Maintained by: NLnet Labs

[Unbound-users] forward-zone bug (out of query targets -- returning SERVFAIL)

W.C.A. Wijngaards
Tue Nov 25 19:56:10 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Aaron,

Aaron Hopkins wrote:
> Turning a 2 minute outage into a 17 minute outage by default is awful
> behavior.  Dmitriy is being hit particularly hard here because he's only
> talking to one forwarder, but I assume this will happen just as easily with
> the root, .com, etc if my internet connectivity goes down for 2 minutes but
> my users are still actively trying to get somewhere new.
> 
> Blacklisting a subset of nameservers for a zone for a while is sane, as
> long
> as you have someone left to talk to.  But as soon as all possible IPs to
> send a query to are marked unresponsive, you can't just decide to not do
> any
> lookups for the zone for an extended period.  Is it unreasonable to ask for
> either a much shorter blacklist TTL in the all-IPs-unavailable case or
> do to
> some form of low-volume probing (e.g. allow one query through per
> minute, as
> a test)?

That sounds reasonable, I'll see what I can do.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkksSkoACgkQkDLqNwOhpPjwRACfVvr9XLMRCVWeSBSqJpeDhoPj
6XkAoKWk2X8rIr72cqAtrB+46jJI0DRQ
=Nt2X
-----END PGP SIGNATURE-----