High latency setting optimization

Florian_Lohoff · May 25, 2018, 7:31pm

Hi,

We are running multiple unbound caches behind very long latency
sat links. We are seeing RTT of at least 1000ms.

Sometimes recursing times spike up to 20 Seconds.

Is there an optimization guide on how to fine tune parameters
for those situations?

I have already seen jostle-timeout. I am pretty shure prefetching
has a huge impact.

Anything else?

Flo

hdais · May 25, 2018, 8:38pm

Hi,

Forwarding all queries to other caching resolvers with low RTT to auth servers
(e.g. your ISP's resolver or 8.8.8.8) should improve resolution time.

But that wouldn't be optimal because Unbound chases CNAME chains
even if it forwards all queries to other resolver [1]. For more performance
use caching-forwarder-only software (i.e. dnsdist or dnsmasq) instead
of Unbound[2].

[1] https://www.unbound.net/pipermail/unbound-users/2015-November/004103.html
[2] https://www.unbound.net/pipermail/unbound-users/2016-November/004539.html

Regards,

PaulWouters · May 25, 2018, 8:46pm

Fund implementation of RFC 7901

Simon_Deziel · May 25, 2018, 8:53pm

Having a local copy of the root zone using the auth-zone feature (or on
a local NSD) might help a little.

Eric_Luehrsen · May 26, 2018, 5:10am

auth-zone: may be worth a try for sat. Trying auth-zone: on a broadband connection does appear to speed things up. The root zones ".", "arpa", "in-addr.arpa", and "ip6.arpa" NS respond to XFR. My conf example:

auth-zone:
   # Note root zone will be 2-3MB
   name: "."
   master: "a.root-servers.net"
   ...
   master: "m.root-servers.net"
   fallback-enabled: yes
   for-downstream: no
   for-upstream: yes
   zonefile: "root.zone"

Florian_Lohoff · May 26, 2018, 9:42am

I would dare trying dnsmasq for 1-3000 Clients We are between
60-200 Request/s - Not a lot but enough to think twice about implications
of a high latency uplink.

Flo

cloos · May 26, 2018, 9:52pm

We are running multiple unbound caches behind very long latency
sat links. We are seeing RTT of at least 1000ms.

...

I have already seen jostle-timeout. I am pretty shure prefetching
has a huge impact.

Back when I only had a dialup modem connection to the net I set those
jostle, prefetching, my own copy of the root and arpa zones, plus:

cache-min-ttl: 7200.

Some may argue against that last one.

Early versions of unbound didn't work too well on such a link, but it
didn't take too long before it felt at least as fast as using a remote
resolver.

-JimC