Re: RFC 8767 recheck timer

Andreas Schwarz andreas at
Tue Jul 21 16:49:41 UTC 2020

Hi George,

thank you for your quick reply. Could you please elaborate on these failure recheck measures in unbound?

I dug a bit through the unbound code, the iterator specifically, but my C is not as good as to pretend that I understood very much.

I played a bit around with a zone of mine, added it to the authoritative servers, removed it and observed unbound's behavior. I could not see anything, that would indicate failure recheck measures (at least not for REFUSED codes) in a way that I would interpret the RFC.

The amount of requests I performed against unbound was pretty much identical to the amount of outgoing requests (times 6 for 3 authoritative Servers with both, IPv4 and IPv6).

>From the description in the RFC I would have expected unbound to stop querying the authoritative servers for some time and only serve the stale data. At least with serve-expired-client-timeout set to 0. With a non-zero value for this option, the behavior to always query totally makes sense.

Thank you in advance.

On Tuesday, July 21, 2020 14:56 CEST, George Thessalonikefs via Unbound-users <unbound-users at> wrote: 
> Hi Andreas,
> This timer is not specifically created for the serve-stale functionality
> because as is mentioned in the following paragraph of the RFC:
> > Most recursive resolvers already have the query resolution timer and,
> > effectively, some kind of failure recheck timer.
> This is also true in unbound, where failure recheck measures were
> already in place, though not configurable (at least in the sense of a
> timer).
> Best regards,
> -- George
> On 21/07/2020 14:30, Andreas Schwarz via Unbound-users wrote:
> > Hi,
> > 
> > I am currently testing the RFC 8767 related options in unbound to serve stale records.
> > 
> > RFC 8767 mentions in section 5
> > 
> >  >  *  A failure recheck timer, which limits the frequency at which a
> >  >    failed lookup will be attempted again.
> > 
> > I could not find any option related to this functionality in the unbound manual. All the other portions of the RFC seem to be covered, but not this one. Did I miss something or is this not implemented?
> > 
> > Cheers
> > Andreas
> >

More information about the Unbound-users mailing list