<html><head></head><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:16px"><div dir="ltr"><span>I don't have forward-first enabled on any of the forwarded domains. We have done a tcpdump and unbound is reaching the forwarded DNS server each time but its not getting the correct information when establishing the web connection.</span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: lucida console, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Wednesday, October 31, 2018 9:29 AM, Ralph Dolmans via Unbound-users <unbound-users@nlnetlabs.nl> wrote:<br></font></div> <br><br> <div class="y_msg_container"><div dir="ltr">Hi Andrew,<br clear="none"><br clear="none">Not sure I understand your question/problem. Is Unbound sometimes<br clear="none">skipping the forwarder and resolving as if there is no forwarder<br clear="none">configured? Do you have forward-first enabled? In that case Unbound will<br clear="none">ignore the configured forwarder when they become unreachable. Maybe that<br clear="none">happened?<br clear="none"><br clear="none">-- Ralph<br clear="none"><div class="yqt5490313413" id="yqtfd15580"><br clear="none">On 30-10-18 14:52, Andrew Meyer via Unbound-users wrote:<br clear="none">> I have recently setup unbound on CentOS 7 (latest) running version<br clear="none">> 1.6.6. So far unbound has been chugging away for about a month. In my<br clear="none">> configuration I have an on premise server configured with lots of<br clear="none">> internal forwarded domains going to Amazon Route53. As of yesterday<br clear="none">> unbound started to flip/flop resolution from the internal/private zones<br clear="none">> to the external zones. I'm not sure why. I have turned up the logging<br clear="none">> verbosity to see if there was an apparent issue. I though at one point<br clear="none">> we hit a wall with number of packets per request. My colleague and I<br clear="none">> thought we hit a resource records maximum limit. We have opened a<br clear="none">> ticket with Amazon to get more information on their side. <br clear="none">> <br clear="none">> In my config file:<br clear="none">> num-threads: 4 <br clear="none">> so-rcvbuf: 4m<br clear="none">> so-sndbuf: 4m<br clear="none">> cache-max-negative-ttl: 10<br clear="none">> do-ip4: yes<br clear="none">> do-ip6: yes<br clear="none">> do-udp: yes<br clear="none">> do-tcp: yes<br clear="none">> <br clear="none">> <br clear="none">> Everything in my zones config file is a forward-zone and not a<br clear="none">> stub-zone, not sure if that matters.<br clear="none">> <br clear="none">> Any help is greatly appreciated.<br clear="none">> <br clear="none">> Regards,<br clear="none">> Andrew<br clear="none"></div></div><br><br></div> </div> </div> </div></div></body></html>