Slow Cloudflare response times when using unbound & DNS over TLS

Please follow the below template, it will help us to help you!

Expected Behaviour:

The actual response times of cached entries using are perfect and expected.
Pi-hole and unbound are working fine.
Queries which are not cached are send to cloudflare

forward-zone:
name: “.”
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-ssl-upstream: yes
forward-tls-upstream: yes

Actual Behaviour:

The query time for non-cached entries are very high, typically 200-400ms
Is that typical or something to expect when using DNS over TLS?

pihole_queries-month

Debug Token:

https://tricorder.pi-hole.net/8cm12nc3vj

Unbound has no official support here but firstly you use twice the secure connection and loose one:

forward-ssl-upstream: yes
forward-tls-upstream: yes

Keep only the TLS version.

In the later versions of Unbound TLS connections are being optimized by re-using earlier connections. Now, each time the secure connection is completely set up making it slower and might be what you seeing.

https://github.com/NLnetLabs/unbound/issues/47

Thanks for your reply.
I tried your suggestion but no change to the query time.
But I accept that this is not an unbound forum, just tried my luck :slight_smile:

It is me again, after 16 hours I can indeed confirm that your proposed solution helped to improve the situation.
The average query time is now below 200ms

minimal-responses: yes
forward-tls-upstream: yes

I think minimal-responces is helping with having a lower resolving time.

       forward-ssl-upstream: <yes or no>
              Alternate syntax for forward-tls-upstream.

So that would not increase speed but it is cleaner to have only one in the config.

Pleased that you tackled this.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.