-
Notifications
You must be signed in to change notification settings - Fork 16
Having fast reliable DNS is critical for reliable email. In addition, this local server has forward and reverse entries for the service jails installed.
To include additional local-data, save it in the file ~/unbound.conf.local. When provisioning a new DNS jail, and it will get included in the unbound installation.
. mail-toaster.sh && provision dns- a new
stage-dnsjail is created - unbound is:
- installed
- configured
- tested
- staging jail is shut down
- staging filesystem is renamed (with a wait + retry if needed)
- existing
dnsjail is shut down - existing
dnsfilesystem is renamed to dns.last - staging filesystem is renamed to
dns - new
dnsjail is started
See an example build for complete details.
The default cache size is 4MB. If your server is busy (more than one connection per second), raise that to 64MB. Very large sites that receive dozens of concurrent email connections should start at 256MB. One way to optimize the cache size is to install the munin plugin (a build option in the unbound port). Then look at the munin graphs for "Number of queries dropped due to lack of space." If that number is greater than zero, increase the cache size.
If you have local DNS caches on your network, tell unbound to send queries to them instead of fetching DNS answers from the internet.
forward-zone:
name: "."
forward-first: yes
forward-addr: N.N.1.N
forward-addr: N.N.2.N
Unbound crashes on very high traffic sites have been witnessed. In each case, rebuilding unbound without Threads and libevent has proven reliable. This requires building unbound from ports.
grep unbound /etc/make.conf || cat << EO_UNBOUND >> /etc/make.conf
dns_unbound_SET=DOCS
dns_unbound_UNSET=THREADS
EO_UNBOUND
make -C /usr/ports/dns/unbound deinstall install clean