Unbound stop root server lookup

Guevara, Daniel Daniel_Guevara at intuit.com
Sat Sep 7 00:33:47 UTC 2019

Thanks for the tip regarding unbound-control. I assume the initial start still has to be via the systemctl script. I Bring up this point since for the teams I support they need DNS to be available much quicker during bootstrap. I will dig deeper into this as well. Thanks again.

From: Freya Kalin <tri-mate at yandex.com>
Date: Friday, September 6, 2019 at 6:09 AM
To: "Guevara, Daniel" <Daniel_Guevara at intuit.com>
Cc: "unbound-users at nlnetlabs.nl" <unbound-users at nlnetlabs.nl>
Subject: Re: Unbound stop root server lookup

This email is from an external sender.

Yes, it is truly annoying to operate unbound in a non-Internet or firewall-restricted environment.

Every start/restart takes ~2 minutes on my CentOS box. Even though I provide the root-hints to unbound as a file, it still wants to contact the root nameservers during startup.

I've found better results with unbound-control reload. It does something similar to restart or kill -9 + start, I am not aware of the exact difference tho.
It reloads unbound in a few seconds even in a restricted environment.

Additionally, nowhere in the documentation does it say what I need to do when I update the root.hints file, reload or restart ?

05.09.2019, 23:58, "Joe Abley via Unbound-users" <unbound-users at nlnetlabs.nl>:

Hi Daniel,

 On Sep 5, 2019, at 16:23, Guevara, Daniel via Unbound-users <unbound-users at nlnetlabs.nl<mailto:unbound-users at nlnetlabs.nl>> wrote:

 Rather than putting rules for all 26 root servers (both udp and tcp on port 53), it was easier for me to test by allowing all outbound ( on port 53.

A minor correction; 13 root servers but 26 root server addresses (each
currently has one IPv4 and one IPv6 address).

Note also that the root servers are not the only things you need to be
able to reach if you want your nameserver to operate with full
recursive lookups and you want to be able to resolve things outside
the root, arpa and root-servers.net zones.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190907/e4005f02/attachment.htm>

More information about the Unbound-users mailing list