Ability to detect when queries are being blocked at the network level
Daisuke HIGASHI
daisuke.higashi at gmail.com
Sat May 5 14:37:10 UTC 2018
Hi John,
If all authoritative servers for particular domain discard
(silently) queries from your Unbound resolver,
you could detect it with `unbound-control dump_infra'.
$ unbound-control dump_infra | grep nsec3.net
133.242.130.108 nsec3.net. ttl 571 ping 0 var 94 rtt 376 rto 120000 (snip)
2401:2500:102:1102:133:242:130:108 nsec3.net. ttl 571 ping 0 var 94
rtt 376 rto 120000 (snip)
Note that 'rto' of all nameservers serving 'nsec3.net' are 120000
(milliseconds).
As 'Unbound Timeout Information' document describes 'rto 120000' indicates that
Unbound resolver determines the nameserver is unresponsible.
Of course, we cannot distinguish between nameservers down (network
unreachable) and
discarded queries.
--
Daisuke HIGASHI
More information about the Unbound-users
mailing list