Hello,
I am using Unbound in version 1.13.1 with RPZs (configuration below).
I observe that for a relatively large RPZ (around 300k entries), Unbound no longer responds to client requests during the zone is AXFR transferred. It lasts on average 1 second, but it's enough to lose a lot of requests.
Would it be possible to optimize this downtime?
I have already looked and applied the optimization guide (https://nlnetlabs.nl/documentation/unbound/howto-optimise/) but there is nothing relating to the AXFR transfers of the zones.
I specify that the master server performing the transfer of the zone is local and I do not think it's the source of the problem.
Bonus question, are there any plans to be able to do IXFR? This could be useful for RPZs with a certain size.
Regards,
Arnaud
Configuration type:
rpz:
# RPZ MALWARE
name: rpz.malware
zonefile: /var/lib/unbound/zones/rpz.malware
master: a.b.c.d
allow-notify: a.b.c.d
rpz-log: yes
rpz-log-name: rpz.malware