<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font size="2">Hi</font><br>
<br>
<font size="2">We are using unbound docker containers (version
1.22) in our corporate environment and after fixing an issue
with DNSSEC records, I wanted to ask about some of the logging
statistics to see if there still might be an performance issue.<br>
<br>
Last week, we were getting reports of certain domains not
resolving and I saw error messages like the following in the
logs:</font><br>
<font face="monospace"><font size="4"><br>
[1747490624] unbound[1:2] info: validation failure
<wpad.domain.com. A IN>: SERVFAIL [exceeded the maximum
number of sends] no DS for DS domain.com. while building chain
of trust<br>
[1747493945] unbound[1:1] error: SERVFAIL
<wpad.domain.com. A IN>: exceeded the maximum number of
sends</font></font><br>
<font size="2"><br>
I ended up adding the following which seemed to resolve the
issue:<br>
<br>
max-sent-count: 200<br>
<br>
I had tried some lower values initially, but that didn't resolve
the problem until I bumped it up to 200.<br>
<br>
<br>
So at the moment we are not getting any reports for DNS client
failues, but I am seeing the following in the logs:<br>
</font></p>
<blockquote><font size="4" face="monospace">[1747757273]
unbound[1:0] info: server stats for thread 0: requestlist max 78
avg 68.4251 exceeded 84 jostled 0<br>
[1747757333] unbound[1:0] info: server stats for thread 0:
requestlist max 72 avg 66.9528 exceeded 55 jostled 0<br>
[1747757393] unbound[1:0] info: server stats for thread 0:
requestlist max 78 avg 66.9892 exceeded 62 jostled 0</font><br>
</blockquote>
<p><br>
<font size="2">The thread server stats is always showing a
significant number for exceeded. The host where the container is
running is not overloaded. I do see in the logs that there are a
significant number of requests for legacy subdomains that are no
longer in use and cause error messages like the following:</font><br>
<br>
</p>
<blockquote><font size="4" face="monospace">[1747758108]
unbound[1:0] error: SERVFAIL <db01-dev.dev.domain.com. A
IN>: all the configured stub or forward servers failed, at
zone domain.com. from 10.10.32.2 got SERVFAIL<br>
</font></blockquote>
<font size="2">My main question is, would those requests that are
being forwarded and timing out with a client error "no servers
could be reached" be a source for the "exceeded" count in the
thread server stats?<br>
<br>
Thanks,<br>
<br>
-Mike Durkin</font><br>
<p> <br>
<br>
<br>
<br>
<br>
</p>
</body>
</html>