Performing an "unbound-control reload" on an RPZ enabled server causes it to become temporarily unresponsive

[deteque]

We generate a portion of the unbound.conf file through back end databases. Most of these files deal with tags and access-control-tag settings. The generated files are merged into the main configuration file via include statements. Once the files have been updated, we initiate an "unbound-control reload" command to reload the config and activate the modified settings.

The reload causes the cpu to go to 100% until the configs have been reread. During that time, unbound becomes completely unresponsive; queries sent to the servers simply time out. Depending on the number of zones and the size of the server, we're experiencing down times of between 30-90 seconds each time a reload is initiated.

We require full logging of rpz rewrites, so putting a load balancer like dnsdist in front of each RPZ DNS cluster isn't feasble.

Ideally, Unbound would provide the capability to perform a soft reload similar to the way bind does "rndc reload" that would enable config changes without causing the resolver to go down during the update.