[nsd-users] What is the selection order of forward-first NSs? sequential? random? IPv6 before/after IPv4?
George Thessalonikefs
george at nlnetlabs.nl
Fri Jun 11 20:46:40 UTC 2021
Hi,
On 10/06/2021 14:00, PGNet Dev via Unbound-users wrote:
> On 6/9/21 10:50 AM, George Thessalonikefs via nsd-users wrote:
>> I think you posted on the wrong mailing list :)
>
> oops! yep.
>
>> I'll reply here and include unbound-users also.
>> If you want to reply further please drop nsd-users and let us continue
>> the discussion only on the unbound-users mailing list as to not
>> generate noise here.
>
> thx.
>
>> On 07/06/2021 21:31, PGNet Dev via nsd-users wrote:
>>> On my server, I config
>>> what's the order policy for those forward-addr's?
>>>
>>> Is the forward-addr used randomly, or sequentially, selected from
>>> that list?
>> Randomly between the fastest servers (in the <400ms band). Unbound
>> will keep probing the other servers to keep updated metrics for them
>> in case they become fast enough (<400ms). You can read more about it
>> at https://www.nlnetlabs.nl/documentation/unbound/info-timeout/.
>>
>>>
>>> Is there any unbound preference for IPv4 vs IPv6 forward-addrs?
>> There are the 'prefer-ip4:' and 'prefer-ip6:' options if you want to
>> do that.
>
> in the case of
>
> do-ip4: yes
> do-ip6: yes
> prefer-ip4: no
> prefer-ip6: yes
>
> iiuc, then, it's strictly a preference, and _will_ fallback to the ip4
> if ip6 'pref' fails ?
Yes.
>
> Reading for 'prefer-ip4',
>
> " Useful if the IPv6 netblock the server has, the entire /64 of that is
> not owned by one operator and the reputation of the netblock /64 is an
> issue, using IPv4 then uses the IPv4 filters that the upstream servers
> have."
>
> tbh I've no sense for the magnitude of that issue.
>
> I'd guess it's a non-zero-sized problem. But generally _worth_ setting
> a preference?
Only if you need to i.e., you know that one of the two address family is
preferable in your network.
Another case would be that your outgoing IPv6 interface has a
considerable network segment and by preferring IPv6 you use all those
addresses to send out queries which results in more randomized queries
for UDP communication. You can check the man page for
'outgoing-interface:' for more information.
>
> Are the settings' defaults (prefer-ipX = no) chosen as typically
> *recommended* -- vs simplest config -- values?
They are chosen as to not have any preference by default.
Best regards,
-- George
More information about the Unbound-users
mailing list