understanding outbound-msg-retry feature

George Thessalonikefs george at nlnetlabs.nl
Tue Jun 21 08:13:08 UTC 2022 

Hi Ashok,

What you expect to happen (only 5 queries) is actually happening if in 
the forwarding address you put a pure resolver that will give back a 
single answer to your queries. You can easily test with any validating 
public resolver and query for bogus.nlnetlabs.nl for example.
If you list more addresses, then it's going to be 5 queries for each 
address.
At least this is what I also observe here.

By using named in the forward-addr and probably having resolver and 
nameserver capabilities configured, more packets may be generated 
between Unbound and named depending on the answers. You can check the 
queries sent and received with verbosity 4.

Best regards,
-- George


On 16/06/2022 19:38, ashok athukuri via Unbound-users wrote:
> Hello All,
> 
> I am exploring the outbound-msg-retry feature, here are my setup details:
> 
> *Machine#1*: running unbound application and used as client machine used 
> for dig queries
> *Machine#2*: where named running and are having records. kept as 
> *forward-addr: 10.0.0.240 *in conf
> 
> Here is my *unbound.conf:*
>          # The number of retries when a non-positive response is received.
> *outbound-msg-retry: 5*
> *forward-zone:*
>          name: "."
> *forward-addr: 10.0.0.240*
> #       forward-addr: 192.0.2.73 at 5355  # forward to port 5355.
> #       forward-first: no
> #       forward-tcp-upstream: no
> #       forward-tls-upstream: no
> #       forward-no-cache: no
> # forward-zone:
> #       name: "example.org <http://example.org>"
> #       forward-host: fwd.example.com <http://fwd.example.com>
> 
> *here is how I tested:*
> on machine#1 ran command *#*dig @127.0.0.1 <http://127.0.0.1> 
> mx.dnstest.com <http://mx.dnstest.com> MX
> My expectation is I should see 5 outgoing queries from Machine#1 to 
> Machine#2 as Machine#2 send Serve fail as a response
> 
> *Test Result*:
> I see more than 5 outgoing msgs/queries (I see 9 msgs/queries) on Machine#1
> This behavior I am not able to understand with definition. I expect only 
> 5 msgs to Machine#2
> 
> outbound-msg-retry:  /<number>/
>              The number of retries Unbound will do in case of  a  non  positive
>              response is received. If a forward nameserver is used, this is the
>              number of retries per forward nameserver in case of throwaway  re-
>              sponse.
> 
> 
> Thanks,
> Ashok
>

More information about the Unbound-users mailing list