Maintained by: NLnet Labs

[Unbound-users] Unbound stops answering after ADSL-line bounce

lst_hoe02 at kwsoft.de
Fri Jan 27 11:39:57 CET 2012


Zitat von Paul Taylor <PaulTaylor at winn-dixie.com>:

> Since most people using Unbound are probably using it for the DNSSEC
> capability, perhaps my configuration has to do with the issue I'm having
> recovering?  In my environment, Unbound isn't configured to go direct,
> but rather forward to various DNS servers.  I have about 10-12 domains
> (mostly CDNs) that I'm forwarding to my ISP's DNS servers so I get DNS
> replies directing me to close servers.  Theoretically, this should help
> me have a better experience with Netflix at home.  After the forwarder
> definitions for all the CDNs, I have a forwarder defined for "." to send
> everything else to OpenDNS.  This is to help keep my family from getting
> to websites I don't want little eyes to run across.
>
> Is it possible that with this type of config that it might cause Unbound
> to recover differently?

This reminds me of the issues we have when using Unbound with DNSSEC  
validation *and* using a forwarder. For some time it was Unbound using  
Bind 9.7.4 as parent but it also happend with a second Unbound  
instance as parent that Unbound stop resolving any names, because of  
some obscure validation failure. We have "solved" the problem by  
setting the internal Unbound to not validate and let the forwarder do  
the DNSSEC work.

Regards

Andreas