unbound resolving different address intermittenly

John Peacock jpeacock at messagesystems.com
Tue Oct 30 14:56:56 UTC 2018

We've hit several un[der]documented limits when using AWS, see the first
two entries here:


Our Principal Operations Engineer did a more technical presentation at
several Usenix conferences:


I don't know if any of that will help you; we are fully in the cloud and so
our usage pattern is likely very different from yours (since you have an
on-prem resolver).

I normally prefer stub zones over forward zones for this kind of
configuration, since the AWS zones are authoritative and you don't need to
use forward (which is implicitly a recursive query).



On Tue, Oct 30, 2018 at 9:52 AM, Andrew Meyer via Unbound-users <
unbound-users at nlnetlabs.nl> wrote:

> I have recently setup unbound on CentOS 7 (latest) running version 1.6.6.
> So far unbound has been chugging away for about a month.  In my
> configuration I have an on premise server configured with lots of internal
> forwarded domains going to Amazon Route53.   As of yesterday unbound
> started to flip/flop resolution from the internal/private zones to the
> external zones.  I'm not sure why.  I have turned up the logging verbosity
> to see if there was an apparent issue.  I though at one point we hit a wall
> with number of packets per request.  My colleague and I thought we hit a
> resource records maximum limit.   We have opened a ticket with Amazon to
> get more information on their side.
> In my config file:
> num-threads: 4
> so-rcvbuf: 4m
> so-sndbuf: 4m
> cache-max-negative-ttl: 10
> do-ip4: yes
> do-ip6: yes
> do-udp: yes
> do-tcp: yes
> Everything in my zones config file is a forward-zone and not a stub-zone,
> not sure if that matters.
> Any help is greatly appreciated.
> Regards,
> Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181030/cdbb54a7/attachment.htm>

More information about the Unbound-users mailing list