mar 20 13:40:32 UTC 2020
Hi all,
recently I tried to set up my Unbound Server to resolve queries by recursive DoT resolvers. This works Pretty well with the following configuration:
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 9.9.9.9 at 853#dns.quad9.net
# Cloudflare DNS
forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
# Google
forward-addr: 8.8.8.8 at 853#dns.google
forward-addr: 8.8.4.4 at 853#dns.google
# DNS Privacy
forward-addr: 94.130.110.185 at 853#ns1.dnsprivacy.at
forward-addr: 94.130.110.178 at 853#ns2.dnsprivacy.at
# Uncensored
forward-addr: 89.233.43.71 at 853#unicast.censurfridns.dk
But the Problem arises when it Comes to Resolution times. With my initial configuration I have an average resolution time of < 100ms. For that I am using this configuration:
auth-zone:
name: "."
master: b.root-servers.net
master: d.root-servers.net
master: i.root-servers.net
master: f.root-servers.net
master: j.root-servers.net
master: k.root-servers.net
url: https://www.internic.net/domain/root.zone
#fallback-enabled: yes
for-downstream: no
#for-upstream: yes
zonefile: /var/lib/unbound/root.zone
With the TLS way the Resolution time increases to > 200ms. When I query one of those TLS DNS Servers directly via kdig, I get results in approx. 30-60ms.
Is this something that one has to live with when using TLS or do I have a configuration Problem on my end?
Thanks!
Bye
Gesendet von Mail für Windows 10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200320/3acf89f5/attachment-0001.htm>
More information about the Unbound-users
mailing list