[Unbound-users] Caching 'invalid response' or at least knowing not to look it up again...
Karl Pielorz
kpielorz_lst at tdx.co.uk
Sat Sep 15 08:04:52 UTC 2012
Hi,
We're running Unbound 1.4.18 on a number of FreeBSD machines now - and this
generally, seems to be running well.
Initially we had an issue with our forwarders being 'overrun' for queries
when domains were invalid - this was fixed by setting our "forward only"
unbound.conf to use 'forward-first: no'
However, our BIND based forwarders (which unbound forwards onto) still see
a large percentage of queries for domains, which they cannot resolve
properly - and therefore return "invalid response", e.g.
"
15-Sep-2012 06:02:08.484 resolver: notice: DNS format error from
195.189.226.227#53 resolving iumdoctors.com/NS for client 192.168.0.2#5828:
invalid response
"
Unbound running on 192.168.0.2 will keep asking for data about
"iumdoctors.com" quite often, for quite a while. This may well be in
response to software on that host, asking a lot for NS records for
'iumdoctors.com'.
Is there any setting in 1.4.18 that we can use to tell Unbound to cache the
fact this query failed / gave an invalid response, so it can answer to
clients for say the next 5 or 10 minutes from cache - without bothering the
main forwarders?
This would dramatically cut the number of these queries being issued
against our forwarders.
We did look at this before - but were more concerned with other issues
(which as I said were resolved by setting 'forward-first: no') - now the
system has been running a while, we can see that the query load on BIND has
been reduced, but by caching this kind of lookup it'd drop even further.
Thanks,
-Karl
More information about the Unbound-users
mailing list