Maintained by: NLnet Labs

[Unbound-users] Unbound stops answering after ADSL-line bounce

Paul Taylor
Mon Jan 23 19:40:18 CET 2012


Wouter,
 
                Hi - I'm the DAP user that JP mentioned.   
 
As a side note, I'm extremely impressed with the performance of Unbound.
We are looking at using Unbound at my job and have been doing a bit of
testing.  Using ResPerf to stress test with a cleared cache resulted in
a peak of about 23,500 queries per second with Unbound doing DNSSEC.
This was on a Dell 2850 server with two dual core Xeon's running at 2.8
Ghz under Ubuntu 12.04 alpha.  We also tested Unbound with DNSSEC
disabled and got over 35,000 queries per second.  A 3rd party Windows
DNS server (not performing DNSSEC validation) peaked at around 1250
queries per second under Windows 2003 on similar hardware.  
 
                Back to my home issue, though.  The first time I
experienced this issue, my internet connection had gone down for about
an hour around 2 AM.  It was about 7AM before I noticed the problem
(sleep has to happen sometime).  I restarting Unbound, and it recovered.

 
The 2nd time this happened, I had about 3 bounces in about 10 minutes
during the afternoon.  I believe each bounce took a minute or so to
recover  I was at work at the time and my wife and kids couldn't get
anywhere on the Internet.  I got home a few hours later and DNS
resolution was not working until I restarted Unbound.
 
So, in these two cases I've had outages of various lengths, but hours
have passed without DNS resolution working.  
 
Since most people using Unbound are probably using it for the DNSSEC
capability, perhaps my configuration has to do with the issue I'm having
recovering?  In my environment, Unbound isn't configured to go direct,
but rather forward to various DNS servers.  I have about 10-12 domains
(mostly CDNs) that I'm forwarding to my ISP's DNS servers so I get DNS
replies directing me to close servers.  Theoretically, this should help
me have a better experience with Netflix at home.  After the forwarder
definitions for all the CDNs, I have a forwarder defined for "." to send
everything else to OpenDNS.  This is to help keep my family from getting
to websites I don't want little eyes to run across.
 
Is it possible that with this type of config that it might cause Unbound
to recover differently?  
 
Thanks,
Paul
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20120123/423365d4/attachment-0001.html>