unbound resolving different address intermittenly

Andrew Meyer andrewm659 at yahoo.com
Tue Oct 30 17:56:22 UTC 2018

No worries.  Just back to square one.   

    On Tuesday, October 30, 2018 12:52 PM, John Peacock <jpeacock at messagesystems.com> wrote:

 Never mind me; I was misremembering how the R53 stuff works.  The VPC network AWS resolver is in fact not authoritative for zones hosted in Route53 (I just checked).  FORWARD is what you want.
On Tue, Oct 30, 2018 at 1:35 PM, Andrew Meyer <andrewm659 at yahoo.com> wrote:

John,Thanks for the response.  The article and video helped some.  We are still looking into the issue. 
Re: stub zonesAll our zones with exception of one is hosted in Route53.  So would Unbound be hitting the recursory servers then? 

    On Tuesday, October 30, 2018 9:56 AM, John Peacock <jpeacock at messagesystems.com> wrote:

 We've hit several un[der]documented limits when using AWS, see the first two entries here:
   https://www.sparkpost.com/ blog/?s=dns
Our Principal Operations Engineer did a more technical presentation at several Usenix conferences:
  https://www.usenix.org/ conference/srecon18americas/ presentation/blosser
I don't know if any of that will help you; we are fully in the cloud and so our usage pattern is likely very different from yours (since you have an on-prem resolver).
I normally prefer stub zones over forward zones for this kind of configuration, since the AWS zones are authoritative and you don't need to use forward (which is implicitly a recursive query).
On Tue, Oct 30, 2018 at 9:52 AM, Andrew Meyer via Unbound-users <unbound-users at nlnetlabs.nl> wrote:

I have recently setup unbound on CentOS 7 (latest) running version 1.6.6.  So far unbound has been chugging away for about a month.  In my configuration I have an on premise server configured with lots of internal forwarded domains going to Amazon Route53.   As of yesterday unbound started to flip/flop resolution from the internal/private zones to the external zones.  I'm not sure why.  I have turned up the logging verbosity to see if there was an apparent issue.  I though at one point we hit a wall with number of packets per request.  My colleague and I thought we hit a resource records maximum limit.   We have opened a ticket with Amazon to get more information on their side.  
In my config file:num-threads: 4 so-rcvbuf: 4mso-sndbuf: 4mcache-max-negative-ttl: 10do-ip4: yesdo-ip6: yesdo-udp: yesdo-tcp: yes

Everything in my zones config file is a forward-zone and not a stub-zone, not sure if that matters.
Any help is greatly appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181030/3d0decde/attachment.htm>

More information about the Unbound-users mailing list