[SOLVED] Unbound configuration not connecting to 1.1.1.1@853 for DNS over TLS

Hi,

Thanks for your response. It happens only when using DNS over TLS, otherwise it is about 20ms or less.

How much do you get on your side with TLS?

I don’t have DNS-over-TLS configured. When using DNS-over-HTTPS I see almost standard response times, except if there is local cache or there is no cache at their end. Only first connection is slow as there is the TLS handshake. But this is only the very first request. It is slower than standard DNS#53 though.

; <<>> DiG 9.10.6 <<>> www.google.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8288
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		220	IN	A	74.125.206.99
www.google.com.		220	IN	A	74.125.206.103
www.google.com.		220	IN	A	74.125.206.104
www.google.com.		220	IN	A	74.125.206.105
www.google.com.		220	IN	A	74.125.206.106
www.google.com.		220	IN	A	74.125.206.147

;; Query time: 6 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Apr 09 18:07:35 CEST 2018
;; MSG SIZE  rcvd: 139
; <<>> DiG 9.10.6 <<>> www.google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55432
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		198	IN	A	74.125.206.99
www.google.com.		198	IN	A	74.125.206.103
www.google.com.		198	IN	A	74.125.206.104
www.google.com.		198	IN	A	74.125.206.105
www.google.com.		198	IN	A	74.125.206.106
www.google.com.		198	IN	A	74.125.206.147

;; Query time: 97 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 09 18:07:57 CEST 2018
;; MSG SIZE  rcvd: 223

; <<>> DiG 9.10.6 <<>> www.google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54978
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		194	IN	A	74.125.206.99
www.google.com.		194	IN	A	74.125.206.103
www.google.com.		194	IN	A	74.125.206.104
www.google.com.		194	IN	A	74.125.206.105
www.google.com.		194	IN	A	74.125.206.106
www.google.com.		194	IN	A	74.125.206.147

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 09 18:08:02 CEST 2018
;; MSG SIZE  rcvd: 139