DNS Resolver not caching correct?

mrsunfire

@johnpoz said in DNS Resolver not caching correct?:

unbound-control -c /var/unbound/unbound.conf stats_noreset | grep rrset.cache

I don't have the DHCP registration option set because I use static DHCP entries. My unbound doesn't restart. Well today it does because I changed something in the settings.

unbound-control -c /var/unbound/unbound.conf stats_noreset | grep rrset.cache

shows me

rrset.cache.count=3875

If I use a client to connect to twitter.com and shortly after do a dig twitter.com it also shows me 15 ms or more. Shouldn't be there 0ms because the client already asked for that query? Before that I cleared my DNS cache on that client.

I think I can enable the option "Server Expired" or is this a problem?

How can I see all entries that are cached?

johnpoz

And maybe its 15ms because that is how long it took to query it from cache.. That seems like a really fast response all the way from roots.. Once unbound has looked up say host.domain.tld, and then it looks for otherhost.domaint.tld it will already have the authoritative ns cached, and only has to ask them directly and not walk down from roots.

You need to validate via the run time query I did above to see how long unbound has been running, there are other things that can reload it.. For example pfblocker.

you can lookup specifics, or dump the whole cache if you would.

   dump_cache
          The contents of the cache is printed in a text format to stdout.
          You can redirect it to a file to store the cache in a file.

Use the lookup command and it will tell you what is cached for that and what it would use to lookup something.

Or you can just grep in the full cache for some specific record.

[2.4.4-RELEASE][admin@sg4860.local.lan]/: unbound-control -c /var/unbound/unbound.conf dump_cache | grep www.google.com
www.google.com. 1275    IN      A       172.217.1.36
msg www.google.com. IN A 32896 1 1275 3 1 0 0
www.google.com. IN A 0
[2.4.4-RELEASE][admin@sg4860.local.lan]/: 

So in there you can see what the TTL is in the cache, and that it has a 0 set so it will respond even if the other cache entry .

unbound will return from cache, unless that entry has been flushed, or the whole cache has been flushed. 15 ms sure seems pretty quick for a full resolve from roots. So either it only talked to the authoritative server it already had cached, or it served it up from cache and it was a bit slow doing that.

Do looking up specific entries per the above command example will show you if the record is in cache, and what is left on the ttl, etc.

mrsunfire

@johnpoz said in DNS Resolver not caching correct?:

unbound-control -c /var/unbound/unbound.conf dump_cache | grep www.google.com

If it's cached, it's always 0 ms. I think PCI-E SSD and Core i7 should be fast enough :)

I will test around a bit and see if its better now with the Serve expired setting.

www.google.com.	243	IN	A	172.217.21.196
www.google.com.	243	IN	AAAA	2a00:1450:4001:808::2004
msg www.google.com. IN A 32896 1 243 3 1 0 0
www.google.com. IN A 0
msg www.google.com. IN AAAA 32896 1 243 3 1 0 0
www.google.com. IN AAAA 0

johnpoz

I worded that a bit wrong, I meant that I have reply with 0 ttl set, and still shows in the cache, etc. with the ttl counting down. Bad wording on my part.

Example of the ttl counting down

www.cnn.com.    3595    IN      CNAME   turner-tls.map.fastly.net.
msg www.cnn.com. IN A 32896 1 3595 3 2 1 0
www.cnn.com. IN CNAME 0
[2.4.4-RELEASE][admin@sg4860.local.lan]/: unbound-control -c /var/unbound/unbound.conf dump_cache | grep www.cnn.com
www.cnn.com.    3496    IN      CNAME   turner-tls.map.fastly.net.
msg www.cnn.com. IN A 32896 1 3496 3 2 1 0
www.cnn.com. IN CNAME 0
[2.4.4-RELEASE][admin@sg4860.local.lan]/: 

What I would do is say query for something with a short ttl.. Say 60 seconds or something... Now just keep doing that query every couple seconds.. Do you get fast response? you see the ttl counting down.. You should see responses in 1 or 2 ms..

mrsunfire

After some hours I came back home and test again some names and now they show me all 0ms. I think the option Serve expering option solved my problem. Even twitter.com now resolves with 0 ms after 3 hours.

KOM

Maybe I missed something in the dozen+ posts on this topic, but why does it matter? 0ms vs 12ms is barely noticeable and it only applies to lookups.

johnpoz

0 vs 12 is not an issues.. But serving up say something via cache in 0ms or 12ms from cache can make make a difference vs say 500ms having to resolve it..

Much of it more of a tech thing vs hey I can notice its slower thing as well ;) Even if going to site xyz took 500ms to resolve its unlikely someone could actually notice the page loading slower if its was .5 seconds slower..

It can be hey I query this from cmd line why does it take 500ms when it should be cache local and be 1ms..

In the big picture I think resolving is the better solution, as long as your cache is working as it should - users are never going to notice anything. And you are now getting the info from the horses mouth so to speak.. And in the long run you can end up doing less queries since your always going to get the full ttl from the authoritative ns vs something that was cached, and you only got a partial ttl and had to do another query later, to only get again a less than full ttl. So while your query might be a few ms shorter, your going to end up doing more queries in the long run..

To actually make a decision you would have to do some real analysis on on your overall types of queries and amount of queries and the ttls you are getting back from if you forward, vs resolving, etc. But normally resolving is going to be the better option. But there are always going to be one offs.. Most users don't understand how it all works, and it comes down to I ask google for host.domain.tld and get an answer in X ms, vs I resolve it and get it Y ms.. where X<Y the gut reaction is forwarding is better.. When in the big picture its prob not.

KOM

Got it.

johnpoz

I could talk about this stuff for hours and hours and hours ;) Its a bit of a hobby/passion with me - my dream job would be just dealing with dns all day.. Vs now only now and then ;) I had a cool project a while back trying to host over 3000 some domains for a major player, etc. Trying to explain to them how its not worth it to try and do such a thing on your own - and how its not cost effective for the bandwidth required and the equipment required and how you can not do it from only 2 locations and provide actually good service - that it needs to be global, etc..

It was a fun project even though it came to nothing in the long run and they hosted it elsewhere - and prob cost my company money.. Not a business we wanted to get it hosting dns, when there are majors with global anycast networks that just better to host with them, etc.

I will say this, I would never go back to forwarding my queries anywhere... I will run a resolver on my own thank you very much.. It gives me the control and the info to do what I want, how I want to do it vs just sending all my queries to X and trusting their responses.. But that could just be me, others are very happy just asking x.x.x.x for host.domain.tld and being happy with what they get back.. That is not what I want - and I would think most people that have taken the step to moving to pfsense vs your off the shelf soho router like that ability as well.

Then can run a resolver, they can forward, they can run a full blown bind with a nice gui if they want, etc. This is one of the best things about pfsense - gives you options!!! And the ability to use such options without having to dive into the nitty gritty of conf files..

Sorry for the rant - but I love this topic, and I am like 6 beers in already.. Stopped for a few after work with a buddy ;)

mrsunfire

@KOM said in DNS Resolver not caching correct?:

Maybe I missed something in the dozen+ posts on this topic, but why does it matter? 0ms vs 12ms is barely noticeable and it only applies to lookups.

Because more than 0ms shows that its fordwarding too root servers and not resolving from cache. Thats the reason I use unbound.

@johnpoz
I can follow you. I also don‘t want any other resolving my names. I want to make the most I can my self. Thats why I‘m running a home server and pfSense.

johnpoz

I doubt 12 is from roots, from the authoritative ns ok.. But if your walking all the way down from roots in 12 ms.. Gawd damn that would be freaking quick ;)

Keep in mind that once you have looked up NS for say .com those are cached and do not have to ask "." again.. Just need to ask them for ns of domain.com.

And once the ns are cached for domain.com, I don't have to talk to them again.. just the ns for domain.com asking for host.domain.com

So if the specific record has ttl expired, or has never been looked up before - just have to directly talk to ns for domain.com and ask for host.domain.com

My guess on 12 ms vs 1-2ms response would either be slowing responding cache? Or just had to talk to a close authoritative ns for domain.com.. Maybe unbound was busy is why it took 12 ms vs typical 1 or 2ms? Maybe the ttl on this record is a stupid 60 seconds or something.

mrsunfire

If its from cache its always 0ms. I sniffed the traffic to check that.

johnpoz

If your local to the cache ok, but your not always going to see 0 ms if your client on the network.. Even a local lan introduces some delay ;) Or some small delay with cache answering

;; ANSWER SECTION:
www.google.com. 3346 IN A 172.217.1.36

;; Query time: 0 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Fri Aug 30 04:32:20 Central Daylight Time 2019

Next query
;; ANSWER SECTION:
www.google.com. 3344 IN A 172.217.1.36

;; Query time: 1 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Fri Aug 30 04:32:22 Central Daylight Time 2019

My point is it is possible to see a delay in the response time, even from when cache.

It could be possible, even if your local to the cache - to see a delay if machine is busy, or unbound is busy, etc. etc. Just because you see some small amount of delay does not mean it wasn't served from cache.

If you get back anything other than the full ttl - it was served from cache.

If your doing query over wireless - that could also introduce delay.. Or if your path to the dns is routed/firewalled locally, etc. A better indication of served from cache or resolved would be the ttl you get back

When your seeing this 12ms response - what was the ttl returned?

mrsunfire

I never saw more than 30% cpu usage and never more than 0ms. How can I check that better?

Where do I see the ttl? I will check that again.

johnpoz

when you do a dig, you will see the ttl

;; ANSWER SECTION:
www.google.com. 1038 IN A 172.217.1.36

See the 1038, that is the TTL returned, clearly that is not the full TTL of that record.. Nobody would set such an ODD ttl ;)

So it was clearly returned from cache. If you see a whole number, 60, 300, 1800, 3600, 86400 for example than that was resolved and you received the full ttl from the authoritative ns. You can always check what the full ttl is by doing a query direct to one of the authoritative NS for that domain.

Mind you, I have a min ttl set of 3600 on my unbound... So if ttl from authoritative ns is less than 3600, unbound will use 3600.. But it will then count down from that, so if I see 3600 returned as the ttl - pretty sure it was resolved, vs from cache.. Unless on the off chance you did the query at exactly when the ttl had counted down to that value ;) So while you might see a whole number - it still could of been from cache - you just got amazing lucky and queried exactly when say the ttl had counted down t 1800 ;)

So if your delay is something other than a couple of ms, and you have a nice whole number ttl - you can be pretty sure it was resolved, and not returned.. Even if you see say 12 ms, but the ttl was like 1432 or something - you would assume that was returned to you from cache - and something else caused the delay.

edit:
Another stat you might be interested in is the cache hit numbers..

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf stats_noreset | grep total.num
total.num.queries=14557
total.num.queries_ip_ratelimited=0
total.num.cachehits=12593
total.num.cachemiss=1964
total.num.prefetch=2263
total.num.zero_ttl=2318
total.num.recursivereplies=1964

So you can see the total numbers of queries that unbound has gotten since its last restart.. And the total number of hits for the cache.. And how many misses, how many prefetches done, etc. how many returns from 0 ttl (since I have that set) etc.. If your not seeing a large % of cache hits.. then yeah your doing more resolving than returning from cache.. I am pretty happy with 86% cache hit ratio.

Means 86% of the time when a client asked for something - it got returned from cache vs having to resolve it.

edit: People seem to miss the whole point of the cache.. To the local client if you record is returned from cache its going to be couple of ms to lookup whatever.domain.tld, so what does it matter if resolving takes 100ms and just asking google takes 30ms.. Once its cache, your client will be seeing 1ms..

In the big picture resolving can be faster and better because while you have to ask googledns all the time for something that is not in cache, and that might be 30ms (if they have it cached).. Your resolve might only take 15ms to ask the authoritative ns for the record.. All depends on where the authoritative ns is in relation to you, etc. And since your always going to get back the full TTL, you could need to do actual less queries than always asking googledns..

The only time forwarding gains you anything is if they already have it cached.. If your asking for something that is not.. Then it has to be resolved, and you just added the query time to googledns, and then waiting for them to resolve it on top of the time of your latency to them, etc. So what you save a handful of ms here and there? Nobody is going to notice the difference between getting an answer in 30ms vs 200 ;) and that only every comes into play if not already cached anyway.. So 1 of your clients might have to wait couple extra ms for something to be resolved, everyone else on your network will get the cached copy. And if your doing prefetch - the common domains will be kept active with nobody ever seeing the few ms delay to actually resolve it.

If you have the ability to run your own resolver - its just always a better option if you ask me.

here.. I resolved this locally in 139 ms

; <<>> DiG 9.14.4 <<>> www.whatever.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15212
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.whatever.com.              IN      A

;; ANSWER SECTION:
www.whatever.com.       14400   IN      CNAME   whatever.com.
whatever.com.           14400   IN      A       198.57.151.250

;; Query time: 139 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Fri Aug 30 05:49:31 Central Daylight Time 2019
;; MSG SIZE  rcvd: 75

I asked googledns for it - and took 99ms

; <<>> DiG 9.14.4 <<>> @8.8.8.8 www.whatever.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.whatever.com.              IN      A

;; ANSWER SECTION:
www.whatever.com.       14399   IN      CNAME   whatever.com.
whatever.com.           14399   IN      A       198.57.151.250

;; Query time: 99 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 30 05:50:07 Central Daylight Time 2019
;; MSG SIZE  rcvd: 75

So you think a client could ever notice 40 whole ms?? .04 of second ;)

And that is only the first client to ask for it, after that its just served from cache.

mrsunfire

Thank you very much for your help! Keep up the good work.

It helped me a lot to understand the ttl. If I get 0ms its not a whole number:

; <<>> DiG 9.12.2-P1 <<>> twitter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57273
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com.			IN	A

;; ANSWER SECTION:
twitter.com.		1415	IN	A	104.244.42.129
twitter.com.		1415	IN	A	104.244.42.65

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 30 16:25:20 CEST 2019
;; MSG SIZE  rcvd: 72

It now works better with my setting yesterday.

These are my hits:

Shell Output - unbound-control -c /var/unbound/unbound.conf stats_noreset | grep total.num
total.num.queries=22053
total.num.queries_ip_ratelimited=0
total.num.cachehits=16235
total.num.cachemiss=5818
total.num.prefetch=8910
total.num.zero_ttl=9416
total.num.recursivereplies=5818

I also tested you example and wow, this domain took long:

; <<>> DiG 9.12.2-P1 <<>> www.whatever.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55651
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.whatever.com.		IN	A

;; ANSWER SECTION:
www.whatever.com.	14400	IN	CNAME	whatever.com.
whatever.com.		14400	IN	A	198.57.151.250

;; Query time: 1192 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 30 16:33:41 CEST 2019
;; MSG SIZE  rcvd: 75

Cloudflare was quiet fast:

; <<>> DiG 9.12.2-P1 <<>> @1.1.1.1 www.whatever.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12365
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.whatever.com.		IN	A

;; ANSWER SECTION:
www.whatever.com.	14400	IN	CNAME	whatever.com.
whatever.com.		10732	IN	A	198.57.151.250

;; Query time: 175 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 30 16:34:49 CEST 2019
;; MSG SIZE  rcvd: 75

johnpoz

@mrsunfire said in DNS Resolver not caching correct?:

;; Query time: 1192 msec

Depends where your at in the world to where the authoritative ns and other root servers are, the latency of your connection, etc. etc.

Keep in mind that example so this had to be resolved to even then resolve that.. So yeah those can be longer.. You can see from your 175ms response - looks like 1 had to be resolved, but the other was cached since you got back 10732 so half of the thing you looked for was cached..

you understand that 1000 ms is 1 second - so not sure I would call that LONG ;) in the big picture.. So your website would of take a whole second longer to load then if the dns had been cached. Which still might be 30 seconds - depending on what the site was, etc. and how fast it is, and your connection to it, etc. And now that its looked up for the next 4 hours your cached.. And if you have prefetch on other clients actually ask for that again it could be refreshed in the background and you would never see such a delay again, etc.

mrsunfire

@johnpoz 1000 is very long. Usualle my sites load instant. I have around 7 ms to google.de (Germany).

johnpoz

@mrsunfire said in DNS Resolver not caching correct?:

I have around 7 ms to google.de (Germany).

The amount of time to ping site has ZERO to do with how fast it loads in your browser -- sorry but site pull up in your browser is not freaking loading in .007 seconds..

Keep in mind that once I site is loaded once - much of it could be cached by your browser as well, etc.

1000 ms to RESOLVE something where the authoritative ns for that domain could be on the other side of the planet is not a LONG time ;)

Your in DE? That is a long way from Utah in the US which is where those NS seem to be.. And that is just those.. that is not the others in the chain..

Do you actually understand how something is resolved?

Even if you had .com NS cached, you still had to go ask them... And how far away are they from you for the NS for whatever.com etc. Then you had to go ask the NS for whatever.com for www.whatever.com, which is then a cname for whatever.com so you then had to do another query, etc. Which if your in DE, and the NS are in Utah.. that going to be a tad higher than 7ms away ;)

Do a dig +trace for that whatever.com to see how you get to it, and how fast the authoritative NS can answer you, etc.

mrsunfire

Yes it gets more clear for me now, thanks.

Heres the traceroute:

1  37.49.100.1  6.696 ms  6.047 ms  6.332 ms
 2  172.30.22.97  6.166 ms  6.018 ms  6.383 ms
 3  84.116.191.221  8.367 ms  9.098 ms  8.967 ms
 4  84.116.130.102  7.959 ms  7.905 ms  7.490 ms
 5  129.250.9.29  8.914 ms  8.023 ms  8.070 ms
 6  129.250.4.16  8.048 ms  8.483 ms  8.894 ms
 7  129.250.4.96  94.929 ms  94.882 ms  96.235 ms
 8  129.250.3.189  160.419 ms  160.473 ms  164.702 ms
 9  129.250.3.238  160.700 ms  160.501 ms  160.755 ms
10  129.250.2.16  161.365 ms  160.543 ms  160.335 ms
11  129.250.198.182  158.326 ms  158.105 ms  158.365 ms
12  162.144.240.163  182.527 ms  182.299 ms  182.470 ms
13  162.144.240.127  182.288 ms  182.736 ms  183.292 ms
14  198.57.151.250  158.162 ms  159.572 ms  158.137 ms

Some names are resolved with 0ms now on morning, others I used yesterday not. Why? Does unbound cached more used names longer?

Why stopped unbound this night? Has it something to do with pfblockerNG-devel?

Aug 31 00:00:16	unbound	5433:0	info: start of service (unbound 1.9.1).
Aug 31 00:00:16	unbound	5433:0	notice: init module 1: iterator
Aug 31 00:00:16	unbound	5433:0	notice: init module 0: validator
Aug 31 00:00:15	unbound	5433:0	notice: Restart of unbound 1.9.1.
Aug 31 00:00:15	unbound	5433:0	info: 0.524288 1.000000 4
Aug 31 00:00:15	unbound	5433:0	info: 0.262144 0.524288 7
Aug 31 00:00:15	unbound	5433:0	info: 0.131072 0.262144 54
Aug 31 00:00:15	unbound	5433:0	info: 0.065536 0.131072 98
Aug 31 00:00:15	unbound	5433:0	info: 0.032768 0.065536 68
Aug 31 00:00:15	unbound	5433:0	info: 0.016384 0.032768 43
Aug 31 00:00:15	unbound	5433:0	info: 0.008192 0.016384 28
Aug 31 00:00:15	unbound	5433:0	info: 0.004096 0.008192 2
Aug 31 00:00:15	unbound	5433:0	info: 0.000000 0.000001 42
Aug 31 00:00:15	unbound	5433:0	info: lower(secs) upper(secs) recursions
Aug 31 00:00:15	unbound	5433:0	info: [25%]=0.0219088 median[50%]=0.0607172 [75%]=0.116694
Aug 31 00:00:15	unbound	5433:0	info: histogram of recursion processing times
Aug 31 00:00:15	unbound	5433:0	info: average recursion processing time 0.082558 sec
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 3: requestlist max 19 avg 0.542125 exceeded 0 jostled 0
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 3: 1239 queries, 893 answers from cache, 346 recursions, 473 prefetch, 0 rejected by ip ratelimiting
Aug 31 00:00:15	unbound	5433:0	info: 2.000000 4.000000 2
Aug 31 00:00:15	unbound	5433:0	info: 1.000000 2.000000 4
Aug 31 00:00:15	unbound	5433:0	info: 0.524288 1.000000 9
Aug 31 00:00:15	unbound	5433:0	info: 0.262144 0.524288 45
Aug 31 00:00:15	unbound	5433:0	info: 0.131072 0.262144 236
Aug 31 00:00:15	unbound	5433:0	info: 0.065536 0.131072 366
Aug 31 00:00:15	unbound	5433:0	info: 0.032768 0.065536 363
Aug 31 00:00:15	unbound	5433:0	info: 0.016384 0.032768 248
Aug 31 00:00:15	unbound	5433:0	info: 0.008192 0.016384 100
Aug 31 00:00:15	unbound	5433:0	info: 0.004096 0.008192 10
Aug 31 00:00:15	unbound	5433:0	info: 0.002048 0.004096 3
Aug 31 00:00:15	unbound	5433:0	info: 0.001024 0.002048 3
Aug 31 00:00:15	unbound	5433:0	info: 0.000512 0.001024 2
Aug 31 00:00:15	unbound	5433:0	info: 0.000256 0.000512 2
Aug 31 00:00:15	unbound	5433:0	info: 0.000000 0.000001 152
Aug 31 00:00:15	unbound	5433:0	info: lower(secs) upper(secs) recursions
Aug 31 00:00:15	unbound	5433:0	info: [25%]=0.0239319 median[50%]=0.0555612 [75%]=0.114912
Aug 31 00:00:15	unbound	5433:0	info: histogram of recursion processing times
Aug 31 00:00:15	unbound	5433:0	info: average recursion processing time 0.086276 sec
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 2: requestlist max 28 avg 1.21664 exceeded 0 jostled 0
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 2: 4486 queries, 2941 answers from cache, 1545 recursions, 1580 prefetch, 0 rejected by ip ratelimiting
Aug 31 00:00:15	unbound	5433:0	info: 1.000000 2.000000 1
Aug 31 00:00:15	unbound	5433:0	info: 0.524288 1.000000 12
Aug 31 00:00:15	unbound	5433:0	info: 0.262144 0.524288 27
Aug 31 00:00:15	unbound	5433:0	info: 0.131072 0.262144 75
Aug 31 00:00:15	unbound	5433:0	info: 0.065536 0.131072 213
Aug 31 00:00:15	unbound	5433:0	info: 0.032768 0.065536 180
Aug 31 00:00:15	unbound	5433:0	info: 0.016384 0.032768 124
Aug 31 00:00:15	unbound	5433:0	info: 0.008192 0.016384 60
Aug 31 00:00:15	unbound	5433:0	info: 0.004096 0.008192 3
Aug 31 00:00:15	unbound	5433:0	info: 0.002048 0.004096 1
Aug 31 00:00:15	unbound	5433:0	info: 0.000512 0.001024 1
Aug 31 00:00:15	unbound	5433:0	info: 0.000000 0.000001 71
Aug 31 00:00:15	unbound	5433:0	info: lower(secs) upper(secs) recursions
Aug 31 00:00:15	unbound	5433:0	info: [25%]=0.0237832 median[50%]=0.0553415 [75%]=0.107381
Aug 31 00:00:15	unbound	5433:0	info: histogram of recursion processing times
Aug 31 00:00:15	unbound	5433:0	info: average recursion processing time 0.082412 sec
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 1: requestlist max 23 avg 0.68534 exceeded 0 jostled 0
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 1: 2418 queries, 1650 answers from cache, 768 recursions, 910 prefetch, 0 rejected by ip ratelimiting
Aug 31 00:00:15	unbound	5433:0	info: 2.000000 4.000000 2
Aug 31 00:00:15	unbound	5433:0	info: 1.000000 2.000000 5
Aug 31 00:00:15	unbound	5433:0	info: 0.524288 1.000000 11
Aug 31 00:00:15	unbound	5433:0	info: 0.262144 0.524288 37
Aug 31 00:00:15	unbound	5433:0	info: 0.131072 0.262144 288
Aug 31 00:00:15	unbound	5433:0	info: 0.065536 0.131072 409
Aug 31 00:00:15	unbound	5433:0	info: 0.032768 0.065536 398
Aug 31 00:00:15	unbound	5433:0	info: 0.016384 0.032768 258
Aug 31 00:00:15	unbound	5433:0	info: 0.008192 0.016384 133
Aug 31 00:00:15	unbound	5433:0	info: 0.004096 0.008192 9
Aug 31 00:00:15	unbound	5433:0	info: 0.002048 0.004096 7
Aug 31 00:00:15	unbound	5433:0	info: 0.001024 0.002048 2
Aug 31 00:00:15	unbound	5433:0	info: 0.000512 0.001024 3
Aug 31 00:00:15	unbound	5433:0	info: 0.000256 0.000512 3
Aug 31 00:00:15	unbound	5433:0	info: 0.000128 0.000256 1
Aug 31 00:00:15	unbound	5433:0	info: 0.000000 0.000001 199
Aug 31 00:00:15	unbound	5433:0	info: lower(secs) upper(secs) recursions
Aug 31 00:00:15	unbound	5433:0	info: [25%]=0.0217342 median[50%]=0.0547917 [75%]=0.115329
Aug 31 00:00:15	unbound	5433:0	info: histogram of recursion processing times
Aug 31 00:00:15	unbound	5433:0	info: average recursion processing time 0.084765 sec
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 0: requestlist max 23 avg 1.41447 exceeded 0 jostled 0
Aug 31 00:00:15	unbound	5433:0	info: server stats for thread 0: 5246 queries, 3481 answers from cache, 1765 recursions, 1842 prefetch, 0 rejected by ip ratelimiting
Aug 31 00:00:15	unbound	5433:0	info: service stopped (unbound 1.9.1).