unbound resolving different address intermittenly

Andrew Meyer andrewm659 at yahoo.com
Wed Oct 31 16:17:31 UTC 2018

Yes it did. 

    On Wednesday, October 31, 2018 10:57 AM, Gavin McCullagh <gmccullagh at gmail.com> wrote:

Can you clarify a little more please?  In the packet capture, did unbound receive public answers incorrectly from the upstream resolver or did unbound make a recursive query?  
Just trying to be 100% sure where the problem is.

On Wed, Oct 31, 2018, 7:43 AM Andrew Meyer via Unbound-users <unbound-users at nlnetlabs.nl wrote:

I don't have forward-first enabled on any of the forwarded domains.  We have done a tcpdump and unbound is reaching the forwarded DNS server each time but its not getting the correct information when establishing the web connection. 

    On Wednesday, October 31, 2018 9:29 AM, Ralph Dolmans via Unbound-users <unbound-users at nlnetlabs.nl> wrote:

 Hi Andrew,

Not sure I understand your question/problem. Is Unbound sometimes
skipping the forwarder and resolving as if there is no forwarder
configured? Do you have forward-first enabled? In that case Unbound will
ignore the configured forwarder when they become unreachable. Maybe that

-- Ralph

On 30-10-18 14:52, Andrew Meyer via Unbound-users wrote:
> I have recently setup unbound on CentOS 7 (latest) running version
> 1.6.6.  So far unbound has been chugging away for about a month.  In my
> configuration I have an on premise server configured with lots of
> internal forwarded domains going to Amazon Route53.   As of yesterday
> unbound started to flip/flop resolution from the internal/private zones
> to the external zones.  I'm not sure why.  I have turned up the logging
> verbosity to see if there was an apparent issue.  I though at one point
> we hit a wall with number of packets per request.  My colleague and I
> thought we hit a resource records maximum limit.   We have opened a
> ticket with Amazon to get more information on their side.  
> In my config file:
> num-threads: 4 
> so-rcvbuf: 4m
> so-sndbuf: 4m
> cache-max-negative-ttl: 10
> do-ip4: yes
> do-ip6: yes
> do-udp: yes
> do-tcp: yes
> Everything in my zones config file is a forward-zone and not a
> stub-zone, not sure if that matters.
> Any help is greatly appreciated.
> Regards,
> Andrew


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181031/eca64b2e/attachment.htm>

More information about the Unbound-users mailing list