Maintained by: NLnet Labs

[Unbound-users] Problem with query

Robert Fleischman
Thu Sep 15 20:21:17 CEST 2011


Using unbound 1.4.12,

dig -t ns dir.slb.com.

It does not return, it returns instantly against bind.  :-|

A few things:

1. That name has a lot of NS answers (7000+ byte reply) according to
ns3.slb.com.   It appears to return a truncated answer and then forces
clients (and probably unbound) to retry using TCP.

2. unbound doesn't return.   The query runs for hours/days/forever,
inside unbound.  It doesn't time-out!    Digging into
env->mesh->all.root and seen 100's of answers, and yet no response.
Is it waiting for a COMPLETE answer?  Even though it has a huge answer
already?

3. dig to Google (8.8.8.8) goes to tcp and doesn't return an answer either!

4. When this happens, num_addr_replies gets incremented and seems to
never go down!  As more stuff comes in for that (or children), the
value of num_addr_replies grows.  We know that this value growing
infinitely is bad as there is a 16x limit in the code (against
max_reply_states) before incoming queries get dropped.

5. This looks like it has been a problem in the past:

http://www.unbound.net/pipermail/unbound-users/2010-September/001369.html

Any advice on direction here.  Happy to help.

-Rob