[Unbound-users] forward-zone bug (out of query targets -- returning SERVFAIL)
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Nov 25 18:56:10 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Aaron,
Aaron Hopkins wrote:
> Turning a 2 minute outage into a 17 minute outage by default is awful
> behavior. Dmitriy is being hit particularly hard here because he's only
> talking to one forwarder, but I assume this will happen just as easily with
> the root, .com, etc if my internet connectivity goes down for 2 minutes but
> my users are still actively trying to get somewhere new.
>
> Blacklisting a subset of nameservers for a zone for a while is sane, as
> long
> as you have someone left to talk to. But as soon as all possible IPs to
> send a query to are marked unresponsive, you can't just decide to not do
> any
> lookups for the zone for an extended period. Is it unreasonable to ask for
> either a much shorter blacklist TTL in the all-IPs-unavailable case or
> do to
> some form of low-volume probing (e.g. allow one query through per
> minute, as
> a test)?
That sounds reasonable, I'll see what I can do.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkksSkoACgkQkDLqNwOhpPjwRACfVvr9XLMRCVWeSBSqJpeDhoPj
6XkAoKWk2X8rIr72cqAtrB+46jJI0DRQ
=Nt2X
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list