I'm setting up Unbound for a new group of mail systems. The systems have
rbldnsd running on port 3768. I'm having trouble configuring the
forwarders statements. Additionally, uncached queries (whether to the
local rbldnsd or to external DNS servers) seem to take a bit of time.
This is the default unbound RPM for RHEL6: 1.4.21.1.el6
main pertinent performance related configs are:
server:
num-threads: 16
outgoing-range: 8192
so-rcvbuf: 4m
so-sndbuf: 4m
msg-cache-slabs: 16
num-queries-per-thread: 4096
rrset-cache-size: 100m
rrset-cache-slabs: 16
(system has 2x 8 cores @ 2.60 GHz, 15k disks in RAID 10).
My config lists the forward address and alternate port as so (I've tried
changing the indenting, putting double-quotes around the forward-addr
statement, etc.).
# tail -4 /etc/unbound/unbound.conf
forward-zone:
name: "zen.spamhaus.org."
forward-addr: 127.0.0.1@3768
Even though the forwarder seems to be listed (list_forwards doesn't seem
to print the alternate port information even when it's configured and
working: see below):
# unbound-control list_forwards
zen.spamhaus.org. IN forward: 127.0.0.1
I get SERVFAIL when trying to do a lookup:
# dig @localhost 2.0.0.127.zen.spamhaus.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost 2.0.0.127.zen.spamhaus.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54375
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 10 15:50:55 2014
;; MSG SIZE rcvd: 44
However, the alternate port can resolve it quite quickly:
# time dig @localhost -p 3768 2.0.0.127.zen.spamhaus.org +short
127.0.0.2
127.0.0.10
127.0.0.4
real 0m0.005s
user 0m0.000s
sys 0m0.003s
However, if I add the forwarder using unbound-control, it then works,
however, the query time is quite long:
# unbound-control forward_add zen.spamhaus.org 127.0.0.1@3768
ok
# unbound-control list_forwards
zen.spamhaus.org. IN forward: 127.0.0.1
# dig @localhost 2.0.0.127.zen.spamhaus.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost 2.0.0.127.zen.spamhaus.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9595
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org. IN A
;; ANSWER SECTION:
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.10
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.4
2.0.0.127.zen.spamhaus.org. 300 IN A 127.0.0.2
;; Query time: 1029 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 10 15:51:25 2014
;; MSG SIZE rcvd: 92
Any suggestions (and any performance tuning tips; I did try to follow
http://unbound.net/documentation/howto_optimise.html) would be helpful.