Maintained by: NLnet Labs

[Unbound-users] Unbound stops answering after ADSL-line bounce

Paul Taylor
Fri Feb 10 16:50:27 CET 2012


Thank you - I'll file these commands away for future reference.  

Previously, I tried recreating the problem a few times, but after
waiting 15 minutes (per your previous advice) after the WAN recovery,
DNS has worked.  I've not tried leaving my internet connection down for
much more than about 10 minutes, though.  

-----Original Message-----
From: W.C.A. Wijngaards [mailto:wouter at nlnetlabs.nl] 
Sent: Friday, February 10, 2012 9:34 AM
To: Paul Taylor
Cc: unbound-users at unbound.net
Subject: Re: [Unbound-users] Unbound stops answering after ADSL-line
bounce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 02/10/2012 02:28 PM, Paul Taylor wrote:
> On the original topic of this thread, I have another incident to
report.
> After experiencing some strangeness with my NAS (where unbound was
> running previously), I moved Unbound to an installation of pfSense
> running on an old net4801.  I believe pfSense is still on version
1.4.14
> of Unbound.  I configured it pretty much identically to my NAS
> installation of Unbound.  By that, I mean that I have numerous
> forwarders added for various CDNs, with a "." forwarder pointing to
> OpenDNS.  DNSSEC validation is disabled.  About two weeks had passed
> with no further problems, until this morning. 
> 
> Just before I was about to leave home for work (just after 7 AM), my
> daughter told me that the internet was down.  I checked my router and
> saw that the internet connection went down last night for a little
over
> an hour..  It recovered about 3:15 AM.  So, it had been up and
> operational for almost 4 hours by the time I started looking at the
> issue.  A quick nslookup showed SERVFAIL replies.  Since I had to
leave
> for work, I didn't have time to do much in the way of troubleshooting.
> I recycled the service via pfSense's Services page (I think it just
> kills and restarts the service), and DNS was resolving properly again.

It should not be down for that long; 15 minutes really.

> Unfortunately, since it's on an embedded box, I didn't have logging
> enabled, and I don't know what commands, if any, I could run that let
> you see the "state" Unbound is stuck in when this happens.  

unbound-control verbosity 4  ; then nslookup and capture the logs (which
are then plentiful).

unbound-control dump_infra   > tofile.txt
that shows the state of the infrastructure cache.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPNSrdAAoJEJ9vHC1+BF+NG60P/jbXRoJasVwLkFrLJ5exvRji
TwAWZOm09AeuGHf2puMOmCaBbngoCs2J1ijLj9t312QjF7Qu3vYfDuTbUJ39yMrc
f4z8ZFLEXQ3EVH347d7wxnKwvuH1wrl0J313A04jyMP+VWj2WXFk25un6PbY2xKJ
bEiSWRlkUh4GvuNxHtp7tDUOMpZlXwgT+F8YUGqlXUgyCEF1l7zU4qzz0G2H6IBP
sy9Nt980u36wM7naAV/JScgCZ8S+Sqrf0yUpINbA2x2V1pXCxy132WSttfxD61as
r0Y+Rj/1Gph29X91QJZXmBB29+60BC1+hg5gvBrrHqGRRBSI5+EFVUtIEyI8bhCe
ogMZbjGHW9SOAbAdGzp/p9kUihgEDqQP1lJ6a3j1XhijOTMXlaqkG+1IRjXoh7uM
SlRpVWqlnTwecnqSyYAmNE8d4lsLF24OGeIQkkeEBWkopyPLvUnjKCkhl+xnbpxS
OQZ8XaAbHLYovFqNxMbxsuBwTubSg/lVoADZ+0UEC4oTyfWuIenWEsDqWD5kPMtK
oEJ5icfRd2Gqwv0JA5Kn1iB14+ZUygnyKcglxIu8ug+sy2kWH3FlfIbeg+KubSjY
UIlUroGUOwDAWT0vaoL3ohvBhgzgDpbG6qiQvyURGIYe+uiJy4TzxPlrUJ6EQopb
HR7IOik9DFrSK3PNYLo2
=rwsX
-----END PGP SIGNATURE-----