DoT resolvers - Slow results
Benno Overeinder
benno at NLnetLabs.nl
Sat Mar 21 11:55:10 UTC 2020
Forgot to mention in the previous email:
On 21/03/2020 12:45, Benno Overeinder via Unbound-users wrote:
> I'm not sure if the following explains the difference between Unbound
> and kdig (with +tls option?) performance. However, with the latest
> release, Unbound has implemented TCP connection resuse/TLS session
> resumption for downstream (Unbound clients), but not yet for upstream
> connections (to authoritative name servers or as a forwarder to Quad9,
> Google Public DNS, Cloudflare DNS, etc.).
>
> This is something we expect to be supported in an Unbound release in the
> coming months.
You might want to test DNS-over-TLS performance with getdns Stubby. The
Stubby stub resolver does support TCP connection reuse/TLS session
resumption to upstream connections.
For downloading and installing Stubby, see
https://github.com/getdnsapi/stubby and https://getdnsapi.net.
Cheers,
-- Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the Unbound-users
mailing list