forward zones with broken forwarders

Florian Riehm mail at friehm.de
Tue May 8 08:44:26 UTC 2018


Hi,

Often I see unbound configurations with multiple forwarders for zones
like this:
forward-zone:
     name: "."
     forward-addr: 1.1.1.1
     forward-addr: 1.1.1.2
     forward-addr: 1.1.1.3
     forward-addr: 1.1.1.4

The intention of customers for such configurations are redundancy purposes.
As long as all forwarders are reachable the configuration works well and
provides loadbalancing for the forwarders. But if one forwarder becomes
unreachable, unbound keeps asking it. Timeouts occur, many requests fail and
dns resolution becomes very slow. This means the redundancy requirement is not
fulfilled. I would expect that the infra cache is able to track if a forwarder
becomes unreachable, but that seems not to be true.

Is there a way to configure unbound to deal with unreachable forwarders in a
better way?

Thanks & Regards

Florian



More information about the Unbound-users mailing list