TCP fallback on timeout

Jacob Hoffman-Andrews jsha at
Thu Apr 27 03:14:09 UTC 2017

I'm trying to understand Unbound's TCP fallback better. Is it expected
that Unbound will fall back to TCP when UDP queries timeout, or only if
it receives a truncated ANSWER?

Specifically, I'm trying to make CAA queries, and finding that, when
querying a certain DNS provider (NetRegistry), UDP queries time out but
TCP queries succeed. Specifically, if I set tcp-upstream: yes, I can get
a response, but if I set tcp-upstream: no (the default), I get timeouts
from Unbound, and I never see it fall back to TCP.

I'm considering running two Unbound instances: one with tcp-upstream:
yes, and one with tcp-upstream: no, and having my application implement
fallback between the two. That is, if a query to the first instance
times out, query the second instance. Is that a reasonable approach?


More information about the Unbound-users mailing list