I have a discrepancy in query latency. It's not a problem, it's just strange enough to worry me.
- Client machine (Fedora 18) runs unbound-1.4.19-1.fc18.x86_64.
- Server machine (Debian 7 testing) runs unbound 1.4.17-2.
Both are connected to the same home router. However the server can resolve uncached queries almost twice as fast. This wasn't what I expected at all! The server is a 1Ghz ARM (sheevaplug), and the client machine is a 2.1Ghz Intel Core Duo.
Both instances validate DNSSEC. They return SERVFAIL for www.dnssec-failed.org. Both are configured to use the same upstream DNS caches from my ISP.
All I can think of so far is some issue with NAT. The router is configured with the server as "default DMZ", i.e. it gets any packets no-one else is claiming, which is how I run public services like SSH and bittorrent :). Or... maybe minor-version-19 is validating more strictly than minor-version-17, in some way?
Test methodology: resolution of 10 non-existent sub-domains of .de. (Should cause ISP cache misses). The .de. TLD is pre-loaded by querying yahoo.
From client side
$ for i in 1 2 3 4 5 6 7 8 9; do sudo unbound-control reload; (dig yahoo.de.; dig twitter$i.de.) | grep Query; done
Result - mean 120ms, stddev 60ms
From server side
$ for i in 1 2 3 4 5 6 7 8 9; do sudo unbound-control reload; (dig yahoo.de.; dig aldi$i.de. ) | grep Query; done
Result - mean 70ms, stddev 50ms
I know, the test doesn't look great, and my statistics may not be overwhelming evidence. But I tried it a few more times, and it's not looking any different.