Hi, <br><br>I am in the process of moving a number of caching boxes to unbound. <br><br>One thing I have noticed is the time it takes for a servfail to get generated should a domain not be available/visible. <br><br>Example. <br>
<br>With unbound I get a timeout (which some clients see as the dns server failing and not answering)<br><br># dig <a href="http://bagmail.com">bagmail.com</a> mx @<a href="http://dnscache1-ctn.is.co.za">dnscache1-ctn.is.co.za</a><br>
<br>; <<>> DiG 9.6.1-P2 <<>> <a href="http://bagmail.com">bagmail.com</a> mx @unbound_server<br>;; global options: +cmd<br>;; connection timed out; no servers could be reached<br><br>With our current product I get a servfail. <br>
<br># dig <a href="http://bagmail.com">bagmail.com</a> mx @current_cache<br><br>; <<>> DiG 9.6.1-P2 <<>> <a href="http://bagmail.com">bagmail.com</a> mx @<a href="http://dnscache2-ctn.is.co.za">dnscache2-ctn.is.co.za</a><br>
;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35397<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br><br>;; QUESTION SECTION:<br>;<a href="http://bagmail.com">bagmail.com</a>. IN MX<br>
<br>;; Query time: 5000 msec<br><br>;; WHEN: Fri Jan 15 16:00:17 2010<br>;; MSG SIZE rcvd: 29<br><br>The issue with this specific domain is the NS servers, ns1 and <a href="http://ns2.goldkey.com">ns2.goldkey.com</a> don't exist<br>
<br><a href="http://bagmail.com">bagmail.com</a>. 172800 IN NS <a href="http://ns1.goldkey.com">ns1.goldkey.com</a>.<br><a href="http://bagmail.com">bagmail.com</a>. 172800 IN NS <a href="http://ns2.goldkey.com">ns2.goldkey.com</a>.<br>
<br>unbound-control lookup on that domain shows the following<br><br># unbound-control lookup <a href="http://bagmail.com">bagmail.com</a><br>The following name servers are used for lookup of <a href="http://bagmail.com">bagmail.com</a>.<br>
;rrset 84946 2 0 2 0<br><a href="http://bagmail.com">bagmail.com</a>. 171346 IN NS <a href="http://ns1.goldkey.com">ns1.goldkey.com</a>.<br><a href="http://bagmail.com">bagmail.com</a>. 171346 IN NS <a href="http://ns2.goldkey.com">ns2.goldkey.com</a>.<br>
;rrset 84946 1 0 1 0<br><a href="http://ns2.goldkey.com">ns2.goldkey.com</a>. 171346 IN A 206.83.79.29<br>;rrset 84946 1 0 1 0<br><a href="http://ns1.goldkey.com">ns1.goldkey.com</a>. 171346 IN A 64.95.64.222<br>
Delegation with 2 names, of which 2 can be examined to query further addresses.<br>It provides 2 IP addresses.<br>64.95.64.222 rtt 120000 msec, 12 lost. noEDNS probed.<br>206.83.79.29 rtt 120000 msec, 17 lost. noEDNS probed.<br>
<br>Is there anyway to get unbound to return a servfail straight away ? <br><br>Thanks<br><br>Gareth <br>