Re: [ext] Re: Perfomance issue between 1.5.8-1ubuntu1.1 (xenial) and 1.6.7-1ubuntu2.1 (bionic)
* W.C.A. Wijngaards via Unbound-users : > Hi Ralf, > > On 25/06/18 11:43, Ralf Hildebrandt via Unbound-users wrote: > > We're using unbound on our four proxy servers (and a hand-compiled, > > current version of squid), which channel all outbound HTTP/HTTPS traffic. > > So I think it may be this change from 1.5.9: > - Fix unbound sets CD bit on all forwards. If no trust anchors, it'll > not set CD bit when forwarding to another server. If a trust anchor, no > CD bit on the first attempt to a forwarder, but CD bit thereafter on > repeated attempts to get DNSSEC. It's probably that, yes. > It could be other fixes, perhaps in TCP (if you have tcp-upstream > enabled?) or ssl-upstream? Or caps-for-id? None of those. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Perfomance issue between 1.5.8-1ubuntu1.1 (xenial) and 1.6.7-1ubuntu2.1 (bionic)
We're using unbound on our four proxy servers (and a hand-compiled, current version of squid), which channel all outbound HTTP/HTTPS traffic. Naturally, these machine do a lot of resolving. Recently I upgraded the OS from xenial to bionic, and while everything was working as expected I noticed a significant increase in the DNS query times on those proxies. Before the update (runnung unbound 1.5.8-1ubuntu1.1) we were seeing query times around 20ms: After the upgrade (1.6.7-1ubuntu2.1) those rose to 40ms. See these graphs: https://www.arschkrebs.de/bugs/dnssvc30d.png https://www.arschkrebs.de/bugs/dnssvc1w.png I then tinkered with different package versions -- tried upgrading to 1.7.3 (no change) and finally downgraded back to to 1.5.8-1ubuntu1.1 - and the query times dropped to pre-update levels. Is that to be expected? Is it a regression? I'm a bit late to notice, but I thought I'd rather ask. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155