Unbound Consultation

Benno Overeinder benno at NLnetLabs.nl
Thu Aug 10 11:35:27 UTC 2017


I agree with Eric that your question might apply to the authoritative
name server rather than Unbound.  Having said that, there are options to
reduce/minimize the authoritative and additional section in a DNS
response (minimal-responses option both in NSD and Unbound), but not for
the answer section.

For large answers though, TCP fail-over should work or an EDNS buffer
size of 4096 (if client supports EDNS).

An authoritative/recursive name server cannot cut an answer in pieces
and remove RRs.  If your users still encounter this problem with a large
answer section, the suggestion of Eric would be your path forward and
you can develop a Python plugin to modify DNS replies such that if fits
with your requirements.

Best regards,

-- Benno

On 06/08/2017 22:14, Eric Luehrsen via Unbound-users wrote:
> It is not entirely clear from your question, so it may be that your
> question applies to NSD vs BIND rather than Unbound vs BIND. Note where
> BIND is a combined recursive server and authoritative server, Unbound is
> a standalone recursive server, and NSD is a standalone authoritative server.
> If your hosting provider is handling the authoritative DNS, then you can
> use Unbound and python plug-ins to modify the records. You may find a
> reasonable starting point under "examples" here:
> http://unbound.net/documentation/pythonmod/index.html. Maybe do
> something similar to blacklist record manipulation and instead strip
> excess records.
> On 08/06/2017 11:57 AM, Avi Harari via Unbound-users wrote:
>> Can anyone assist?
>> Thanks in advance!
>> 2017-08-03 16:25 GMT-04:00 Avi Harari <harariboy at gmail.com
>> <mailto:harariboy at gmail.com>>:
>>     Dear List,
>>     I'm currently using bind and I have a unique scenario.
>>     I have A records with multiple IPs (e.g xyz.mydomain.com
>>     <http://xyz.mydomain.com> has 200 different IPs).
>>     Recently some users encountered an issue while trying to resolve
>>     these records, apparently due to the record size.
>>     I was wondering if with Unbound I can control the response size
>>     and limit it (so that for example when a user is resolving
>>     xyz.mydomain.com <http://xyz.mydomain.com> he will only receive
>>     one or several records as per the round robin load balancing).
>>     Looking forward for your insights.
>>     Regards,
>>     Avi
>> -- 
>> אבי הררי

Benno J. Overeinder
NLnet Labs

More information about the Unbound-users mailing list