Maintained by: NLnet Labs

[Unbound-users] Unbound periodically stops responding

Bry8 Star
Thu Aug 30 05:08:28 CEST 2012


I'm using 'Unbound' v1.4.18 on Windows XP SP3 4GB RAM 32bit Dual Core
AMD CPU. Unbound is configured with "validator iterator" mode.
"target-fetch-policy" is currently "2 1 0 0 0 0". DLV option is enabled.
It stops responding periodically in my side as well :-(
I installed windows process monitoring tools like, Process Hacker,
Process Explorer, etc and also have firewall able to show, warn, block
any active network connections. Nothing is blocked for unbound in
firewall, only set to show messages/info on what unbound is doing.
Firewall is also set to show message/info what app is trying to
communicate (send DNS query) with local resolver (the unbound).
When user like me tries to do a ping or do a nslookup or do a DiG on an
internet host, or when a web-browser or any other internet service
client app tries to send DNS query via unbound (working on 127.0.0.1 udp
port 53), then at first attempt, unbound internally does its query very
slowly (or sometime does not work), then query sender app shows server
could not be reached or servfail, etc error/result. 'Unbound' starts to
use around 98% or more cpu resources at that point. So other apps, mouse
becomes non or less responsive. After about 1 min or 2 mins, cpu usage
goes down to normal level. And then, if 2nd attempt is done on the same
internet site or host, then 'unbound' usually sends the answer back very
quickly and can reach sites.
If a different fetch policy is used then how will it affect? We need a
better fetch policy. Even when i specified it to use 1 Thread, it
sometime uses even 3 or 4 threads. If "iterator validator" is used, then
will it work better ? then what fetch policy will be better ?
-- Bry8Star.



On 8/29/2012 5:40 PM, Will Roberts wrote:
> On 04/06/2011 02:06 AM, W.C.A. Wijngaards wrote:
>> Well it should respond to the unbound-control utility.  If it does not
>> this means it is somehow no longer processing the main loop, or that
>> network traffic does not reach it.
> 
> To add some resolution to this issue, this is clearly not unbound's
> fault. When this situation is triggered I cannot locally ping any of the
> IPv4 addresses on the machine, so clearly the communication to unbound
> as a DNS lookup or via unbound-control are going to fail. I'm at a loss
> as to explain why this happens :)
> 
> Regards,
> --Will
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users