problems with stub-zones
A. Schulze
sca at andreasschulze.de
Mon Aug 15 12:44:39 UTC 2016
Hello
we still have an unsolved issue and cannot find a solution. It's still
the same as
https://www.unbound.net/pipermail/unbound-users/2015-October/004057.html ...
test-setup:
client -> router -> unbound -> router -> nameserver1 + nameserver2
client's /etc/resolv.conf has only one line: "nameserver ${unbound-ip}"
unbound.conf is minimal:
server:
local-zone: "10.in-addr.arpa." transparent
domain-insecure: "10.in-addr.arpa."
stub-zone:
name: "10.in-addr.arpa."
stub-addr: ${nameserver1-ip}
stub-addr: ${nameserver2-ip}
nameserver1+2 serve 10.in-addr.arpa. using http://cr.yp.to/djbdns/walldns.html
Everything is fine as long as both nameservers are up.
If one server fail (simple case: host up, nameserver down) client get
"no servers could be reached" or similar
answers from local stubresolver. A moment later a second query for the
same name succeed. But again some queries later we observe timeouts or
no answers again.
With tcpdump on both nameservers I see queries that are immediately
answers by the running nameserver
if the nameserver is down, I see "ICMP port unreadable" packets back
to unbound.
I run "watch -n 1 unbound-control dump_infa | grep arpa"
There is a value "delay" in the line of the failed nameserver that
count down from 30...90 up to zero.
After unbound once learned nameserver1 is down I could ask non-cached
queries which are answered immediately
Until the delay counter reach 0. Then there is a again the error in
answering un-cached queries.
it's unbound-1.5.9 including the patch
https://www.unbound.net/pipermail/unbound-users/2016-June/004379.html.
minimal-responses, qname-minimisation and use-caps-for-id are disabled.
Andreas
More information about the Unbound-users
mailing list