unbound without internet

Hans Sandsdalen hans at spacetec.no
Tue Sep 5 05:46:53 UTC 2023 

Hi 

Yesteday we lost connection to internet. I supposed that dns would be ok for our internal hosts. But unbound became very slow, sometimes did not respond at all. We use nsd and unbound. 

What can I do to prevent this in the future? 

/etc/unbound/unbound.conf.d/ contains tree files: 
KSPT.conf qname-minimisation.conf root-auto-trust-anchor-file.conf 

KSPT.conf: 

server: 
verbosity: 1 
interface: 0.0.0.0 
access-control: 192.168.0.0/16 allow 
access-control: 10.0.0.0/8 allow 
access-control: 127.0.0.0/8 allow 
port: 53 
do-ip4: yes 
do-ip6: no 
root-hints: "/etc/unbound/root.hints" 
cache-min-ttl: 300 
cache-max-ttl: 86400 
prefetch: yes 
num-threads: 1 
minimal-responses: yes 
prefetch: no 
do-not-query-localhost: no 
local-zone: "domain.no" nodefault 
local-zone: "168.192.in-addr.arpa" nodefault 
local-zone: "10.in-addr.arpa" nodefault 
domain-insecure: "domain.no" 
domain-insecure: "168.192.in-addr.arpa" 
domain-insecure: "10.in-addr.arpa" 
private-domain: "domain.no" 
stub-zone: 
name: "168.192.in-addr.arpa." 
stub-addr: 127.0.0.1 at 1053 
stub-zone: 
name: "10.in-addr.arpa." 
stub-addr: 127.0.0.1 at 1053 
stub-zone: 
name: "spacetec.no" 
stub-addr: 127.0.0.1 at 1053 

remote-control: 
control-enable: yes 

qname-minimisation.conf: 

server: 
# Send minimum amount of information to upstream servers to enhance 
# privacy. Only sends minimum required labels of the QNAME and sets 
# QTYPE to NS when possible. 

# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for 
# details. 

qname-minimisation: yes 

root-auto-trust-anchor-file.conf: 

server: 
# The following line will configure unbound to perform cryptographic 
# DNSSEC validation using the root trust anchor. 
auto-trust-anchor-file: "/var/lib/unbound/root.key" 

--- 
HANS SANDSDALEN 
Manager IT Tromsø 
Space Ground Systems 
Kongsberg Defence & Aerospace AS 

+47 977 62 632 
[ mailto:hans at spacetec.no | hans at spacetec.no ] 
[ http://www.kongsberg.com/space | www.kongsberg.com/space ] 




CONFIDENTIALITY This e-mail and any attachment contain KONGSBERG information which may be proprietary, confidential or subject to export regulations, and is only meant or the intended recipient(s). Any disclosure, copying, distribution or use is prohibited, if not otherwise explicitly agreed with KONGSBERG. If received in error, please delete it immediately from your system and notify the sender properly. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230905/8a5da40d/attachment.htm>

More information about the Unbound-users mailing list