Hi Yesteday we lost connection to internet. I supposed that dns would be ok for our internal hosts. But unbound became very slow, sometimes did not respond at all. We use nsd and unbound.
What can I do to prevent this in the future? /etc/unbound/unbound.conf.d/ contains tree files: KSPT.conf qname-minimisation.conf root-auto-trust-anchor-file.conf KSPT.conf: server: verbosity: 1 interface: 0.0.0.0 access-control: 192.168.0.0/16 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow port: 53 do-ip4: yes do-ip6: no root-hints: "/etc/unbound/root.hints" cache-min-ttl: 300 cache-max-ttl: 86400 prefetch: yes num-threads: 1 minimal-responses: yes prefetch: no do-not-query-localhost: no local-zone: "domain.no" nodefault local-zone: "168.192.in-addr.arpa" nodefault local-zone: "10.in-addr.arpa" nodefault domain-insecure: "domain.no" domain-insecure: "168.192.in-addr.arpa" domain-insecure: "10.in-addr.arpa" private-domain: "domain.no" stub-zone: name: "168.192.in-addr.arpa." stub-addr: 127.0.0.1@1053 stub-zone: name: "10.in-addr.arpa." stub-addr: 127.0.0.1@1053 stub-zone: name: "spacetec.no" stub-addr: 127.0.0.1@1053 remote-control: control-enable: yes qname-minimisation.conf: server: # Send minimum amount of information to upstream servers to enhance # privacy. Only sends minimum required labels of the QNAME and sets # QTYPE to NS when possible. # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for # details. qname-minimisation: yes root-auto-trust-anchor-file.conf: server: # The following line will configure unbound to perform cryptographic # DNSSEC validation using the root trust anchor. auto-trust-anchor-file: "/var/lib/unbound/root.key" --- HANS SANDSDALEN Manager IT Tromsø Space Ground Systems Kongsberg Defence & Aerospace AS +47 977 62 632 [ mailto:h...@spacetec.no | h...@spacetec.no ] [ http://www.kongsberg.com/space | www.kongsberg.com/space ] CONFIDENTIALITY This e-mail and any attachment contain KONGSBERG information which may be proprietary, confidential or subject to export regulations, and is only meant or the intended recipient(s). Any disclosure, copying, distribution or use is prohibited, if not otherwise explicitly agreed with KONGSBERG. If received in error, please delete it immediately from your system and notify the sender properly.