BIND and UDP tuning

[Alex]

Hi,

> > It also tends to happen in bulk - there may be 25 SERVFAILs within
> > the same second, then nothing for another few minutes.
>
> Hmmm.  If it isn't the modem and it isn't the BLs then it more or less
> has to be the service, no?

Yes, most likely, but I was looking for more definitive proof that the
circuit wasn't doing what it should be (or at least, what I expect). I
also wasn't sure if it was a tuning issue (network, bind, server
itself, etc).

> I'd be tempted by Mr. Clegg's suggestion to spin up a VPS somewhere
> with decent connection, which will at least offload a lot of retries.

I built an encrypted tunnel using socat with a VPS and a decent
connection and the bind SERVFAIL messages almost entirely went away.
The remaining ones seem to be actual SERVFAIL problems.

> Then you'll probably have a whole new can of worms to investigate, but
> the worms will definitely tell you something. :)

Yeah, socat isn't a good permanent solution. Looks like I'll get
libreswan going. Building a VPN for a specific port/service is a
little more difficult, I believe.