forward zones with broken forwarders
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue May 8 08:57:10 UTC 2018
Hi Florian,
On 08/05/18 10:44, Florian Riehm via Unbound-users wrote:
> Hi,
>
> Often I see unbound configurations with multiple forwarders for zones
> like this:
> forward-zone:
> name: "."
> forward-addr: 1.1.1.1
> forward-addr: 1.1.1.2
> forward-addr: 1.1.1.3
> forward-addr: 1.1.1.4
>
> The intention of customers for such configurations are redundancy purposes.
> As long as all forwarders are reachable the configuration works well and
> provides loadbalancing for the forwarders. But if one forwarder becomes
> unreachable, unbound keeps asking it. Timeouts occur, many requests fail
> and
> dns resolution becomes very slow. This means the redundancy requirement
> is not
> fulfilled. I would expect that the infra cache is able to track if a
> forwarder
> becomes unreachable, but that seems not to be true.
>
> Is there a way to configure unbound to deal with unreachable forwarders
> in a
> better way?
This question was already asked by someone else, and a fix is in the
code repository. That will mark the forwarders as not working and
select the working forwarders, automatically. After a brief couple of
timeouts to detect the failing addresses (a second, or a couple of
seconds each).
Best regards, Wouter
>
> Thanks & Regards
>
> Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180508/442f41ac/attachment.bin>
More information about the Unbound-users
mailing list