DoT resolvers - Slow results
Benno Overeinder
benno at NLnetLabs.nl
Sat Mar 21 11:45:54 UTC 2020
Hi Talkabout,
On 20/03/2020 14:40, Talkabout via Unbound-users wrote:
>
> With the TLS way the Resolution time increases to > 200ms. When I query
> one of those TLS DNS Servers directly via kdig, I get results in approx.
> 30-60ms.
>
> Is this something that one has to live with when using TLS or do I have
> a configuration Problem on my end?
>
I'm not sure if the following explains the difference between Unbound
and kdig (with +tls option?) performance. However, with the latest
release, Unbound has implemented TCP connection resuse/TLS session
resumption for downstream (Unbound clients), but not yet for upstream
connections (to authoritative name servers or as a forwarder to Quad9,
Google Public DNS, Cloudflare DNS, etc.).
This is something we expect to be supported in an Unbound release in the
coming months.
Best regards,
-- Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the Unbound-users
mailing list