[Unbound-users] Caching 'invalid response' or at least knowing not to look it up again...

Karl Pielorz kpielorz_lst at tdx.co.uk
Sat Sep 15 08:04:52 UTC 2012


We're running Unbound 1.4.18 on a number of FreeBSD machines now - and this 
generally, seems to be running well.

Initially we had an issue with our forwarders being 'overrun' for queries 
when domains were invalid - this was fixed by setting our "forward only" 
unbound.conf to use 'forward-first: no'

However, our BIND based forwarders (which unbound forwards onto) still see 
a large percentage of queries for domains, which they cannot resolve 
properly - and therefore return "invalid response", e.g.

15-Sep-2012 06:02:08.484 resolver: notice: DNS format error from resolving iumdoctors.com/NS for client 
invalid response

Unbound running on will keep asking for data about 
"iumdoctors.com" quite often, for quite a while. This may well be in 
response to software on that host, asking a lot for NS records for 

Is there any setting in 1.4.18 that we can use to tell Unbound to cache the 
fact this query failed / gave an invalid response, so it can answer to 
clients for say the next 5 or 10 minutes from cache - without bothering the 
main forwarders?

This would dramatically cut the number of these queries being issued 
against our forwarders.

We did look at this before - but were more concerned with other issues 
(which as I said were resolved by setting 'forward-first: no') - now the 
system has been running a while, we can see that the query load on BIND has 
been reduced, but by caching this kind of lookup it'd drop even further.



More information about the Unbound-users mailing list