On Tue, 19 Oct 2010, Hayward, Bruce wrote:
Thanks, I have already used that page on optimizing
Okay.
For my own compile I have been using: ./configure --prefix=/opt/unbound --with-libs=/usr/local/lib --libexecdir=/opt/unbound/lib --sysconfdir=/var/unbound/etc --sharedstatedir=/var/unbound --localstatedir=/var/unbound --with-conf-file=/var/unbound/etc/unbound.conf --with-run-dir=/var/unbound --with-chroot-dir=/var/unbound --with-pidfile=/var/unbound/run/unbound.pid --with-username=unbound --with-openssl=/lib64 --without-pthreads --without-solaris-threads --with-libevent=/usr/local/libevent/
I would not use chroot on a dedicated nameserver. All your important stuff is already inside the chroot, not outside it. Also, with rhel/centos you should use and trust the SElinux policies - they provide a much better security context without having to install or link various (sometimes outdated) binaries or special devices or config files in the chroot. And no surprises when sending the daemon signals and it possibly not being able to read config files or includes anymore.
Is the default --enable-debug?
No, it is not the default. So you should be fine. It is still surprising that you're not outrunning bind though. Are you sure you are comparing similar configurations, eg with DNSSEC validation and the root key loaded, and perhaps with DLV? What version of libevent are you using? Why are you disabling threads? Is it finding ssl (you did not add --with-ssl). I've seen a lot of speed differences with different versions of openssl. Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
