forward zones with broken forwarders

W.C.A. Wijngaards wouter at
Tue May 8 08:57:10 UTC 2018

Hi Florian,

On 08/05/18 10:44, Florian Riehm via Unbound-users wrote:
> Hi,
> Often I see unbound configurations with multiple forwarders for zones
> like this:
> forward-zone:
>     name: "."
>     forward-addr:
>     forward-addr:
>     forward-addr:
>     forward-addr:
> The intention of customers for such configurations are redundancy purposes.
> As long as all forwarders are reachable the configuration works well and
> provides loadbalancing for the forwarders. But if one forwarder becomes
> unreachable, unbound keeps asking it. Timeouts occur, many requests fail
> and
> dns resolution becomes very slow. This means the redundancy requirement
> is not
> fulfilled. I would expect that the infra cache is able to track if a
> forwarder
> becomes unreachable, but that seems not to be true.
> Is there a way to configure unbound to deal with unreachable forwarders
> in a
> better way?

This question was already asked by someone else, and a fix is in the
code repository.  That will mark the forwarders as not working and
select the working forwarders, automatically.  After a brief couple of
timeouts to detect the failing addresses (a second, or a couple of
seconds each).

Best regards, Wouter

> Thanks & Regards
> Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Unbound-users mailing list