Hi all.
Watching just such a problem.

[rt@rdns-r-S4 ~]# unbound-control dump_requestlist
thread #0

type cl name seconds module status

0 A IN a.root-servers.net. 947.061093 iterator wait for 192.35.51.30

[rt@rdns-r-S4 ~]# nslookup a.root-servers.net
;; connection timed out; no servers could be reached

[rt@rdns-r-S4 ~]# ping 192.35.51.30
PING 192.35.51.30 (192.35.51.30) 56(84) bytes of data.
64 bytes from 192.35.51.30: icmp_seq=1 ttl=52 time=249 ms
64 bytes from 192.35.51.30: icmp_seq=2 ttl=52 time=249 ms
64 bytes from 192.35.51.30: icmp_seq=3 ttl=52 time=249 ms
64 bytes from 192.35.51.30: icmp_seq=4 ttl=52 time=249 ms
^C
— 192.35.51.30 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 249.317/249.342/249.365/0.353 ms

http://img27.imageshack.us/img27/8403/graphhist.png
http://img31.imageshack.us/img31/5974/graphqueue.png

Hi Telesis,

Hi all.
Watching just such a problem.

[rt@rdns-r-S4 ~]# unbound-control dump_requestlist
thread #0
# type cl name seconds module status
  0 A IN a.root-servers.net. 947.061093
iterator wait for 192.35.51.30

It is trying to resolve the name a.root-servers.net, but that IP address
is for f.gtld-servers.net.

[rt@rdns-r-S4 ~]# nslookup a.root-servers.net
;; connection timed out; no servers could be reached

If you really want to debug this, use dig.
$ dig @192.35.51.30 a.root-servers.net.
works fine for me.

Do you have special configuration for com or net? Normally unbound
would ask a-m.gtld-servers.net for the answer if f.gtld-servers.net does
not answer immediately.

If all the servers for .net do not respond (once an hour) this explains
your graph with lots of spikes, and you have a more serious (network)
problem.

Best regards,
   Wouter