I am running Turris OS 4.0.5
I can set DNS servers using any of the TLS options in foris and the DNS will work but forwarding is slow (>150ms with some requests >400ms) and some requests randomly fail. out of 250 requests about 35-50 fail or timeout.
What could be wrong? I’m not sure how to troubleshoot this.
I also noticed in each of the files in “/etc/resolver/dns_servers” only one server is listed. Is it possible to set a secondary server?
For example in /etc/resolver/dns_servers/99_cloudflare.conf where
ipv4=“1.1.1.1”
could you set
ipv4=“1.1.1.1, 1.0.0.1”
or something similar to have a secondary DNS server?
/etc/config/resolver
config resolver ‘common’
list interface ‘0.0.0.0’
list interface ‘::0’
option port ‘53’
option keyfile ‘/etc/root.keys’
option verbose ‘0’
option msg_buffer_size ‘4096’
option msg_cache_size ‘20M’
option net_ipv6 ‘1’
option net_ipv4 ‘1’
option forward_upstream ‘1’
option prefered_resolver ‘kresd’
option ignore_root_key ‘0’
option prefetch ‘yes’
option static_domains ‘1’
option dynamic_domains ‘0’
option forward_custom ‘99_quad9’
config resolver ‘kresd’
option rundir ‘/tmp/kresd’
option log_stderr ‘1’
option log_stdout ‘1’
option forks ‘1’
option keep_cache ‘1’
config resolver ‘unbound’
option outgoing_range ‘60’
option outgoing_num_tcp ‘1’
option incoming_num_tcp ‘1’
option msg_cache_slabs ‘1’
option num_queries_per_thread ‘30’
option rrset_cache_size ‘100K’
option rrset_cache_slabs ‘1’
option infra_cache_slabs ‘1’
option infra_cache_numhosts ‘200’
list access_control ‘0.0.0.0/0 allow’
list access_control ‘::0/0 allow’
option pidfile ‘/var/run/unbound.pid’
option root_hints ‘/etc/unbound/named.cache’
option target_fetch_policy ‘2 1 0 0 0’
option harden_short_bufsize ‘yes’
option harden_large_queries ‘yes’
option qname_minimisation ‘yes’
option harden_below_nxdomain ‘yes’
option key_cache_size ‘100k’
option key_cache_slabs ‘1’
option neg_cache_size ‘10k’
option prefetch_key ‘yes’
config resolver ‘unbound_remote_control’
option control_enable ‘yes’
option control_use_cert ‘no’
list control_interface ‘127.0.0.1’