unbound resolving different address intermittenly

Gavin McCullagh gmccullagh at gmail.com
Wed Oct 31 15:57:18 UTC 2018 

Hi,

Can you clarify a little more please?  In the packet capture, did unbound
receive public answers incorrectly from the upstream resolver or did
unbound make a recursive query?

Just trying to be 100% sure where the problem is.

Gavin


On Wed, Oct 31, 2018, 7:43 AM Andrew Meyer via Unbound-users <
unbound-users at nlnetlabs.nl wrote:

> I don't have forward-first enabled on any of the forwarded domains.  We
> have done a tcpdump and unbound is reaching the forwarded DNS server each
> time but its not getting the correct information when establishing the web
> connection.
>
>
> On Wednesday, October 31, 2018 9:29 AM, Ralph Dolmans via Unbound-users <
> unbound-users at nlnetlabs.nl> wrote:
>
>
> Hi Andrew,
>
> Not sure I understand your question/problem. Is Unbound sometimes
> skipping the forwarder and resolving as if there is no forwarder
> configured? Do you have forward-first enabled? In that case Unbound will
> ignore the configured forwarder when they become unreachable. Maybe that
> happened?
>
> -- Ralph
>
> On 30-10-18 14:52, Andrew Meyer via Unbound-users wrote:
> > I have recently setup unbound on CentOS 7 (latest) running version
> > 1.6.6.  So far unbound has been chugging away for about a month.  In my
> > configuration I have an on premise server configured with lots of
> > internal forwarded domains going to Amazon Route53.   As of yesterday
> > unbound started to flip/flop resolution from the internal/private zones
> > to the external zones.  I'm not sure why.  I have turned up the logging
> > verbosity to see if there was an apparent issue.  I though at one point
> > we hit a wall with number of packets per request.  My colleague and I
> > thought we hit a resource records maximum limit.   We have opened a
> > ticket with Amazon to get more information on their side.
> >
> > In my config file:
> > num-threads: 4
> > so-rcvbuf: 4m
> > so-sndbuf: 4m
> > cache-max-negative-ttl: 10
> > do-ip4: yes
> > do-ip6: yes
> > do-udp: yes
> > do-tcp: yes
> >
> >
> > Everything in my zones config file is a forward-zone and not a
> > stub-zone, not sure if that matters.
> >
> > Any help is greatly appreciated.
> >
> > Regards,
> > Andrew
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181031/46d869eb/attachment.htm>

More information about the Unbound-users mailing list