[Unbound-users] Caching 'invalid response' or at least knowing not to look it up again...
kpielorz_lst at tdx.co.uk
Sat Sep 15 08:04:52 UTC 2012
We're running Unbound 1.4.18 on a number of FreeBSD machines now - and this
generally, seems to be running well.
Initially we had an issue with our forwarders being 'overrun' for queries
when domains were invalid - this was fixed by setting our "forward only"
unbound.conf to use 'forward-first: no'
However, our BIND based forwarders (which unbound forwards onto) still see
a large percentage of queries for domains, which they cannot resolve
properly - and therefore return "invalid response", e.g.
15-Sep-2012 06:02:08.484 resolver: notice: DNS format error from
126.96.36.199#53 resolving iumdoctors.com/NS for client 192.168.0.2#5828:
Unbound running on 192.168.0.2 will keep asking for data about
"iumdoctors.com" quite often, for quite a while. This may well be in
response to software on that host, asking a lot for NS records for
Is there any setting in 1.4.18 that we can use to tell Unbound to cache the
fact this query failed / gave an invalid response, so it can answer to
clients for say the next 5 or 10 minutes from cache - without bothering the
This would dramatically cut the number of these queries being issued
against our forwarders.
We did look at this before - but were more concerned with other issues
(which as I said were resolved by setting 'forward-first: no') - now the
system has been running a while, we can see that the query load on BIND has
been reduced, but by caching this kind of lookup it'd drop even further.
More information about the Unbound-users