If you measure them yourself, do you see any difference?
Install bind-dig and do a dig www.example.com | grep time
Only the first time you'll get the actual response time. Beyond that you'll see 0, because the cache will respond.
I know, but I'm not too worried about adding a delay: the initial goal was security / independence.
I'm just surprised that I don't feel this delay and I was looking for a way to graph stats from unbound. I still am.
I have created a /etc/unbound/root.hints.f file like this, by cutting out all lines except those for F:
In /etc/unbound/unbound_srv.conf I have added: root-hints: "/etc/unbound/root.hints.f"
Restarted unbound from cmdline, now dig says it cannot find any servers
Removed the root-hints keyword, restarted, works again. Same thing if I use the full unedited file: does not work. The files are readable, they're copied correctly to the chroot and I've verified it is not a firewall issue (there's only one rule to block forwards from internal network, not relevant).
EDIT: possibly fixed the hints problem, maybe a chroot issue.
Correct: root-hints: "/root.hints"
Incidentally, if I just enable the caching of zone files the lookup for example.com goes down a little bit.
EDIT: performance with just the F root server in the hints file is in the 600-800ms range, just like zone caching.
Let's drop this hints test for the moment, I'd be perfectly happy for the moment to have the ability to plot performance stats from unbound. There are examples but none for collectd.
I'd rather avoid it if possible: I'm skating towards more privacy and more robustness, so depending on a single upstream isn't desirable, else I would have stayed with the default dnsmasq installation.