Unbound unresponsive when AXFR RPZ
Arnaud Gavara
arnaud.gavara at umontpellier.fr
Sat Apr 3 07:23:21 UTC 2021
Hello,
I am using Unbound in version 1.13.1 with RPZs (configuration below).
I observe that for a relatively large RPZ (around 300k entries), Unbound no longer responds to client requests during the zone is AXFR transferred. It lasts on average 1 second, but it's enough to lose a lot of requests.
Would it be possible to optimize this downtime?
I have already looked and applied the optimization guide (https://nlnetlabs.nl/documentation/unbound/howto-optimise/) but there is nothing relating to the AXFR transfers of the zones.
I specify that the master server performing the transfer of the zone is local and I do not think it's the source of the problem.
Bonus question, are there any plans to be able to do IXFR? This could be useful for RPZs with a certain size.
Regards,
Arnaud
Configuration type:
rpz:
# RPZ MALWARE
name: rpz.malware
zonefile: /var/lib/unbound/zones/rpz.malware
master: a.b.c.d
allow-notify: a.b.c.d
rpz-log: yes
rpz-log-name: rpz.malware
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2050 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210403/c794e044/attachment.bin>
More information about the Unbound-users
mailing list