Large RPZ Zones with unbound recursor

Mon Nov 25 10:36:37 UTC 2024

Good day
We use Unbound in several Versions 1.17.1 and on older Servers 1.13.1-1 (Both are on Debian Servers)
Further we receive via IXFR some Spamhaus RPZ Zones. One of the RPZ file is about 137MB (aprox. 1.5Mio Records).
It seems, unbound gets slow to answer requests, especially when a IXFR occur.

This are our settings/tunings:
        num-threads: 4

       # power of 2 close to num-threads
       msg-cache-slabs: 4
       rrset-cache-slabs: 4
       infra-cache-slabs: 4
       key-cache-slabs: 4
       # more cache memory, rrset=msg*2
       rrset-cache-size: 512m
       msg-cache-size: 256m
       # more outgoing connections
       # depends on number of cores: 1024/cores - 50
       outgoing-range: 16384
       num-queries-per-thread: 8192
       # Larger socket buffer.  OS may need config.
       so-rcvbuf: 32m
       so-sndbuf: 32m
       # other cache sizes
       key-cache-size: 16m
       neg-cache-size: 4m
       # overwrite cache values (mb 20160802 Issue 17515)
       cache-max-ttl: 3600

       cache-min-ttl: 300

Is such a huge RPZ Zone file of for unbound?
did we missed something in our config?

If further Config are needed please let me know

Best regards
A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20241125/f1baf7e5/attachment.htm>